War Driving Misses Part of WLAN Security Picture

The practice doesn't truly measure the level of security-but it does show us that even the best security mechanisms cannot protect anyone who doesn't enable them.

On a slow news day, you can always go "war driving." Thats what Mike Outmesguine did in an 800-mile drive down the California coastline in an Associated Press story this week. About 40 percent of the networks he detected from the laptop on the passenger seat of his Toyota 4Runner were not secured.

The news here, folks, is that this is not news. That 40 percent has hardly budged since PC Magazine did its first war-driving investigation into wireless LAN (WLAN) security more than two years ago.

Does that mean were as insecure now as we were then? Are we wireless warriors computing blindly in the wild? Are our transmissions really just out there for everyone to see?

Dont ring the alarm just yet. My apologies to Benjamin Disraeli, who said there are three kinds of lies: lies, damned lies and statistics. And what we have here are statistics.

Time and the law dont allow joyriding war drivers to truly access all of those networks to see whether they really are insecure. What you get from a war-driving report is rarely more than a surface glance.

It tells how many networks are not running the native, over-the-air security mechanisms built into 802.11 devices. But this does not necessarily mean that theyre not running security at all.

Detecting "open" WLANs by using a laptop, sniffing software such as NetStumbler and an antenna mounted atop a vehicle can identify networks that have not implemented Wired Equivalent Privacy (WEP) or the much stronger and much more secure Wireless Protected Access (WPA) that you get in newer devices.

But can WEP even be called security? If anyone out there has not heard about WEPs many vulnerabilities, please raise your hand.

Most enterprise networks gave up on WEP long ago, and the tools they do use to secure wireless network segments cant be detected by casual war drivers. Unless a war driver actually associates with a WLAN and gets an IP address, he cant really draw valid conclusions about the networks security. Any one of a number of other things might be going on.

At the simplest level, a network manager can restrict Media Access Control (MAC) addresses to allow only known wireless devices onto the network.

The technique is not practical in large enterprises with lots of devices to track, but it is realistic for the small or home office, and lots of integrators who sell and manage small WLANs do it.

Enterprises can—and usually do—deploy 802.1X user authentication to require users to enter user names and passwords before theyre given network access.

And if they have legacy WEP devices that cannot be upgraded to WPA, they can secure data transmissions on the wireless segments of their networks with Virtual Private Networks (VPNs).

Next page: Truths and fictions about wireless-network security.