Wireless LAN Issues
Wireless LAN security issues include weak default security installation, flaws in WLAN security protocols, covert installation of "rogue" access points, and external snooping. By some recent estimates, more than half of wireless LAN installations are installed with default security settings. Set up this way, networks are typically not protected from external access; a nearby laptop with a suitable $100 wireless LAN card could access such a network, monitoring emails and other traffic. Even with security turned on, flaws in the wired equivalent privacy (WEP) protocol make it possible for a determined hacker to access a wireless LAN. This is not as easy as some articles in the press have indicated, and the first step you should take to increase WLAN security is to enable WEP security. Changing the network's default values, such as the service set identifier (the identifier that uniquely designates a particular network), is also necessary.
A recent ComputerWorld survey found that 30 percent of IT professionals surveyed had found rogue access points installed in their organizations. Employees install these access points (they cost less than $200 U.S.) mainly for the convenience of mobility within their work areas. One such access point can open up your entire network. To cope with this, consider implementing a zero-tolerance policy to employee-installed access points and educating employees about the dangers of such installations. To find out if you have a problem, use a tool such as NetStumbler to locate unapproved access points.
Wireless LAN transmissions ignore the boundaries of your physical premises, and antennae-equipped wireless devices may be able to access your network from well outside your building. In a recent ZDNET UK article, the author describes how during a 15-minute cab ride in Manhattan, he located 106 wireless LANs, of which fewer than 30 used encryption! Locating these open WLANs has become a hobby for some, and there are even web sites that list open networks (see NetStumbler), pinpointing them on a map (see Figure 2.) Enabling WEP security is the first step to avoid unwanted external access. Other things you can do include reducing the gain (this equates to the transmission/reception power) of your access points and locating access points away from the perimeter of your building.
Figure 2 NetStumbler North American map.