Critical.
Authoritative.
Strategic.
Subscribe to CIO Magazine »

Home Wi-Fi networks the next target for cyber crime: Layer 10

Increasing proliferation of private networks, access by outside forces a concern for consultant Paul Brooks

Wi-Fi may be the networking method of choice among apartment blocks cropping up in increased numbers in Australia’s major cities, however increased reliance on wireless internet is resulting in more security risks, according to Layer 10 Consulting.

According to Paul Brooks, chief at Layer 10 Consulting - which contributed heavily to key aspects of the National Broadband Network - the density of Wi-Fi networks combined with lax encryption practices poses a major risk of data seepage.

In addition, current wireless security approaches such as WEP (Wired Equivalent Privacy) and Wi-Fi Protected Access (WPA) were in need of updating in favour of the new G.hn standard. This is a standard for high-speed home networking that spans coaxial cable, electrical wiring and phone lines.

"This is going to be the technology of choice for buildings where you can't retro fit with dedicated cabling for networking," he said. "For small businesses and homes, what we need to focus on is encryption and strong quality of service guarantees that won't be interfered with by other technologies.

“In some places with wireless signals you have the issue of leakage to neighbours that people could pick up on and get access to your confidential data."

Brooks said that even if cyber criminals were not trying to gain access to the home users' data it was easy, due to the close proximity of different wireless networks, to unwittingly interfere with wireless signals and cause them to stop working.

"Big organisations have staff to look after internal local area networks (LAN) and encryption technologies," he said. "But if you were a cracker and were looking to get access to people's banking details, it's much easier to tap in to the information at the source in people's homes rather than capture it in transit between the two."

That meant the adoption of high band width technologies was needed.

Besides security concerns, he pointed out that the newer generation of Wi-Fi offerings have short ranges.

"Their maximum range is touted to be in the region of five to nine metres so they are not going to be a solution to the problem.

Those offerings will be great for joining your DVD player to your TV remotely and getting rid of the rat's nest of cabling behind your TV but they are not going to be a solution for blanketing your house with a network that allows devices to interconnect."

He also said that the materials used in apartment blocks, such as concrete, can block Wi-Fi signals.

"For the gigabit wireless signals, a brick wall could completely block the signal [between walls] and reduce it to one room."

Another problem noted by Brooks is consumers would not have control over some aspects of the home network.

For example, digital network TV providers or digital rights holders would want the service provider to set up a fully encrypted end to end channel through to the output of the display device.

"To achieve that in a broadband world means the service provider will need to set up a secure encrypted channel between the broadband modem and the set top box.

You end up with a network. or multiple networks, inside the user's home that the user doesn't control," he said.

According to Brooks, this was like the electricity smart metering concept where the electricity provider wants a link between the consumer's smart meter and NBN connection.

"They want that [link] to be encrypted with a password. However, they want this set up in a way that the end user can't view the signals and can't block the signals [from the smart meter],"

While Wi-Fi security needed to grow in importance, he said Web browsing had become safer as protection was in place. "You're covered if the devices and applications that people are using involve end to end encryption and we see that with Internet banking all the time. Web browsing is protected through the security socket layer (SSL). Then you only need to worry about distributed denial of service (DDoS) attacks and if someone stops the communication from happening."

Brooks is scheduled to present at the upcoming security conference AusCERTin May.

IDG Communications is an official media partner for AusCERT 2011.

Follow Hamish Barwick on Twitter: @HamishBarwick

Follow Computerworld Australia on Twitter: @ComputerworldAU

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

More about: CERT, f2, IDG, IDG Communications, IDG Communications, IDG Communications, LAN
References show all

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the CIO comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: AusCERT 2011, cyber crime, layer 10, NBN, spectrum, Wi-Fi networks
Latest Blog Posts
Whitepapers
  • Maximise Software Cost Savings by License Reharvesting, Recycling & Applying Product Use Rights
    Software asset management (SAM) is a complex process that enables organisations to gain control of their software estate from both a license compliance and financial standpoint. In many organisations, SAM represents one of the few remaining ways that substantial IT savings can be realised. McKinsey and Sand-Hill Group estimate that 30% or more of IT budgets are consumed by software license and maintenance costs. By optimising the SAM process, organisations can maximise software utilisation, reduce the risk of non-compliance (audits, fees, penalties), and reduce overall IT costs by as much as 5 to 10% per year. Read on.
    Learn more »
  • Fixing Your Dropbox Problem - How the Right Data Protection Strategy Can Help
    It’s estimated that more than 50 million people have used public cloud storage services such as Dropbox to share and exchange files. Public cloud services are so easy to use that their openness can undermine existing IT policies regarding the transmission of confidential data. With data volumes threatening to overwhelm onsite storage, IT managers are looking to find a solution that’s affordable and secure. This paper details a simple three-step approach to helping users manage access to the public cloud without placing your data or your business at risk. Read on.
    Learn more »
  • Disciplined Agile Delivery: An Introduction
    This evaluation guide is designed to help you choose the best tool to support your current Agile projects, while protecting your investment as your team, needs and agile maturity grow.
    Learn more »
All whitepapers
rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.
Recent comments