Fear-Mongering In Las Vegas

Fear is a powerful emotion, and it's been used for years to sell products. Afraid someone might break into your home? We sell a deadbolt lock. Scared you might get hurt in a traffic accident? Our latest SUV has airbags and crumple zones.

Wireless hackers are the latest concern in the tech industry, and the problem is, indeed, serious. Security protocols have been poorly designed, and the broadcast nature of radio networks makes them vulnerable. But we can do without the scare tactics used by some vendors to push products.

The latest case in point is a press release issued by AirDefense, a developer of WLAN security products, which highlighted what it considered lax security at the recent NetWorld+Interop show in Las Vegas. Using one of its probes installed for two hours on the show floor, AirDefense identified 230 access points and 824 wireless stations. And guess what--these systems weren't secure.

Of course the show floor's wireless network wasn't secure! In fact, it was a total RF nightmare. One of the vendors I visited on the floor ran a NetStumbler scan and discovered access points on every possible 802.11 channel. If there was a message here, it was the amazing discovery that you could transmit an 802.11 frame over the airwaves without errors in what could possibly be the most WLAN-hostile environment ever created.

But that wasn't AirDefense's take on the situation. The fact that the company was able to use "just one of its remote sensors to monitor all wireless LAN traffic in the 100,000-square-foot showroom" must provide tremendous comfort to potential customers whose buildings look like convention halls. But I'd bet most of your buildings have walls. Even more preposterous was AirDefense's summary of problems that "exposed network traffic and opened devices to attacks and other security threats." For example, 92 of the 230 APs didn't authenticate or encrypt traffic. Imagine that. Equally shocking, 95 APs experienced excessive network interference, which forced them to retransmit more than half of the time.Let's not minimize the security challenges associated with WLAN implementations. And though probe products, such as those offered by AirDefense, may be appropriate for some organizations with rigid security requirements and big budgets, the real news is this: First, don't trust public wireless networks at trade shows. And second, select a WLAN infrastructure provider that can provide adequate security capabilities.

Post a comment or question on this story.