Letter missed on several points
Mr. Shipley states, “Of course wireless networks can easily be accessed – this is not news.” Congratulations on being aware of these security concerns! However, don’t you realize you are in the minority? This story was news indeed to the dozens of homes and businesses that did not know how vulnerable they were by simply plugging in their wireless AP.
If the article’s headline was, “Dozens of Local Networks Have Proper Security Measures,” I would fail to see the relevance. However, just the opposite is true.
Being one keystroke away from breaking into someone’s network is entirely possible. In fact, a hacker would rarely be unprepared in such an attack. A shell or other script is commonly written to accomplish the task at hand as fast as possible. All the “homework” necessary to write the script is usually done through sniffing or other means that do not require direct access. Please read up a little more before you accuse someone of exaggerating. You go on to accuse me of lying when I say that given an IP address on the network it is possible to access that system. Access to a system does not imply root or administrator access. Walk into most public libraries and you can get access to their computers. They, however, restrict you to certain devices or functions. Given network access, such as knowing the IP address and having a connection to that IP, is analogous to standing in front of a locked door. Whether you can use a key or a lock-pick to get the door open is up to the owner of the door and the security measures they employ. You claim that I promote a false sense of security by advocating WEP encryption. Then later in your letter you say, “It does add one more obstacle to hacking.” Which is it? WEP is available on all new wireless equipment and only requires that the user enable it. If it is an extra obstacle all wireless users have at their disposal, how can you justify not using it? The answer is that you can’t.
Can you explain to me what free Internet access has to do with the increase in wireless abusers? If they are giving access away, then using it for the Internet is not abuse. That is the entire point of those projects!
The article you so poorly retort had nothing to do with free WISPs. In fact, in the same paragraph you write, “Then again, Nottingham is quoted as saying he got his software for scanning wireless networks from a client, implying that he did not know how to figure this out for himself.”
The original article in fact says that I “got (my) equipment for scanning wireless networks from a client.” This is to make the point that the equipment is not only cheap but is so cheap it is sometimes given away. Changing my words to fit your meaning only proves to weaken your already frail point.
Further, you agree with almost all the tips for foiling wireless hackers. Claiming that limiting the RF emissions coming from your access point is absurd, as you do, can only be ignorance. If you can move your access point to a location that gives your users good coverage and limits what is available to outsiders, why would you not do so? I have personally installed two networks in home basements that give the users’ homes great coverage. They also are not detectable from outside the house. While not perfect, security it is better security.
I feel that Mr. Thompson did an excellent job of writing an article that informs many non-technical people of their very real security problems. If you were hoping for an in-depth white paper on 802.11 protocol vulnerabilities, there are a multitude of resources. Not everyone has the level of expertise you purport to have and they simply don’t read these sources.
Thanks to Mr. Thompson’s article, they are aware of the potential problems. Whether they decide to further educate themselves or have someone else fix the problems, at least public awareness has been raised and steps can be taken to remedy the dilemma.
In conclusion, wireless technology can be properly implemented in such a manner that it provides as much security as wired connections. But this has yet to be seen in the vast majority of networks in our valley.