In the August 7, 2002, edition of Security UPDATE, I wrote about a new trend called warchalking. As you know, warchalking is the act of marking buildings in the vicinity of wireless networks. The idea is to provide a visual clue indicating the presence of wireless networks so that people can obtain a free Internet connection. Warchalkers use distinctive markings and include information about bandwidth and various connection perimeters.
The trend is catching on, so much so that, according to VNU Business Publications, the Federal Bureau of Investigation (FBI) recently issued an unofficial warning that businesses should check the security of their wireless LAN (WLAN) equipment to ensure that adequate security is in place.
Recently, I learned about a new Internet site, NetStumbler.com, that aids users in identifying and locating WLANs around the country. Among other features, the site hosts a national map that shows cities that have open WLANs and a searchable database that helps users query for information about specific locations.
NetStumbler.com also hosts a downloadable program called NetStumbler that lets users investigate a given WLAN's security. Security administrators can use it to test their sites. Anyone can download a copy (291KB). According to the Web site, "NetStumbler is a Windows tool that allows you to \[scan for\] 802.11b (and 802.11a, if using Windows XP) wireless LANs. It includes \[global positioning satellite (GPS)\] integration and a simple, intuitive user interface. Though primarily targeted at owners of wireless LANs, it has been the de facto tool for casual users such as war drivers for over a year." The tool apparently even won a "PC Magazine" award earlier this year, which named the tool its favorite innovative networking technology in the wireless software category.
NetStumbler runs on Windows 2000, Windows 98, and Win95 but doesn't work yet on Windows XP, Windows NT 4.0, or Windows Me. To see what it was like, I downloaded a copy and installed the tool. NetStumbler has a typical GUI, lets you choose a wireless NIC to use for scanning, and has scripting capabilities. After you've scanned an area and discovered WLANs, you can save the NetStumbler output and upload it to the NetStumbler.com Web site, where an application on the Web site converts it to Microsoft MapPoint 2002-compatible output. The process helps you plot WLAN points on a graphical map.
With resources such as NetStumbler and NetStumbler.com freely available, you should definitely take time to ensure that your WLAN security is adjusted to permit only authorized users access—unless you want to intentionally leave it open and available to anyone. The bottom line is that if you run a wireless network, you must keep it secure. If you don't, expect that someone will identify your network, chalk it up, and possibly submit it to the NetStumbler.com Web site—where everyone can find it quickly. For information about securing your WLANs, read Allen Jones' article, "Securing 802.11 Wireless Networks" and Paul Thurrott's article "Securing Your Wireless Networks".