As an outsource security partner BAI provides managed security, managed firewall, managed ids, content filtering, internet security, network security, penetration testing, and vulnerability testing.

If you are using Wi-Fi in your office, connecting on the road, or at home consider this, you might be monitored by your neighbor, or by someone in the room down the hall, or perhaps someone in their car down the street. You might want to re-consider how secure your connection is before you jump onto a public Wi-Fi connection at the local coffee shop or trade show.

The two days of electronic eavesdropping at the 802.11 Planet Expo in Boston last month sniffed out more evidence that most Wi-Fi users still aren't getting the message -- or maybe they are comfortable broadcasting their e-mail and other data without encryption.

Security vendor AirDefense set up two of its commercial "AirDefense Guard" sensors at opposite corners of the exhibit hall at the Boston World Trade Center, the site of the conference, and for two days analyzed the traffic flowing between conference-goers and 141 unencrypted access points set up by the conference for public use, and by vendors on the floor.

What they found was that users checking their e-mail through unencrypted POP (email) connections vastly outnumbered those using a VPN or another encrypted tunnel. Only three percent of e-mail downloads were encrypted on the first day of the conference, 12 percent on the second day. (The company says it counted all VPN or tunneled traffic as e-mail).

That means the other 88% could easily be intercepted by eavesdroppers using commonly-available tools, compromising both the e-mail and the user's passwords. These user account and password combinations could possibly be used against remote access to corporate networks.

Additionally, 84 out of the 523 users monitored were configured to allow ad hoc networking, and 74 were configured to automatically connect to the access point with the strongest signal strength -- a default mode that could leave a laptop prey to a rogue access point.

And then there was the hacking. Passive eavesdropping is undetectable, but AirDefense picked-up 149 active scans from war driving tools like Netstumbler, 105 denial-of-service attacks, eight probes for known exploits against access points, and thirty-two attempted man-in-the-middle attacks -- three of them successful.

"People were probably having a little fun, but I'm not sure it was all malicious," says AirDefense's Brian Moran. "The real shocking part was how many people attached to their corporate e-mails without any kind of encryption."

Wi-Fi eavesdropping for any purpose is usually frowned upon in legal circles, but AirDefense was a sponsor and the "official security provider" at the conference, and Moran say the company provided attendees with ample notice of the study. "There were huge signs throughout the place saying AirDefense is monitoring all conference traffic."

The findings of this conference are certainly not representative of all corporate rollouts, but it does make many security professionals question the recent progress of such efforts. The following questions and answers are indicative of network administrators and management still grappling with the challenges of securing their Wi-Fi environments, as well as those who question banning Wi-Fi usage all together:

Is unauthorized Internet access by wireless intruders really that much of a concern? If freeloaders don't attack me, why should I care?

There are many people who don't care if they share their cable or DSL Internet with others – people that want to help build a national infrastructure of free public access. But some open LANs are in violation of service agreements stating that residential broadband accounts are for private use only. The subscriber is responsible for any misdeeds launched from their account – for example, a freeloader that sends spam or attacks someone else using your wireless LAN. By the time you hear about the misdeed, the freeloader will be long gone.

What are the odds that something bad will happen and your service provider will crack down on you? They're probably small. But think about it this way – would you leave your door unlocked with a big sign that says "Come on in and use my telephone while I'm not home – we have unlimited minutes"? Leaving your wireless LAN wide open is not all that different.

Many security professionals say that MAC access control lists are weak because MAC addresses can be forged. Is this an expert kind of attack that most of us will never experience?

MAC address spoofing is not difficult. Some PC cards actually let you configure a MAC address right from the client GUI or network properties panel. And there are readily-available shareware tools that let attackers listen for and then spoof someone else's MAC address. For example, AirJack is a tool that spoofs the AP's MAC address to kick all active stations off the LAN. The same script kiddies that use port scanners to bang on DSL and cable modems also use hacker tools to bang on residential wireless LANs, and MAC spoofing is a part of many wireless attacks.

Can companies use the same penetration test tools for both wired and wireless networks? What's different about wireless test tools?

Many of the same port scanners and tools that probe systems for OS and application vulnerabilities are helpful for wireless LAN vulnerability assessment. For example, point them at stations to see if they are vulnerable to peer attack, or point them at APs to find unused services that should be disabled. Wireless LAN scanners do some of these things, but they also conduct other tests that require 802.11 and 802.1X support. For example, they may look for default SSIDs or send probes to see what 802.11 options an AP supports. They may watch WEP frames to detect known weak IVs that make key cracking easier. They may send 802.1X messages to verify that all APs require port access control, auditing compliance with site security policy. A complete vulnerability assessment looks at all layers and components and thus requires a mixture of test tools.

If wireless LANs are so vulnerable to intrusion and attack, should companies ban their use until new standards fix all the security problems?

We believe that banning wireless LANs is both short-sighted and doomed to fail. When properly secured, wireless LANs can reduce the cost of infrastructure, increase network flexibility and speed of deployment, and make workers more efficient and productive. Ignoring these opportunities may not be in the company's best interest. In addition, bans cannot prevent wireless from happening – they only cause wireless to be used without proper supervision and guidance. For example, how do you prevent travelers from using wireless hotspots? How do you stop tele-workers from putting wireless LANs in their homes, then using them to connect to the Internet from company laptops? The answer is that you can't. I believe companies need to deal with this challenge head-on by defining acceptable use policies, documenting best practices and supplying security software to keep these wireless users safe.