By David Black, President & CEO, Insource Technology Corporation

Over the last decade, engineers have made great strides forward in securing wireless local area networks.

At the same time the Armies of the Night – hackers and other assorted saboteurs now under the direction of organized crime – have been diligently working to undo the progress.
And they're getting smarter – and more ambitious.

In the 1930's, a newspaper reporter asked John Dillinger why he kept robbing banks. "Because that's where the money is," he replied. And today's outlaws have made a similar observation – there is easy money to be found in computers and corporate networks. To understand the seriousness of today's threat against corporate networks and end-user PCs, all you need to do is research one topic – Botnets.

In short, a Botnet is an army of infected PCs that is under the secret control of its owner, the Bot Herder. Bot Herders rent their Botnets to organized crime units that employ other players who utilize the Botnets to carry out various activities including spam, phishing attacks, data and identity theft, denial of service shakedowns, money laundering and other nefarious activities.

For organized crime, this is big business – and worthy of big investments. In fact, the days when hacking was done for fame are long gone – now it is done for fortune. Hacking has become the equivalent of digital cocaine – it’s organized, compartmentalized, and far more sophisticated than most IT professionals suspect. Most criminals who hack join "crews" that are managed by overseas organized crime units. Within these crews, "hackers" are paid to discover vulnerabilities in operating systems and Web browsers; "coders" are paid to write code that exploits newly discovered vulnerabilities; "crackers" are paid to infect PCs of unsuspecting end-users so that they unknowingly join a Botnet; "launchers" are paid to launch attacks; "miners" are paid for data extraction services; and finally, "washers" are paid to launder the resulting e-gold. The crime unit keeps the crew members compartmentalized so that either defections or discovery by law enforcement doesn't bring down the entire operation.

Now, most companies spend a lot of money to protect their infrastructure from attacks that originate over the Internet by employing firewalls, VPNs, gateway anti-virus and anti-spyware systems – all of which are focused on the point where the Internet connects to the corporate network, and all of which are aimed at stopping traditional methods of Botnet infection such as Trojan bearing email attachments, malicious Web sites, "free" software programs that appear to serve some legitimate purpose, and "missing codecs" needed to play a movie that an end-user has downloaded. But far too often, these same companies do little to protect themselves against attacks on their wireless networks or wireless equipped notebooks and PDAs.

Whether you have a wireless network or not, it is time to rethink how you secure your networks and wireless enabled devices to prevent attacks and misuse that can expose critical assets and confidential data. The bad guys have figured out that wire-side attacks require work to side-step the formidable shield that most larger companies erect – and that wireless networks and devices often provide an unprotected, unmonitored, and easily penetrated backdoor into the enterprise.

Wireless networks and devices are vulnerable in several ways – "misconfigured (or hacked) access points" that allow an attacker to connect directly to the corporate network at will; "misassociations" where wireless equipped notebooks can be duped into associating with a hostile access point; "ad hoc connections" where notebooks silently connect directly to the attacker's PC; and the biggest of all – "rogue access points" which are usually set up by well-meaning (but uninformed) employees who want to provide network access for visiting customers, contractors, or guests. Any of these can provide a direct path not only to the targeted PC, but to the entire corporate network – especially if the cracker is using custom developed exploit software produced by a coder. Unfortunately, many small and medium size companies don't have the same level of security systems found in larger organizations. For them, the cracker doesn't need to purchase an exploit – he can do it for free using the right combination of over 300 free hacking tools that are readily available to anyone with an internet connection: "Evil Twin" attack tools such as Hotspotter, KARMA, and Airsnarf; sniffers and/or encryption crackers such as coWPAtty, ASLEAP, Kismet, and AirCrack; and powerful automated exploit developers such as Metasploit.

Given all of these threats, the question is: can wireless networks be just as secure as their wired counterparts? The answer is a cautious “yes,” but it depends on your budget, your particular wireless implementation, and your ongoing vigilance. There are several options available today at just about every price point for wireless intrusion detection and prevention systems and comprehensive endpoint protection utilities. Spend some time and become familiar with the options, and pick something that makes sense for your organization. And lastly, ask yourself if you are doing enough to educate your end-users about today's threats.

Here's a simple test: How many of your end-users understand that they should never open suspicious email attachments? Likely, your answer was "most or all." Now, how many of your end-users wouldn't think twice about connecting to a wireless network called "free-internet" at an airport or some other public place? Unfortunately, your answer was probably "most or all." And that's the point – "free-internet" is one of today's most devious honeypot attacks used by crackers who are anxious to welcome your end-user to a Botnet and to make an easy $10 – the going rate for a Botnet sting.

Wireless networking can be made secure. But the challenge is to stay ahead of the enemy. And know that the war will never be over because the Armies of the Night are out there and the next battle has already begun.