War Driving No Game to IT Managers
November 05, 2003
Cruising the streets with a laptop to scan for unsecure wireless connections is one of the latest techie crazes. But the growing popularity of 'war driving' underscores the security problems facing networks that have gone wireless.
As they drive around town, passing major banks, investment firms and up-scale retailers, the laptop comes to life beeping excitedly. The buddies laugh victoriously, taking notes and plotting points on a map. These guys are called war drivers... and they could be a security or IT manager's best friend or worst nightmare. It all depends on how secure the company's wireless network is and what the war drivers' intentions are.
War drivers, often using freely downloaded software, are roaming streets around the country scanning for unsecured wireless connections. Think of it as a live-action, high-adrenalin version of the old video game, Pac Man. They're driving around trying to find or `gobble up' as many unsecured connections as they can. The more they find, the more better they're doing.
To the war driver, it's a sport or a game. It's a lot more serious, however, to the IT manager or security administrator running those networks.
"War drivers are independent security vigilantes almost," says Slavin, who earns his living as a sales engineer with Lindows.com. "This is about security. It's about letting people know there's this fantastic new technology out there and it will revolutionize networking. But be aware of what comes with that. Be aware that you might deploy a wireless network that's open to anybody who drives by with a laptop computer. Be aware that you need to protect your data. This is a tool to see how secure you are."
Most Wireless Networks Unsecure
The problem is that most companies using wi-fi connections still are not aware of the risks. Or if they are aware, they haven't had the time or the budget to secure their wireless connections. Slavin estimates that 80 percent to 85 percent of wireless connections are unsecured today. That's just a little higher than many analyst estimates that put the figure around 70 percent.
Whether it's 80 percent or 70 percent, that's still a lot of unsecured networks.
And that's a big problem.
An unsecured wireless network doesn't just mean that someone could sit down on a bench across the street from a mortgage company and hitchhike on the wireless connection to email her mother or order a new L.L. Bean backpack online. It means the person sitting on that bench or in a car parked across the street or in an office building next door could enter the mortgage company's network. She could be one giant step closer to critical financial information. She could be one giant step closer to wreaking havoc on an unsuspecting company.
"From a company standpoint, the fear is that anybody could come in through a wireless access point and connect into the corporate LAN," says Ken VanWyk, founder and principal consultant with KRvW Associates, LLC, an Alexandria, Va.-based IT security consulting firm. "Think of it like it's crunchy on the outside but soft and chewy on the inside. If somebody can completely bypass the firewall you've put up, then in most cases, it's very easy to get access to internal servers.
"Once they're in, it's just like they've plugged into a network from a conference room or a person's office," adds VanWyk. "That means they're free to browse through the network looking for misconfigured servers and security weaknesses."
VanWyk adds that any executive who wouldn't want a business rival to waltz into his boardroom and plug a laptop into his network, should make sure his wireless access points are secured.
But as it is with most new technologies, many companies are far more concerned with staying current and getting the new gadgets hooked up. They'll worry about security later. Or it could be a matter of the budget having room for new wireless technology but not having room this year for the necessary security to go along with it.
Danger of Rogue Connections
Another problem, according to Rick Doten, director of vulnerability assessment at Herndon, Va.-based NetSec, Inc., is when the IT manager or security administrator doesn't even know there's an unsecured wireless connection coming into the company. A rogue connection.
"People can go to Best Buy and get an access point for under $100," says Doten, who adds that he's found them hidden under desks and in filing cabinets. "These are internal people who aren't trying to be malicious. They want the convenience of having a wireless access point but they're creating an open door. The IT department doesn't even know it exists, so how can they fix it?"
NetStumbler, one of the many wireless network detection tools out there, can be used to audit a corporate network, clueing IT managers in to whether or not they have open access points.
NetStumbler's Slavin says it's a tool for the good guys. And most analysts agree. But there is the fact that any access point detection tool could be used by someone looking for a way to break into a corporate network, either to cause mischief or to destroy data or steal information. Obviously, it's not the tool but the way it's used.
And an unsecured wi-fi network is an open invitation to corporate spies or high-tech thieves.
Slavin notes that detection tools give IT managers the information they need to correct access problems before the company suffers because of it.
"War drivers are not the bad guys," says Slavin, who notes that there have been 5 million downloads of NetStumbler. "They're contributing to the wireless community... Of course, how it's used is a concern. But I think the positives that have been had because of NetStumbler outweigh any of the negatives. More networks have been secured than compromised by any tool out there."