Mobile & Wireless UPDATE--brought to you by the Windows & .NET Magazine Network http://www.winnetmag.com
~~~~ THIS ISSUE SPONSORED BY ~~~~
HP & Microsoft Network Storage Solutions Road Show http://www.winnetmag.com/roadshows/nas
~~~~ SPONSOR: HP & MICROSOFT NETWORK STORAGE SOLUTIONS ROAD SHOW ~~~~
JOIN THE HP & MICROSOFT NETWORK STORAGE SOLUTIONS ROAD SHOW! Now is the time to start thinking of storage as a strategic weapon in your IT arsenal. Come to our 10-city Network Storage Solutions Road Show, and learn how existing and future storage solutions can save your company money--and make your job easier! There is no fee for this event, but space is limited. Register now! http://www.winnetmag.com/roadshows/nas
March 13, 2003--In this issue:
1. MOBILE & WIRELESS PERSPECTIVES - 802.11 Site Survey Follow-Up
2. MOBILE & WIRELESS NEWS & VIEWS - GPRS-Based Medicine - Pocket PCs for the Coast Guard - Intel Goes Wireless
3. ANNOUNCEMENT - Start Your Spring Training with Windows & .NET Magazine Web Seminars!
4. INSTANT POLL - Results of Previous Poll: Wi-Fi Site Survey - New Instant Poll: WLAN at Home
5. RESOURCES - Tip: Neighborhood Site Survey Results - Event Highlight: NetWorld+Interop Las Vegas 2003
6. NEW AND IMPROVED - Fix Problems from Your PDA - Control AudioReQuest Through Your PDA
7. CONTACT US - See this section for a list of ways to contact us.
* 802.11 SITE SURVEY FOLLOW-UP In the February 27 edition of Mobile & Wireless UPDATE, I wrote about my experiences using Netstumbler.com's Mini Stumbler on a Pocket PC to conduct a neighborhood site survey of 802.11 wireless networks. (To read the original article, go to http://www.mobile-and-wireless.com/articles/index.cfm?articleid=38174 .) My findings struck a nerve with readers: More than a dozen shared their experiences, which were generally similar to mine. In short, 802.11 networks are extremely common and most of them are unsecure.
Chris Mohan wrote from London to tell me about an impromptu survey he started from the back of a cab after his notebook "started popping up messages reporting the availability of a wireless LAN \[WLAN\]." Mohan continued, "I flipped on Network Stumbler and left it running. During the hour-long cab ride, I picked up more than 30 WLANs. More than half of them weren't encrypted and used Service Set Identifiers \[SSIDs\] such as 'wireless' or their company's name. Even scarier, three of these WLANs belonged to banks in the heart of the London financial district." Mohan also uses Network Stumbler in his office to search for unauthorized WLANs. Although he hasn't found any at his company, a couple of his business neighbors "have just bought WLAN kits, and they haven't Wired Equivalent Privacy \[WEP\]-secured them or hidden the SSID broadcast."
Mohan isn't alone. I heard from other readers in locations as varied as South Carolina, Florida, Singapore, and Finland. Most reported results consistent with my impromptu observations: 75 percent of residential WLANs have no security enabled; the same is true for 50 percent of WLANs in business areas. One disturbing response came from a consulting engineer, who said, "I frequently wander about my community with a laptop and Network Stumbler to see what I can find. About 25 percent of the homes I find have WEP enabled, whereas 50 percent of businesses do. Doctor's offices and law firms are the worst, and heaven knows what secrets they're pushing into the air without thinking about what happens to it."
Mike Walsh, a consultant in Helsinki, Finland, offered the interesting suggestion that IT staff at large offices should conduct regular "sweeps" to ensure that no unauthorized WLANs have been set up. This suggestion is an extremely good idea, and it's quite easy to do.
What should you do if you find an unsecured WLAN? Several folks who responded to my column reported that they simply introduce themselves to the WLAN's owner and point out the problem. (If you're a consultant, this idea might be a good way to drum up business!) Most residential and small-business WLANs are connected directly to the owner's computers, so anyone with a notebook computer and an 802.11b card can obtain access.
At a minimum, WLAN owners should - enable WEP on the wireless Access Point (AP) - change the password on the AP - ensure that the Guest account is disabled on any Windows XP, Windows 2000, and Windows NT computers that connect to the AP and that nonblank passwords are in effect for all connected computers and users
Below are links to some sites that provide additional suggestions. I enthusiastically recommend the first URL, which takes you to the National Infrastructure Protection Center's (NIPC's) "Best Practices for Wireless Fidelity (802.11b) Network Vulnerabilities" document. The second URL is for the Wi-Fi Alliance Security page. The third URL is for the Microsoft TechNet Wireless and Mobile Security: Technical Resources page. Finally, the fourth URL is a link to Netstumbler.com, from which you can download Network Stumbler and Mini Stumbler. http://www.nipc.gov/publications/nipcpub/bestpract.html http://www.wi-fi.com/opensection/secure.asp http://www.microsoft.com/technet/security/prodtech/network/wirelsec.asp http://www.netstumbler.com
I'm open to additional suggestions regarding this topic, particularly from residential users, who are more likely to be running Windows Me or Windows 9x on their computers. This topic is of such compelling interest that we're working on coverage beyond Mobile & Wireless UPDATE. (We think all network administrators need to be aware of this potential for unintentional security breach.) If you have additional information, links, or suggestions, please write to me at [email protected]
* GPRS-BASED MEDICINE In Britain, PDAs and cell phones might help treat diabetics and asthma sufferers. e-San, a spin-off company of Oxford University's Neural Networks and Signal Processing research group, has developed wireless patient-monitoring applications that work through a General Packet Radio Service (GPRS)-based connection provided by a compatible wireless PDA or cell phone. The applications are undergoing clinical trials. For more information, go to the following URL. http://www.e-san.co.uk
* POCKET PCs FOR THE COAST GUARD The US Coast Guard has adopted TeleType's GPS Wireless WorldNavigator for use on aircraft and ships. GPS Wireless WorldNavigator is a software/hardware package that adds Global Positioning System (GPS) moving-map support to Pocket PCs. Features include street maps, aeronautical charts, and nautical charts. The company has recently added the capability to overlay weather maps. For more information, go the following URL. http://www.teletype.com/pages/gps/press/coast_guard_homeland_security.htm
* INTEL GOES WIRELESS In the past couple of weeks, Intel has released a slew of announcements about its wireless projects. Among them are plans to provide wireless hotspot access at Borders Books & Music stores and Marriott hotels (in conjunction with T-Mobile), a comarketing agreement with Toshiba pushing a new Centrino brand for Intel's implementation of 802.11 technology, and investment in four Wi-Fi-related companies. For more information, go the following URL. http://appzone.intel.com/pressroom/index.asp
* START YOUR SPRING TRAINING WITH WINDOWS & .NET MAGAZINE WEB SEMINARS! March is a great time to strengthen your knowledge of security and Active Directory. Register today for one of our Web seminars, and find out what our experts know that could be saving you hours of time and your company bundles of money. Sign up now! http://www.winnetmag.com/seminars
* RESULTS OF PREVIOUS POLL: WI-FI SITE SURVEY The voting has closed in Windows & .NET Magazine's Mobile & Wireless Solutions nonscientific Instant Poll for the question, "Have you ever performed a neighborhood or enterprise site survey to monitor 802.11b security?" Here are the results from the 26 votes: - 31% Yes - 69% No
* NEW INSTANT POLL: WLAN AT HOME The next Instant Poll question is, "Do you have a wireless LAN (WLAN) at home?" Go to the Mobile & Wireless Solutions Web site and submit your vote for a) Yes or b) No. http://www.mobile-and-wireless.com
* TIP: NEIGHBORHOOD SITE SURVEY RESULTS Would you like to see the results of a neighborhood 802.11 site survey without having to do the work yourself? WiFiMaps.com operates a server that generates maps of 802.11 sites in the United States based on survey data that individual users contribute. The site presents survey results on maps based on US Census data. You can query the database by city, state, ZIP code, Service Set Identifier (SSID), or wireless Access Point (AP) manufacturer. I can't vouch for all the data on the server, but I can tell you that the results for Modesto, California--where I performed my own survey--appear to be quite accurate. For more information, go to the following URL. http://www.wifimaps.com
* EVENT HIGHLIGHT: NETWORLD+INTEROP LAS VEGAS 2003 April 27 through May 2, 2003 Las Vegas, Nevada
NetWorld+Interop Las Vegas 2003 will provide a focus on wireless LAN (WLAN) directions and the reality or myth of Internet security. In tutorials and workshops, you'll be able to explore WLAN security in depth. For more information, see the following URL. http://www.interop.com/lasvegas2003
For other upcoming events, check out the Windows & .NET Magazine Event Calendar. http://www.winnetmag.com/events/calendar
* FIX PROBLEMS FROM YOUR PDA Sonic Mobility announced new functionality in sonicadmin that lets you remotely access NetIQ's AppManager Suite through a Pocket PC or Research In Motion's (RIM's) BlackBerry wireless device. sonicadmin lets you securely connect to your network to diagnose and fix problems from your PDA. You can take corrective action as soon as you receive an event notification, no matter where you are. For pricing, contact Sonic Mobility at 866-602-2002. http://www.sonicmobility.com
* CONTROL AUDIOREQUEST THROUGH YOUR PDA ReQuest Multimedia announced ARQPocket, music-browser software for your Pocket PC. You can enjoy realtime control of your music collection by adding an 802.11 card to your PDA and a Wi-Fi Access Point (AP) to any Ethernet network so that you can integrate with any AudioReQuest Music Server. For owners of AudioReQuest digital music servers, ARQPocket is available for free download at ReQuest Multimedia's Web site. For pricing, contact ReQuest Multimedia at 518-899-1254. http://www.request.com
* ABOUT MOBILE AND WIRELESS PERSPECTIVES -- [email protected]
* ABOUT THE NEWSLETTER IN GENERAL -- [email protected] (please mention the newsletter name in the subject line)
* TECHNICAL QUESTIONS -- http://www.winnetmag.net/forums
* PRODUCT NEWS -- [email protected]
* QUESTIONS ABOUT YOUR MOBILE & WIRELESS UPDATE SUBSCRIPTION? Email Customer Support -- mobile_&[email protected]
* WANT TO SPONSOR MOBILE & WIRELESS UPDATE? [email protected]
This biweekly email newsletter is brought to you by Windows & .NET Magazine, the leading publication for Windows professionals who want to learn more and perform better. Subscribe today. http://www.winnetmag.com/sub.cfm?code=wswi201x1z
Receive the latest information about the Windows and .NET topics of your choice. Subscribe to our other FREE email newsletters. http://www.winnetmag.com/email
Thank you for reading Mobile & Wireless UPDATE.