WiFi Security

WiFi, wireless networking, has changed how people can now connect to the internet. Coffee shops, hotels, airports, and even entire cities, are quickly becoming WiFi enabled. With the growing popularity as well as availability of WiFi-enabled public Hotspots people are using their laptops to check their email, online account statements, and more. WiFi is popular because of its' inherent convenience, but not only has it made it more convenient for people to check their emails it has also made it easier for hackers and other malicious users to steal people's private information such as, credit card numbers, bank account numbers, personal emails and more [1]. This brings about the issue of WiFi Security.

WiFi Security is critical to protecting people's privacy, the main methods of security include, Wired Equivalency Privacy (WEP), WiFi Protected Access (WPA), and Media Access Control (MAC). However, even with these security measures hackers may still be able to see sensitive data.


Contents
  1. What is WiFi?
  2. WiFi Brand
  3. Security Issues
  4. Security Countermeasures
  5. References
  6. See also
  7. External links

What is WiFi?

WiFi (or Wi-Fi) stands for wireless fidelity and is a term used to describe wireless local area networks (WLAN) technology [3]. WiFi adheres to the IEEE 802.11 standard (Institute of Electrical and Electronics Engineers) [2]. With WiFi-enabled devices (such as a laptop) one can connect to wireless router much as they would a regular router and gain access to the Internet but without having to connect a physical wire to the laptop (i.e. - Ethernet cable). Instead of using wires to transmit data WiFi-enabled devices send radio waves like a cell phone to communicate with one another [1]. As WiFi technology is continually improved the range of wireless communication has extended from about 90 meters (300 feet) to 180 meters (600 feet) and it is still being improved [2].

WiFi has become so popular that it is not only used from within local coffee shops, hotels, or airports, but entire cities (such as San Francisco, Portland, and Philadelphia [2]) are becoming WiFi-enabled, thereby allowing virtually anyone within the city limits to gain wireless access.

The IEEE 802.11 networking standards are currently comprised of;

  • 802.11b: the first version to be released that transmits in the 2.4 GHz frequency, handling up to 11 Mbps.
  • 802.11g: transmits at 2.4 GHz, handling up to 54 Mbps.
  • 802.11a: transmits at 5.0 GHz, handling up to 54 Mbps.

    More standards are currently being developed as the technology for wireless communication advances. Such an example is 802.11n which is not yet released but is anticipated to be faster than 802.11g [ 1].


    WiFi Brand


    WiFi, as a trademark is owned by a trade group called WiFi Alliance, an organization that now ensures WiFi equipment complies with the IEEE 802.11x standards. The wireless technology was branded under the name of WiFi in 1999 by the Wireless Ethernet Compatibility Alliance (WECA) formed by the pioneering companies; 3Com, Cisco, Intersil, Agere, Nokia and Symbol Technologies. The WECA was later renamed in 2003 as the WiFi Alliance [3].


    WiFi logo

    Security Issues

    Due to WiFi's growing popularity and availability hackers have turned their attention to invading unsuspecting users and their laptops, stealing private information such as emails, login information for unsecured sites (non-SSL), and even what websites they are viewing. Furthermore, via wireless connections hackers can actually hi-jack someone else's Internet connection to send or recieve illegal information [4].

    A technique known as Wi-Fi eavesdropping can be used by malicious users to see what packets are being transmitted through the network. Packets that may contain the content of an email just sent, or even the login name and password for the email server. All this information can be extracted by any hacker within proximity of the user's wireless network that is sniffing for transmitted packets [4].

    Hackers have even been know to create lookalike networks which are networks with Service Set Identifiers (SSIDs) that resemble typical hotpots (such as "linksys", "dlink", "tmobile", etc). Unsuspecting users log on to these networks assuming that they are the public hotspots or their own network and although they have an Internet connection the hackers behind the scenes are recording all of their private information [5, 6].



    Security Countermeasures


    Currently the main methods to secure a private wireless network are;

  • Wired Equivalency Privacy (WEP): encryption scheme that can use 64-bit or 128-bit, all network users must supply a numerical password to gain access [1].

  • WiFi Protected Access (WPA): more robust than WEP and is currently part of the 802.11i security protocol. WPA is another encryption method and like WEP requires all users to supply a password [1].

  • Media Access Control (MAC): unlike the previous two, this method only allows computers with a physical address that is on the approved list to connect to the network. No password is required as each computer has its' own unique physical address [1].

    Security countermeasures for public wireless networks are;

  • Using a Virtual Private Network (VPN) Connection [4].

  • Not sending any private information on non-SSL (Secure Sockets Layer) websites [4].

  • Disabling all file sharing settings [4].

  • Using a personal firewall [4].


    References

    1. Brain, Marshall and Wilson, Tracy. "How WiFi Works." Howstuffworks.com. Last accessed March 30, 2007 from < http://www.howstuffworks.com/wireless-network.htm>
    2. Anissimov, Michael. "What is WiFi?" wiseGeek.com. Last accessed March 30, 2007 from < http://www.wisegeek.com/what-is-wifi.htm>
    3. "Wi-Fi" Wikipedia. Last accessed March 30, 2007 from < http://en.wikipedia.org/wiki/Wifi >
    4. Geier, Eric. "Wi-Fi Security Issues Up Close" Wi-Fi Planet. Last accessed March 30, 2007 from <http://www.wi-fiplanet.com/tutorials/article.php/3605601>
    5. Abdollah, Tami. "Ensnared on the wireless Web." latimes.com. Last accessed March 30, 2007 from <http://www.latimes.com/news/local/la-me-wifihack16mar16,0,4434812,full.story?coll=la-home-headlines
    6. Null, Christopher. "Beware the 'Evil Twin' Wi-Fi Hotspot." tech.yahoo.com. Last accessed March 30, 2007 from <http://tech.yahoo.com/blogs/null/23163/beware-the-evil-twin-wi-fi-hotspot

    See also

    1. Wireless Router
    2. Virtual Private Networks
    3. Wardriving

    External links

    Written by David Hwang. Last revision on April 05, 2007.