The courts have recently decided that sniffing data from open wireless networks is not wiretapping. In view of this decision, I thought it might be really good to review a few items about wireless networks.
Vulnerable Configurations
The first question to ask is about the type of wireless network you have. This brings in a question about the numbers typically 802.11x. IEEE 802.11 is a set of standards for implementing wireless local area network (WLAN) computer communication in the 2.4, 3.6 and 5 GHz frequency bands. The most popular are those defined by the 802.11b and 802.11g protocols, which are amendments to the original standard. 802.11-1997 was the first wireless networking standard, but 802.11b was the first widely accepted one, followed by 802.11g and 802.11n. 802.11n is a new multi-streaming modulation technique. 802.11a is used primarily for cordless phones and Bluetooth devices. Other standards in the family (c–f, h, j) are service amendments and extensions or corrections to the previous specifications.
The different standards affect many items but some of the most important are speed and distance. It is not always true that having the wireless device with the best distance is the most secure. Covering more distance than you need for your business needs means that attackers may also have better access to your wireless network from positions at distances away from your business. When they have this access they also will probably have more opportunity and time to try and break into to your network without being observed. Attackers may also use more powerful antennas to receive your wireless signals and can do this from some pretty extreme distances. To give you rough idea of the normal distances I am providing you a table with the estimated data ranges for each protocol with a normal receiving antenna.
| 802.11 network standards | |||||
| 802.11 | Release date | Approximate indoor range | Approximate outdoor range | ||
| protocol | (m) | (ft) | (m) | (ft) | |
| — | Jun-97 | 20 | 66 | 100 | 330 |
| a | Sep-99 | 35 | 115 | 120 | 390 |
| b | Sep-99 | 35 | 115 | 140 | 460 |
| g | Jun-03 | 38 | 125 | 140 | 460 |
| n | Oct-09 | 70 | 230 | 250 | 820 |
The first thing to think about when contemplating use of a wireless network, is the size of the area that needs to be covered by the service. The next item for consideration is the type of data that the network will be used for. It is important to think about how sensitive the network data is and what are the consequences of exposure of the data. If the network is designed to be used by the public and you do not expect to have any business sensitive data on the network you may be mostly done with securing it, unless you want to control who in the public uses it and are concerned over leaving it completely wide open for liability reasons. The caution here is that most open public network are sniffed by people and if you do not use encryption of any kind everyone can see all the traffic.
WAP, WEP, WPA, WPA2 and Protection
Wireless Application Protocol (WAP) is not a protection mechanism it is the technical standard for accessing information over a wireless mobile network. There are various options to use for protected access of wireless networks. Wired Equivalent Privacy (WEP) is a security algorithm for IEEE 802.11 wireless networks which was introduced with the original standard. It is the weakest of the protection mechanisms. It is fairly easy for an attacker to compromise WEP and then be able to see the traffic on a WEP protected network. If you have an older wireless device it may however, be the only protection option available on the device.
The other two Wi-Fi Protected Access (WPA) and Wi-Fi Protected Access II (WPA2) are security protocols and security certification programs developed by the Wi-Fi Alliance to secure wireless computer networks. WPA was designed as the intermediate measure to replace WEP because of WEP security vulnerabilities. It was released to the market around 2003 and it did address many of WEP’s weaknesses. However, WPA remains vulnerable to brute force password cracking attacks if users rely on a weak password or passphrase.
WPA2, also known as IEEE 802.11i-2004, is the successor of WPA, and replaces the TKIP encryption protocol with CCMP to provide additional security. It is mandatory for Wi-Fi–certified devices since 2006. It uses a new AES-based encryption mode with strong security. For best security use WAP2 with a strong passphrase. It must be remembered that even WPA2 has vulnerabilities, so for very sensitive data on wireless networks use other encryption tools like VPN to protect your data.