Home

     It's been said the biggest obstacle to wireless technology is security.¹ With the rapid deployment of WiFi² in everything from computers to cars, the ramifications are staggering and it can get much worse.
     As I write this article, I'm running a WiFi scanner and have found three nearby WLANs³. One is my company's network and the other two are from the coffeehouse and the apartments across the street. Therein lies the problem.
     Our network was designed for security. The other two appear to emphasize simplicity. Most of the time this isn't an issue; however, one of my co-workers recently complained about the speed of his connection. We discovered that he had connected to one of the other WLANs and was doing company business on an unsecured network. Thankfully, he was only looking at a website; but, had he been working on a corporate transaction or checking his account balances, we could have a real problem.
     A prudent person wouldn't discuss his/her ATM code in public. Yet doing anything on a "free WiFi connection" does essentially that. Even worse, with the current standards for wireless bridging, someone could be a football field away and still read what you type. But don't despair, just remember several things whenever you want to go wireless.
     First, you should have a WiFi scanning program.⁴ Not only does this offer a simple way of finding WLANs, but it also will tell you if the network is encrypted (e.g.- is what you type transmitted in plain text or converted to alphanumeric code before being sent). Odds are the WLAN at the coffeehouse is not encrypted and what you type could be read by anyone in the neighborhood with programs available online.
     Second, while any encryption is good, it is not foolproof. There are sites that show how to crack the most basic encryption WEP⁵ in less than ten minutes. The current model, Wi-Fi Protected Access (WPA) is inherently more secure than WEP, but instructions for cracking it have been available online for over a year.
     Third, it would be smart to avoid any network called by a default name such as "Linksys" or "NetGear". This is a sure sign that the administrator took the device straight from the box and plugged it in and did little to secure the network. In the same vein, you should change the default passwords for any WiFi device you own. A search for "WiFi default usernames" returns over twenty-two thousand results and the fourth is a list of default usernames and passwords by manufacturer.
     Finally, if you must use an insecure WLAN, don't trade stocks or check your bank balances. Don't send an email to your partners discussing your current case. Don't buy books or theatre tickets, or anything else that requires your credit card number. Think twice before using a password to check your email and don't forget to enjoy that double latte.•

As IT Director and General Counsel for JM Associates, Inc., Steve Dannaway is responsible for the day-to-day technical operations of a nationwide television production company. His corporate practice consists of television sponsorship contracts, likeness rights, and intellectual property defense. He serves on the Arkansas Bar Association's Technology and Website Advisory Committees.

1. Dave Molta, Air Time: The Delicate Balance of Wireless Security, Network     Computing, February 17, 2005, at 18.
2. Wireless Fidelity - a set of product compatibility standards for wireless     communication based on the Institute of Electrical and Electronics Engineers     (IEEE) 802.11 specifications.
3. A local area network that uses high frequency radio signals to transmit and     receive data.
4. For example, NetStumbler (www.netstumbler.com) for Windows 2000 or XP and     MacStumbler (www.macstumbler.com) for MacOS 10.1 or higher.
5. Depending on the source, this can stand for Wired Equivalent Privacy, Wireless     Encryption Protocol, or Wire Equivalence Protection.