Wi-Fi Wise
Wi-Fi delivers high-speed Internet access to your cab or anywhere in a truck stop — no more hunting for a phone jack. But Wi-Fi has one potential drawback for the unwary — security.

Wi-Fi, which stands for wireless fidelity, is a technology that provides high-speed Internet access through a wireless network.

by Bill Hudgins

Less than eight years ago, I well recall a truckstop operator scoffing at the idea of truckers using the Internet.

Spreading at the speed of light

Wireless Internet access is spreading rapidly through the truck stop industry. Flying J was one of the first truck stop chains to offer Wi-Fi, with subscriptions ranging from $1 for 15 minutes to $99.95 for unlimited access for a year.

Petro announced in September it would begin offering Wi-Fi by the end of November at most of its 60 locations through Truckstop.net. Subscriptions will be sold for $29.95 for unlimited access. Rip Griffin Truck Service Centers also has announced it will provide wireless access. Meanwhile, IdleAire has launched its own wireless service.

TravelCenters of America is still evaluating its wireless Internet options and has no firm date for rolling out a system, said Don Wilson, project manager for Wi-Fi.

“Never happen. What would they use it for?” he snorted.

He found out in a hurry. Internet access has become a hot property at truckstops, especially since the advent of a wireless connectivity known as Wi-Fi.

Easier, cheaper and faster to install than Park ‘n’ View’s underground cables (remember them?) or dedicated land lines, Wi-Fi delivers high-speed Internet access to your cab or anywhere in a truckstop — no more hunting for a phone jack. But Wi-Fi has one potential drawback for the unwary — security.

With wireless, you are transmitting and receiving data through the air via radio signals. Anyone in range with readily available equipment may be able to detect and intercept those signals. Often, a wireless-equipped computer running Windows is all they need.

If you haven’t properly safeguarded your laptop, notebook or handheld against “sniffing,” as this form of eavesdropping is called, they may be able to snatch usernames, passwords, credit card numbers, PINs and other sensitive information. They could browse through your files and copy, alter or delete them.

That’s true with a home or office wireless system and also on the road. Estimates vary on how vulnerable wireless systems are. There are numerous Web sites that list unprotected “hot spots” — locations where wireless Internet service is available, both business and residential. It’s become a cybersport called “war driving” to ferret out unprotected hot spots.

On the road
With currently available technology, both sides of an encrypted wireless system must use the same key. So, in order to be accessible to many users, public systems generally are not encrypted. The Wi-Fi industry is working hard to fix this gaping hole in security.
There are some ways around it for business users, such as establishing a virtual private network, or VPN, which encrypts everything. Windows 2000 and Windows XP have built-in VPN capabilities. But what is the average casual laptop-toter with an Earthlink, AOL or other commercial ISP to do to improve security?

  • Set up username-password protection on your computer or handheld. While others on a public system might be able to “see” your computer present on the network, this will help keep them from gaining access to your files.
  • Disable file-sharing capabilities such as Windows sharing, or limit access. For instance, you can create a read-only share that requires no password, a read-only or read-write share that needs a password.
  • Don’t store passwords, user names and other personal information for auto-filling forms on your computer. If you must store them, be sure to encrypt them. These are favorite targets of snoops and hackers.
  • When logging in to e-mail or e-commerce sites, always use a “secure” login, if one is available.
  • Never submit sensitive information over a Web site that does not start with https://. It’s best to avoid transmitting credit card numbers, account information and similar data over public networks altogether. Use a land line connection instead.

To bring attention to the lack of security, a group of wireless security professionals and hobbyists have created an ongoing survey called “The Worldwide War Drive.” Participants drive around cities looking for active hot spots, and check how well they are defended, if at all. The goal is to bring attention to the need for greater vigilance by wireless users.

The results of WWWD3, held June 28 to July 5, 2003, were sobering: Of 88,122 hot spots located, only 32 percent used encrypted transmissions, while almost 68 percent did not. About 28 percent of the sites also used widely known default network name settings (known as SSIDs), while about 25 percent had no encryption or unique SSID. Translation: Lots of vulnerable systems out there.

Allan Ewart is an owner-operator leased to Transit Trailer, and he’s also an old hand with computers. He “sees” a lot of vulnerable computers whenever he lays over in a Flying J or other Wi-Fi friendly truckstop. (See accompanying story.)

“When your system sees a network access point, it will try to associate with it,” Ewart says. “In other words it’ll try to join the network. As soon as it joins, it gets a list of all the other machines that are part of the network, including yours.

“To see them in Windows XP, click on ‘my network places,’ ‘entire network,’ ‘Microsoft network.’ It will show a number of ‘workgroups.’ Click on any of these workgroups to see the individual computer names associated with them. Most XP machines come with a built-in firewall and will give no info to a casual looker,” he says.

Older operating systems such as Windows 98 have no built-in protection. If a firewall is not installed and properly configured by the user, the entire “C” drive is exposed.

“A casual browser is able to download and change anything on your hard drive. Scary thought,” he says.

“All Windows operating systems have some form of network browser built in, and while the procedure varies, the results are the same. There are lots of unprotected machines. On a typical evening at a Flying J, I can see four or five different workgroups with several machines in each. It is a sure bet that at least one or two of them are unprotected by a firewall and leave their entire system exposed,” Ewart says.

Security consists of layers of protection. The more layers, and the more difficult they are to penetrate, the greater the protection against all but the most determined attacks. No system is 100 percent secure against a truly determined onslaught.

Also, current wireless technology has inherent weaknesses the industry is racing to shore up or eliminate in the next generation.

The following recommendations will help you protect yourself while using Wi-Fi at home or in a small office system, and also on the road. Do these as part of setting up your wireless system. Or, if you’re already using wireless, check your manual for the procedure. For a home or office wireless system:

  • Get the best firewall you can afford, and put the wireless access point (the transmitter-receiver) outside the perimeter firewall.
  • Create an encryption “key” for your wireless devices. Known as WEP (Wired Equivalent Privacy), this should make your wireless setup as secure as a land line. It protects transmissions between your computer and your wireless access point by encrypting or scrambling outgoing data and deciphering incoming data from the access point. Use the highest level of encryption available, currently 128-bit. A word of caution: WEP has a number of limitations, and should be only one of several layers of security. The industry is working on a WEP replacement, which should be widely available in another year or so.
  • Change the default factory-set SSID (network name) on your access point. Hackers know these defaults. Make the new SSID unique and hard to guess (NOT the name of your wireless devices), and change it periodically just in case it’s been compromised.
  • Disable the SSID broadcast option. Most wireless devices broadcast the SSID by default, so any wireless-equipped device in range can pick it up, making it easy for a hacker to connect.
  • Change the default factory-set password needed to access wireless devices such as access points and routers. Hackers know these defaults and can use them to access your system and change the settings — locking you out. It’s a good idea to change those passwords regularly, too.
  • Enable MAC address filtering. The MAC address is a unique alphanumeric identity assigned to every networking device. By enabling MAC address filtering, you limit access to only devices with specific MAC addresses.

LL Bill Hudgins is a freelance writer who has covered the trucking industry for 10 years. He can be reached at billhudgins@earthlink.net