Evaluating Wireless Security Needs: The Three L’s
Crackers, worms, viruses, zombies, trojans… it seems as though the promise of constant access and instantaneous communication through networking has been twisted in such a way that people are afraid in ways that few expected back in less-connected days. In large part because of co-authoring The Wireless Networking Starter Kit with Glenn Fleishman, many of the interviews I do end up working their way around to security, which I find somewhat depressing. For me, wireless networking is all about breaking down barriers – physical barriers – and I’m more interested in sharing connectivity than erecting virtual barriers.
Nonetheless, there are very real situations in which security – often serious security – is called for, and in trying to help people decide if they need it, I’ve come up with what I call the three L’s of security: Likelihood, Liability, and Lost Opportunity. This article will help you think about security in general and wireless security in particular; to learn more about how to address wireless security concerns, Glenn and I wrote four chapters on the topic in The Wireless Networking Starter Kit, Second Edition, available in both paper and electronic form.
Likelihood — The first aspect of security to consider is likelihood: how likely is that someone will violate your privacy, steal your belongings, or otherwise exploit you? For instance, when I was growing up in rural New York State in the early 1980s, my family lived on top of a hill in the middle of roughly nowhere. Our nearest neighbors were a mile away, the dirt road that went by our house seldom saw an unrecognized car, and the road wasn’t even plowed past our house in the winter. As a result, I left the keys to my car (a rusty Dodge Colt that needed bits of mouse nest cleaned from its fuel filter on a regular basis) in the ignition when it was parked in the driveway. It was easier than bothering to bring the keys inside, and when I evaluated the likelihood that anyone would steal the car, I just couldn’t see it happening.
Fast forward ten years to when Tonya and I were living in a populous suburb of Seattle. Our car was a shiny red Honda Civic, we barely knew the next-door neighbors, much less everyone on the street, and unknown vehicles zipped by day and night. We did not leave the keys in the car when it sat in our driveway; we locked the doors at all times, and we had a lock that connected the brake pedal to the steering wheel for when we parked in seedier neighborhoods in downtown Seattle. The change in location and situation affected our perception of the likelihood of someone stealing the car, and we responded in kind.
I like to use the car analogy because I think people understand it on a visceral level; a beater car in the country is of course much less likely to be stolen than a new car in the suburbs. But the lesson applies equally well to wireless networks. Your location is important, as is the type of data that passes across your network. If you live in a lightly populated area, and no one could easily come within range of your network without sitting in your driveway, you probably don’t have much to worry about. Turning on WEP or WPA and dealing with the passwords is probably more trouble than it’s worth. That’s especially true if your network is just a standard home network that you use for browsing the Web, checking email, and moving files around. But if you live in an apartment building with neighbors who could pick up your connection, the likelihood of someone connecting to your network rises significantly, generating the question of whether you want to allow others to share your Internet connection or not. Even apartment dwellers aren’t likely to have "interesting" (to a thief) data on their network, so there’s little incentive for someone to do more than use the Internet connection.
The likelihood of attack increases significantly if you’re running a business, since it’s plausible that your network would carry sensitive information such as credit card numbers, business plans, and so on. Also, most businesses are located in areas or buildings where someone could easily sit and hack into your network without being noticed.
Liability — Think about the car analogy again. What was the liability if someone were to steal my rusty Dodge Colt? It was probably worth a few hundred dollars at the time, and although that amount of money meant more to me than it would later, it still didn’t compare to the thousands of dollars embodied in the new Honda Civic. Again, with physical property, the liability of loss is fairly obvious. You might not think twice about leaving an old 3-speed bicycle on your front porch, but you’d be much less likely to leave a 21-speed racing bike out there without a strong lock.
Now transfer that kind of thinking to your wireless network. What is the realistic liability if someone were to record all the traffic that passed across your wireless network? For most home networks, the amount of network data that’s at all sensitive is extremely low; perhaps a credit card number being sent to a unusual Web site that doesn’t use SSL, maybe some financial data, possibly some bits that would be embarrassing if made public.
(It’s worth noting that although you should also apply this consideration of likelihood, liability, and lost opportunity to the data on your hard disk, a wireless network is only one way someone could access your stored data. An always-on Internet connection could provide an avenue for attack, and physical theft would also give a burglar access to your files. Of course, if you’re using Windows system, even with all the patches applied, firewalls, and anti-virus tools, you may need to take stronger measures than when using a Mac running Mac OS 9 or Mac OS X.)
Simply allowing someone else to use your Internet connection has a relatively low liability in most cases. However, you may think differently if you pay per byte, if you have a slow dialup connection that would be impacted by someone else’s use (with high speed DSL and cable modem connections, you’re unlikely to notice another user), or if you’re concerned that allowing someone else to use your connection would be violating your ISP’s terms of service in a way that was likely to result in you being disconnected.
Business are once again a different story. The likelihood of sensitive and confidential information passing through a wireless network is much higher, of course, and the liability of an outsider learning that information is significantly greater. If a business’s customer data were extracted from a wireless network, it could involve a disastrous loss of reputation or even lawsuits. And if confidential business plans were learned by a competitor, the ramifications could be catastrophic.
Lost Opportunity — This last security consideration was suggested by my friend Oliver Habicht, an IT director at Cornell University Library. Oliver pointed out, rightfully enough, that the opportunity cost of implementing and living with security measures also has to be factored into the equation. To return to the car analogy, you can buy car alarms and security systems, but they’re expensive and a hassle to use on a regular basis. A car alarm would have been wasted on my elderly Dodge Colt, and it was overkill even for the Honda Civic. Had we owned a Ferrari, though, I would have considered a security system mandatory, and even with our Civic, if petty theft was common, the security system might have been worth it. Put another way, you can expend significant time and money to ensure a high level of security, but would your effort and expense have been better employed elsewhere?
With home wireless networks, the opportunity cost comes mostly in the form of troubleshooting irritating problems, which is more necessary and harder when security is on, and in the annoyance of dealing with passwords with new machines or when you have visitors. In a corporate environment, you have both the extra work of dealing with the security measures and the extra expense of authentication servers, VPN hardware, and so on. But since your data is so much more valuable in a business environment, the expenses are more easily justified… to a point (armed guards with attack dogs patrolling your parking lot may be an excessive reaction to the possibility of someone sitting in a car within range of your wireless network, for instance).
Your Spot in the Security Spectrum — I hope I’ve made it clear that there are no cut-and-dried answers when it comes to security. It’s up to you to determine the likelihood of someone breaking into your network and either using your Internet connection or eavesdropping on the data that flies by. Next, you must determine the severity of the problems that would ensue from someone using your bandwidth or using a network sniffer to record your data. Lastly, you need to figure out what the lost opportunity of different levels of security is: the higher the likelihood of attack and the higher the liability if your network were to be invaded, the more you’re probably willing to spend and the more annoyance you’re willing to endure. Only by seeing where your situation fits for likelihood, liability, and lost opportunity can you ascertain how much effort you should expend on security.