Making hotspots secure

By Warwick Ashford, ITWeb London correspondent
Johannesburg, 26 Mar 2004

Wireless access may improve productivity and customer service, but Wolfgang Held, 3Com systems architect, warns that wireless local area networks (WLANs) and public hotspot wireless connections are still risky from a security point of view.

"WLANs and public hotspots use microwave radio frequencies to provide the wireless connectivity and that makes them vulnerable to spying techniques," says Held. "Opening a wireless portal can make WLANs vulnerable to intellectual property (IP) theft and denial-of-service attacks."

Held told delegates to this week`s Hotspot 2004 conference at The Campus in Bryanston that although the security risks of wireless connectivity should not be underestimated, progress was being made continually to enable providers and users to make WLANs and hotspots more secure.

"Wireless connectivity provides freedom to access information away from the office, but with that freedom comes a certain amount of risk," Held said. "Radio waves do not obey physical boundaries and there will always be spill-over."

While emphasising the risks and the need for security, Held said there were several security options already available that could be used fairly effectively in combination, as well as the current WiFi protected access protocol (WPA) and the new 802.11i (WPA2) in development.

Held explained that unlike other security protocols, WPA uses dynamic key encryption, solving one of the biggest weaknesses of the wide equivalent privacy protocol (WEP). "WPA is a stepping stone, an interim solution until WPA2 is ratified," he said. "WPA will include the advanced encryption standard, which is still optional in WPA."

The difficulty with hotspots in particular is providing increased security, while maintaining ease of use, but ultimately the responsibility should be shared between hotspot operators and users, said Held.

"Hotspot operators should use software to monitor any changes indicative of rogue access points, they should enable WPA security, and enforce authentication standards. Users should change their login details frequently, monitor usage and billing records, use personal firewalls, and refrain from sending confidential documents at public hotspots."