Prevent pricey Wi-Fi security errors

Prevent pricey Wi-Fi security errors

An innocent-looking cafe may harbor a nest of fraudsters, identity thieves and other miscreants, security experts warn.

Although companies may think they have taken all the right steps to secure their networks, they could still be vulnerable if their employees access wireless hotspots, such as those at a local cafe.

In a report issued by security vendor Fortinet Inc., Richard Hanke, U.S.-based vice president of product management, says most mobile users do not realize that once connected to a wireless hotspot, they become a member of a connected community of users - most or all of whom are strangers.

And he warns this poses significant security risks as there is often little or no control of what can pass from user to user via a wireless access point, and that can have disastrous consequences.

"A hapless, latté-sipping web surfer can easily become infected with a virus or worm that has been picked up by a neighboring user," writes Hanke.

But he says the real damage occurs when the newly infected user returns to work and connects to the organization's wireless access point.

A worm picked up during the coffee break can then race unhindered into corporate networks and could cause significant damage.

"That innocent cup of coffee just cost your company thousands of dollars and sent you scrambling to clean the network," states Hanke.

Local security guru Tony Krzyzewski, managing director of Kaon Technologies, says the risks posed by wireless cafes are no different to those faced with any other method of connecting to the internet.

Although the risks can be reduced by basic security precautions, Krzyzewski warns that portable computers are one of the most common carriers of threats into corporate networks.

"Which is why it is absolutely essential to have a personal firewall, spyware control and antivirus up to date on portable computers," he says.

But John King, managing director of Auckland security specialist Expert Solution Providers (ESP), says wireless networks are dangerous because they are a shared medium.

"If users are not sitting in their own WLAN [wireless local area network] or using encryption to talk from the client to the access point, then all the traffic is visible to all the users," he says.

"You would need nothing more complicated than a copy of a serial freely available on the internet to capture packets."

Meanwhile, Hanke warns once a user is authenticated and connects to a wireless access point, the wireless channel - even if encrypted - can easily deliver content threats into the wired network, from inside the organization's typical perimeter defenses such as a firewall.

King says many wireless hotspots are not based on a meshed network where the user is dropped in a WLAN with a sign-on and an encrypted link.

"A lot of wireless networks are easy to set up. The problem is control of access points. Most internet cafes spend $149 on an access point, which gives you nothing in terms of security," he says.

By using tools freely available on the internet, King says, hackers could access a wireless network's SSID (service set identifier) - which uniquely names that network - in 45 seconds, and bypass filters on access points in five minutes.

This leaves users open to virus or worm infections and denial-of-service attacks, while sensitive data can be intercepted.

"A personal firewall will prevent other people from getting to you on that wireless network, but it won't prevent your traffic being grabbed," he says.

Krzyzewski says that although organizations know of these dangers, there is still some room for improvement in how they protect themselves.

"The majority of organizations are aware of these risks - how they actually control them varies dramatically," he says.

"We always recommend you put adequate protection on the remote machine and if those machines are connecting to the corporate network you put adequate defense and authentication methods in place to protect the connection back into the organization."

Krzyzewski and King agree with Hanke that multiple layers of security - residing at the network gateway, on internal servers and on individual clients or endpoints - are required to offer complete protection, while education is the first step in establishing all those barriers of security.

Follow Us

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Brand Post

What to expect from your IT Distributor

Whether you’re just starting out or you’ve been around since before the dot com rollercoaster, choosing the right distribution partner can be a pivotal factor in your success. This definitive guide outlines the traits that every IT partner needs to look for in their IT Distributor.



Meet the Reseller News 30 Under 30 Tech Awards 2020 winners

Meet the Reseller News 30 Under 30 Tech Awards 2020 winners

This year’s Reseller News 30 Under 30 Tech Awards were held as an integral part of the first entirely virtual Emerging Leaders​ forum, an annual event dedicated to identifying, educating and showcasing the New Zealand technology market’s rising stars. The 30 Under 30 Tech Awards 2020 recognised the outstanding achievements and business excellence of 30 talented individuals​, across both young leaders and those just starting out. In this slideshow, Reseller News honours this year's winners and captures their thoughts about how their ideas of leadership have changed over time.​

Meet the Reseller News 30 Under 30 Tech Awards 2020 winners
Reseller News Exchange Auckland: Beyond the myths — how partners can master cloud security

Reseller News Exchange Auckland: Beyond the myths — how partners can master cloud security

This exclusive Reseller News Exchange event in Auckland explored the challenges facing the partner community on the cloud security frontier, as well as market trends, customer priorities and how the channel can capitalise on the opportunities available. In association with Arrow, Bitdefender, Exclusive Networks, Fortinet and Palo Alto Networks. Photos by Gino Demeer.

Reseller News Exchange Auckland: Beyond the myths — how partners can master cloud security
Reseller News welcomes industry figures at 2020 Hall of Fame lunch

Reseller News welcomes industry figures at 2020 Hall of Fame lunch

Reseller News welcomed 2019 inductees - Leanne Buer, Ross Jenkins and Terry Dunn - to the fourth running of the Reseller News Hall of Fame lunch, held at the French Cafe in Auckland. The inductees discussed the changing face of the IT channel ecosystem in New Zealand and what it means to be a Reseller News Hall of Fame inductee. Photos by Gino Demeer.

Reseller News welcomes industry figures at 2020 Hall of Fame lunch
Show Comments