• Investment World
• eWorld
• Catalyst
• Mentor
• Life
• Canvas
• Praxis
• Urban Pulse
• Brand Quest

Stocks

• Quotes
• SE Diary
• Scoreboard
• Open-End Mutual Fund

Port Info

• Ships in Ports
  
  

Archives

• Yesterday
• Datewise
• Resources

Group Sites

• The Hindu
• Business Line
• The Sportstar
• Frontline
• The Hindu eBooks
• The Hindu Images

R.K. Raghavan

Dancing is fun, but you could fall. Wireless Internet devices are convenient but can be targeted by hackers and viruses. But don't stop doing what you want to do. Just take care at each step.

THE scope for misusing cyber space and exploiting network vulnerabilities for personal gain or wreaking vengeance on someone whose face you don't like seems limitless.

A few weeks ago, the Isleworth court in London convicted a 24-year old youth "for dishonestly obtaining electronic communication service."

Charged under Sections 125 and 126 of the Communications Act 2003, Gregory Straszkiewez received a 12-month conditional discharge and was fined £500 for `piggybacking' on another person's wireless connection. (He was found too often with a laptop near the house of a broadband subscriber, till a resident who found his behaviour odd and suspicious reported him to the police.) This was the first time anyone in the UK - also possibly in most parts of the world except the US and Canada - was hauled up for entering someone's wireless Internet account surreptitiously and having a good time saving money for himself.

Mind you, in this process he did not cause any wrongful loss to the account-holder, because the latter had unlimited wireless access to the Internet.

Some of us may look upon this conviction as unfair, as no harm was done to the `victim'. Actually, one blogger, Peter Cochrane, comes to the stout defence of Gregory. Confessing that he himself had never hesitated to `steal' some time over others' wireless accounts, whenever the opportunity presented itself, he says: "If I am to go to court for using freely available and unprotected Wi-Fi, then my use of shop lights, toilets, shop awnings and someone's drive should qualify me as a criminal too. Why? Because, they cost more than Wi-Fi access!" Is this not unassailable logic? You may be wondering, when a German youth who produced the Sasser worm in 2004 and caused havoc to systems the world over, could be just let off on probation and community service, why should Gregory be punished for an act that could at best be labelled `indiscretion' (though mildly dishonest)?

Incidents like those for which Gregory was hauled up will grow by leaps and bounds, highlighting the obvious lack of security that wireless networks carry. All reports point to a phenomenal expansion of wireless Internet systems and allied devices.

Seventy per cent of the US workforce are said to use some kind of wireless device or the other. An estimated 3.7 billion handsets, PDAs (personal digital assistants) and Internet appliances with wireless capability will be in circulation in the next few years. I am sure India will not lag behind.

In taking to the Internet and non-Internet wireless facilities, we should be acutely conscious of their security limitations, without getting overawed by them.

Wireless networks are exposed to the same dangers as wired systems, such as hacking, viruses and DoS (denial of service) attacks. Nevertheless, there is a wrong impression that they are far more insecure (possibly because the technology's communication medium, namely, the airwave, is very much open to intruders), and hence they should be installed only when absolutely necessary.

This conservatism goes against the whole grain of modern life, when most of us in professions are all the time travelling and in a hurry to grab information as we drive or wait to catch a flight or dine at a hotel.

`Hotspots' in airports and hotels will become a facility that every one of us will demand in the near future. We should also remember that there are heritage buildings that do not permit digging for cables but nevertheless need Internet or other connections, which can be made available only through wireless.

Prudence, therefore, demands that we should be aware of plug loopholes and try to upgrade security of the Wireless LAN rather than shun it as something undesirable and risky.

Commonsense dictates that paranoia about wireless security should mark only those organisations that deal with money or national security, where authentication procedures need to be stringent and privacy concerns given high priority.

Our experience is that wireless networks are used mainly by commercial houses for non-sensitive internal communications and for e-mail that deals with routine matters.

No doubt, highly confidential matters that have an IPR connotation and mission-critical protocol facts will have to be kept out of wireless communications as far as possible. Strong and effective user authentication and data-encryption mechanisms will have to be in place, and these will have to be fused to business needs.

These will definitely have to be reinforced by strict physical security measures such as barriers, posting of uniformed guards and designation of restricted areas — such as Access Points (otherwise known as base stations), from where one can get connected to the Net — to which only a few designated persons have access.

To an extent this will take care of the problem of `sniffers' that can be easily installed by intruders to eavesdrop into the system.

Extreme care against extensive leakage of signals cannot also be overlooked. Antennae should be so positioned that signals go up to the desired radius and not beyond.

This is why a sectored or panel antenna is preferable to an omni-directional antenna.

Too many wrongly placed antennae are a giveaway to mischief mongers.

Just to prove the point, one researcher reports that he recently sat on the open upper deck of the famous sightseeing double-decker red bus in London with a laptop that had `Kismet', an advanced diagnostic tool that operates as a passive network scanner.

During a two-hour ride, he could detect more than 300 wireless networks, of which a third alone was protected by WEP (Wired Equivalent Privacy) encryption.

The point here is that even as more security features are becoming available in the market, including the highly rated 802.1X standard, there is a certain indifference on the part of wireless users that facilitates intrusions by adventurers as well as by black hats whose ingenuity and malice are always a source of danger.

In the ultimate analysis, as in the case of the wired system, it is user-awareness and sensitivity to security precautions that can make the difference.

The writer is a former CBI Director and currently Advisor (Security) for TCS Ltd.

Article E-Mail :: Comment :: Syndication :: Printer Friendly Page

Stories in this Section
Dip in offing?

Copyright © 2005, The Hindu Business Line. Republication or redissemination of the contents of this screen are expressly prohibited without the written consent of The Hindu Business Line