So You Wanna Go Wireless?

By Tripp Johnson

“There is nothing more frightful than ignorance in action.”
– Johann von Goethe

Sitting in the Albuquerque airport this week I noticed a small sign in the middle of the walkway announcing “Free Wireless Access.” Not being one to pass up anything free, I found the nearest seat and fired up the ol’ laptop. With a flick of the wrist, I clicked my wireless button to on, opened up my browser, and POW! I was surfing. No login, no authentication, just pure unadulterated high speed WiFi.

Feeling kinda sneaky, I pulled up my wireless console to see what other wireless devices my PC was registering. There’s no better place to scan for wireless devices than an airport terminal. You can see PDAs, cell phones, RIMs and anyone who is tapped into the airport’s wireless LAN (WLAN).

So, what in the heck does this have to do with banking? Read on.

In case you haven’t noticed, wireless networks are popping up everywhere. Why shouldn’t banks get into the action? Called “Hot Spots,” these networks have been implemented in airports, hotels, Starbucks and, believe it or not, McDonald’s.

Hot Spots use WiFi (wireless fidelity) technology, similar to the radio technology used in $15 walkie-talkies. They can transmit and receive, convert 1s and 0s into radio waves and then back to 1s and 0s. Sounds simple. The primary differences between WiFi radios and walkie-talkies are these:

• WiFi radios operate on much higher frequencies than walkie-talkies; WiFi at 2.4 GHz and 5 GHz vs. walkie-talkies at 49 MHz.
• WiFi radios use much more efficient coding techniques that allow for higher data rates.
• WiFi radios have the ability to change frequencies automatically or they can split the available radio bandwidth into dozens of channels and frequencies and hop rapidly among them. Frequency hopping reduces the chance of interference and allows many WiFi cards to talk simultaneously.

Now, as in all other areas of technology, the Supreme Byte Squad has assigned “standards.” In the wireless network arena, the standard imposed by the Institute of Electrical and Electronics Engineers (IEEE) is 802.11, not to be confused with 90210 (Señor Hodge’s favorite show). To top it off, the 802.11 standard comes in three flavors:

• 802.11b was the first version to reach the masses. It is the slowest and least expensive. Mr. B transmits at a slender 2.4 GHz and can handle a load up to 11 megabits per second.
• 802.11a came next. (I have no idea why b came before a.) Mr. A transmits at an Earth-shattering 5 GHz and can handle a whopping 54 megabits per second.
• Lastly, we have 802.11g. (What happened to c,d,e and f?) Baby G is the best of both worlds, coming in at a sleek 2.4 GHz (giving it the cost advantage of Mr. B), yet it can handle up to 54 megabits per second like Mr. A.

By the time this article is published, there will probably be q, r, s and t! Which one is right for your bank? I’m sure there are many vendors who would like to debate this subject for you (and then send you the bill). But I can aid you through the alphabet confusion and tell you that at this point no one letter standard is better than the next when it comes to security, and security is a priority for all financial institutions.

With wireless technology on the forefront, you can bet that breaches of wireless networks are going to become as prevalent as computer viruses are today.

While traditional “wired” networks are contained within the confines of the physical building with visible cables connecting devices, in a wireless world those cables have been replaced with radio waves. What some companies fail to realize when they jump on the WLAN bandwagon is that their new network doesn’t necessarily stop at the building’s walls anymore. If not secured properly, data is floating around outside the branch or the corporate HQ for anyone to capture. Yikes!

Just how easy is it for someone to monitor then capture your wireless information? As easy as

1. Kismet
2. Netstumbler
3. AirSnort

Using any one of these three popular tools available for download via the Internet, hackers can “sniff” out your network and analyze data transmissions. Further, AirSnort enables the user to crack WEP (wired equivalent privacy). What this means is that the potential thief could sit in the parking lot of one of your WLAN-enabled branches and not only monitor your network traffic but capture the data and break apart the encryption.

Now this is no time to panic. And it’s no time to condemn this promising new technology. There are certain things your IT folks can do to prepare. First, in the words of Sun Tzu: “Know thy enemy.” Download and become familiar with the same tools that the hackers are using. It’s not illegal, and it is free (which all banks should like).

Before you deploy a wireless network, you should also develop a comprehensive WLAN security plan.

There are several things you should consider in your WLAN security plan:

Patrol the perimeter
This refers to the “outside” of the building. Remember your wireless network is not confined to the building’s walls.

• Do a walk-around using your downloaded free tools to see if you can detect anything.
• Use directional antennas and place access points in the middle of the room rather than near the windows.
• Change the network secure set identifier (SSID) from its default to something else. (Byteheads will know what an SSID is.)
• Disable the SSID broadcast.
• Use static IP addresses and turn off dynamic host configuration protocol (DHCP).
• Lastly, ALL WLAN equipment MUST be approved by IT!

Secure Your Mobile Users
Mobile PCs are an easy target for security breeches and a very good way to infect your internal network with viruses. Hopefully you already have a policy in place for this if you currently have employees with laptops. 

Authentication, Encryption and Authorization
The same type of measures you take on your cable network should be applied to your wireless network. For more detail on this subject and a comprehensive review of WLAN security, check out this white paper on Cisco’s Web site.

The wireless world promises great things. Already we are recognizing the rewards – surfing on a wireless network as we wait to catch a plane or while we enjoy our morning cup of Joe or lunchtime Big Mac. But banks need to realize that being on the cutting edge of wireless technology may attract attention – and it might be the wrong kind.

Consider yourself warned.
-tj