Wednesday, July 28, 2010

Secure WiFi Networks

WiFi Alliance and Legal Authorities Coming Forward


WiFi, today, has become a near ubiquitous technology, used by most of us, with our WiFi enabled gadgets, while we are at offices, homes, public places or while traveling. However, awareness about WiFi security is still lacking and practice of configuring poorly secured or unsecured WiFi networks is still prevailing, among large section of the society. This can potentially leak the confidential information to the outsiders or can invite unauthorized access to the hosted WiFi network. Such potential pitfalls are already proven by much hyped incidents, such as WiFi hack at TJX in the past and the Google’s WiFi snoopingusing Street View Cars recently.
 
These large scale incidents have wide opened the box of security lapses, possible during the use of unsafe WiFi networks, motivating people for safe WiFi practices. A number of safeguards are already available on web. However, unknowingly or intentionally, people are still accustomed to poorly configured WiFi networks when security is concerned.  The reason for this may lie in the one or more of the following facts:
 
  • Out of the box WiFi routers generally come with ‘security disabled’ option checked
  • Open WiFi networks provides better performance then their security enabled counterparts
  • People carry ‘this will not happen to us’ attitude, so they think why to go for the pain of configuring a password and remembering the same
  • People get confused with various WPA versions and hence resort to old nice WEP
  • Ad hoc WiFi networks that are very popular for peer to peer wireless networking (no WiFi router required) support WEP mainly
 
Considering the continued practice of using open and poorly secured WiFi and continued happenings of large or small scale WiFi hacking/snooping incidents, WiFi alliance and some Countries are coming forward to take measures which will safeguard the privacy of people from easy WiFi hacks.
 
As reported in the recent news articles on the web, WiFi alliance (responsible for certifying WiFi products according to standards) is going to phase out vulnerable WEP and WPA TKIP option on Access Points and WiFi Clients in stages. The process of phasing out will start from January 2011 and will be completed by 2014, leaving only AES based WPA security on all certified WiFi devices. However, ‘security disabled’ option will still be continued on WiFi routers, but out of the box router will be security enabled. Continuity of the 'Security disabled’ option might continue because it has no security overhead and can be of use in certain specific requirements.
 
Also, along with WiFi alliance efforts, Germany’s top criminal court has saidrecently that private WiFi networks need to be secured; otherwise owners will be liable to fine if unauthorized access to these networks is found for the purpose of downloading data. This ruling will certainly motivate Germans to secure their privately owned WiFi networks.          
 
Realizing that, properly secured WiFi networks are in interest of both, the individual and the country, it seems momentum of properly securing WiFi networks will definitely get a push from WiFi alliance efforts and imposition of criminal liability on owners of open private WiFi networks by countries such as Germany.