This week Kevin Hogan, security response programme manager at Symantec, looks at the security headaches caused by wireless Lans, and suggests ways that businesses and individuals can deal with them.
Wireless local area network (wireless Lan) technology frees businesses and home users from the tyranny of computer cabling.
But it also brings new threats, potentially opening another door to attack from unscrupulous competitors, hackers and other criminals intent on obtaining or damaging data.
Last year the phenomenon of 'warchalking' spread to the UK from the US. Hackers walk through a business district identifying wireless Lans from the street and writing the access codes on nearby walls and pavement.
Anyone with a wireless card and the ability to read the signs can then access the identified network.
The basic problem with wireless Lan technology is that it removes one of the most effective protections offered by wired networks against attack, the physical building perimeter.
Radio signals can be picked up within 30m of leaking wireless Lan-equipped buildings by a suitably enabled laptop computer or handheld.
Users of the most widely deployed wireless Lan technology, 802.11b (or Wi-Fi), do not have foolproof security mechanisms at their disposal.
There are standards under discussion in the industry that stress security, such has 802.11i, but that are not yet widely available. Until they are, current wireless Lan users have to take matters into their own hands to protect data from attack.
The first step is to check and, if necessary, alter the default settings of their wireless Lan equipment. Most vendors ship wireless Lan kit with settings designed for ease of configuration and use rather than for optimum security.
In many wireless Lan implementations, the service set identifier (SSID) of wireless Lan base stations is commonly left on the default, and well-publicised, word or phrase used by each vendor. As with normal passwords, users would be well-advised to select their own SSID and change it regularly.
Wireless Lan base stations are also commonly configured to broadcast what is known as a 'beacon frame' to open communications with wireless Lan devices.
Again, unless users wish to welcome all comers to their network, they should disable the broadcast setting on the wireless Lan base station (although early wireless Lans do not allow this, unfortunately).
These changes will mean that wireless Lan users will have to key in the SSID each time they connect to the network, but the result is a much more secure system.
One significant part of the 802.11b wireless Lan security picture is wired equivalent privacy (WEP). This is designed to offer a level of privacy equivalent to that of wired Lans through various physical security mechanisms.
However, experience shows that WEP security is rarely enabled: users either do not take the time or are unaware that they need to activate this basic security feature.
While WEP is less than perfect (encrypted messages can still be intercepted and decrypted by a competent hacker), it does offer at least some protection. We all know that locking our front door is not an insurmountable security measure, but how many of us decide to leave our houses unlocked on that basis?
As well as enabling WEP on their own systems, wireless Lan users should also insist that anyone else accessing their network should also use it.
A lot of wireless Lan kit has been shipped with 64bit WEP encryption, which has a 40bit key length. Users of 64bit encrypted wireless Lans should check for firmware upgrades that provide 128bit (effectively 104bit key) or 256bit (effectively 232bit key) encryption.
Although the weaknesses inherent in WEP are not due to key length, the longer encryption keys do provide more effective protection against the possibility of the key being hacked by brute force in the future.
It is also worth changing the encryption keys themselves. Many wireless Lan users leave them at the default settings, which are the first to be tried.
Wireless Lans offer another way of providing some measure of protection against the casual eavesdropper. Each wireless Lan device has a unique address associated with it - the media access control (Mac) address - and access can be limited only to devices with known Mac addresses.
Of course, this may be impractical for businesses with a large number of wireless Lan users who move around a lot.
Virtual Private Network (VPN) connections can also be useful for protecting wireless Lan traffic. These effectively establish an encrypted tunnel between wireless Lan users and the server or other device they communicate with, protecting the data as it is transmitted over the airwaves.
The measures listed here are the basic steps that businesses and home users should take when implementing wireless Lans.
With wireless Lan deployment growing fast, businesses should take a close look at their wider security policies and practices, and ensure that proper design, implementation and training are in place to avoid leaving their networks open to attack.
Cotton seedling freezes to death as Chang'e-4 shuts down for the Moon's 14-day lunar night
Fortnite easily out-earns PUBG, Assassin's Creed Odyssey and Red Dead Redemption 2 in 2018
Meteor showers as a service will be visible for about 100 kilometres in all directions
Saturn's rings only formed in the past 100 million years, suggests analysis of Cassini space probe data
New findings contradict conventional belief that Saturn's rings were formed along with the planet about 4.5 billion years ago