Archive for Sunday, January 27, 2002

project evaluates security of wireless computer networks

January 27, 2002

Advertisement

Breeze Luetke-Stahlman loves using a wireless computer network because it allows her to access the Internet from anywhere in her home.

But she didn't realize hackers as far as a block away also could log on to her system.

"I could see how that could be a concern for companies with a lot of equipment or files," said Luetke-Stahlman, a Kansas University senior. "As a home user, I can't understand why I'd ever be targeted."

But two KU researchers say everyone should be concerned about the possible dangers of using wireless networks.

Matt Dunbar, a graduate student in geography who works at the Kansas Applied Remote Sensing laboratory, and Brett Becker, who works at KU's Information and Telecommunication Technology Center, drove around Lawrence last fall mapping signals from wireless networks.

The signals often don't stop at the walls of the buildings where they're located, which makes them available to hackers on the outside.

Access, mayhem

Using a laptop computer, wireless network cards and an antenna, Dunbar and Becker determined the names, signal strengths and types of 106 wireless networks being used in Lawrence.

Some used proper safety measures to thwart hackers. Others did not.

Logging on to networks would give hackers access to information on servers and allow them to crash systems. They also could send computer viruses anonymously using someone else's network.

So Dunbar and Becker have begun a quest to inform users about how to keep unwanted users out of systems which can be simple, they said.

"If they just read the (network) manual, most people will be able to figure it out," Becker said.

Their suggestions include turning off the network when it's not in use and changing default passwords.

They also suggest enabling encryption, which was in use on only about a third of the 106 networks detected. Encryption jumbles information when viewed by anyone but the intended data recipient. Hacking through an encrypted system is more difficult than a non-encrypted system.

And some wireless networks offer an option to make them detectable only to those who know the name of the network.

Increasing security

The research already has piqued the interest of some companies, residents, KU and even the Lawrence Police Department.

Becker and Dunbar found 14 wireless networks on the KU campus. Only one at a language lab in Dole Center was encrypted.

John Louis, KU's director of networking and telecommunication services, said the university is working on a campus-wide policy for the systems something it doesn't have now.

"We're telling people they should mind their p's and q's because this stuff is out on the street and it's insecure," he said. "They need to know the strengths and dangers of using that technology."

John Judd, manager at Nova Cyber Cafe, 745 N.H., said he knows outsiders can detect the wireless network the cafe offers to laptop users for Internet access. The cafe's signal could be detected in a block each direction.

"We're well aware of that," Judd said. "It's the state of wireless at this point."

Changes being made

That's why the cafe is switching to a new system that would require users to register with the network before having access. Judd said he supported the researchers' efforts to inform network users.

"It definitely would be healthy for people to know about those sorts of things," he said. "People seem to block out a lot of technical jargon."

Unlike some networks which administrators want to stay within their buildings the Lawrence Police Department broadcasts its network signal from seven locations in Lawrence some on water towers, others on buildings.

The signals, which are generally detected about 1 mile from the antennas, allow officers to transmit crime information from laptops in their cars.

"That keeps them from going to the station and keeps them in their districts," Lt. Dave Cobb said.

Although the signals are accessible, Cobb said the system was secure.

"We continually look at it every day to stay one step ahead of anybody who wants to hack in," he said.

Commenting has been disabled for this item.