Wireless Security for Firms – Are “Sniffing” Gadgets Worth What They Uncover?

An article in “Technically Speaking” a few years back really hit home for law firm administrators concerned with ethics in the wonderful (but sometimes wacky) world of wireless communications.  Although internet communications have opened up new, valuable networking options, they have raised concerns regarding the openness of the medium.  The article in TS mentions various means of ensuring your data is safe, including encryption.  But there’s always the possibility you might just want to opt out. “For those truly [concerned] about internet security,” reads the piece, “just don’t install a Wi-Fi network.”  

The Association of Legal Administrators acknowledges that Wireless is our friend.  It channels information through to  “clients, other attorneys, staff and friends.” However, it goes on to caution that: “With this…comes inadvertent risks, including significant breaches of confidentiality, lost e-mail devices, unethical network advertising, social networking, and more.”  

The ALA, which is offering a class on this very topic, mentions, among possible ways in which the issue might be addressed, an examination of firewalls, virus protection, metadata scrubbers and possible limits on Reply All and AutoComplete functions.    

The “Technically Speaking” platform raised important concerns about those “sniffing” gadgets which one sees advertised on the Web.  These promise, as does NetStumbler, for instance, to “detect Wireless Local Area Networks (WLAN).”  This product’s site specifies that it will zero in on locations in your region with poor coverage; detect other networks which may be interfering…; and detect unauthorized rogue access points in your workplace.” 

(It can also be used “recreationally” for “War Driving”. See below.) 

However, according to the very comprehensive article on TS, “[b]esides compromising your data, these tools can be used to see how secure your wireless network really is.”  (Emphasis added.)  

 

The authors–owners of a computer forensics and legal tech firm– described “War Driving”, whereby one drives around holding a laptop while running any number of “sniffing” programs such as “NetStumbler”, “Ethereal” or “Kismet”. (See TS article for actual URL’s for each program.) In one instance, they were able to discover 99 “hot spots” using this tool.  A “hot spot” is where a company has a wireless access point available for connection to your network. 

And here’s the interesting part:  of the 99 devices which were identified, only 14 of them had any sort of security enabled.  What this means, basically, is that “anyone could sit in the parking lot of the ‘hot spot’ and gather network data.” 

What to do to remedy this?  Generally, most default settings are set to leave a system most vulnerable. So, before anything else, you should change your password and/or ID.  

After that, the authors walk you through a few more values which should be modified or added, including encryption.  The good news is that the authors of the tech-savvy piece have been able to set up entirely foolproof Wi-Fi systems…networks which they couldn’t even break into (and they tried).  

For more information, go to http://www.michbar.org/journal/pdf/pdf4article666.pdf   Or here http://ala.peachnewmedia.com/store/provider/provider09.php#bl   Or here http://netstumbler.findmysoft.com/  

-EM

Advertisements

Leave a comment

Filed under Uncategorized

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s