We’ve all heard it — perhaps even from our friends, family or
colleagues. ‘You’re being too paranoid,’ they tell us when we explain to
them how we’ve configured our wireless LAN, PDA, firewall or some other
new entry in our gaggle of gadgets.
The thing is, though, paranoia is an unfounded fear of the unknown. We
tell ourselves that ours is not a paranoid fear of the unknown, but a
healthy respect for the known. Right?
Have we gone too far?
Well, let’s explore that a bit.
On the occasions that I’ve been accused of being paranoid because of the
security measures I’ve taken to protect my home office or mobile office
environment, it’s generally been in regards to how I’ve configured a
device or security protocol.
Let’s consider, for example, the fact that I set my 802.11g WLAN up to
use the latest WPA security protocol. Further, I’ve set up an access list
containing only the MAC addresses that I authorize to use my WLAN. Then,
I set up my Linux-based DHCP service to only dish out IP numbers to a
(separately maintained) list of MAC addresses. And I diligently log every
DHCP transaction on my (again, separate) Linux event log server.
Paranoid? I don’t think so, but others tell me that it is.
Draconian? Perhaps. To be sure, it’s a fair amount of extra work for me.
But, as I tell my friends who accuse me of paranoia, I’ve only taken
these measures in response to the myriad of papers, articles and books
that provide details of just how unsecure most wireless LANs are. Let’s
face it, if I were relying on WEP — even in its 128 bit instantiation —
to protect my business’ assets over my WLAN, I would consider myself
negligent.
And there we get to the heart of the matter: namely, my business’ assets.
I use my WLAN to access my home/office network. My business files are on
that same LAN. I made the conscious decision to use all the technology
readily available to protect those assets. After all, it is quite
literally my livelihood that is at risk. Of course it’s worth spending
the extra time to really get every ounce of possible protection from all
of my security devices.
But what about the more typical home and home office user? What about the
user setting up his cable modem and WLAN gear, which only gets used for
Web surfing, emails with friends, and such? Should she be as ”paranoid”
as I am? For that matter, how about other PC and LAN configuration issues
than just WLANs?
Clearly, there is a lot of room for an individual’s judgment call here.
After all, the direct risks to each end user can and do vary quite
radically. I’d still counsel people to consider other issues than just
their own business assets. Your home PC is still a desirable target to
many miscreants in the world. Take, for example, recent trends in
distributed spambots, spyware, phishing attacks, and such. They don’t
target individual end users. They target all end users, which is just one
of the things that makes them so heinous.
So, even if you don’t have your own business, banking information,
retirement account information, or other vital assets at risk on your PC,
I still believe a healthy respect for even the known attacks that we’ve
seen to date is a wise consideration in configuring your systems.
Go ahead and call me paranoid if you’d like. I’ve been called worse.
But, when I’m setting up my latest gizmo, I spend a few extra minutes and
actually read through the owner’s manual to learn all of the capabilities
of each new device. I find out what security capabilities it has, and I
take the time to enable them. In almost every case, they’re not turned on
by default, which, in my opinion, is a horrible mistake that all too many
product vendors make. Blindly plugging that new device in and hoping for
the best is, in my opinion, tantamount to putting a ”kick me” sign on
your front door.
I should add that security is only one benefit of my approach.
In taking the time to study each device’s capabilities before turning it
on, I’ve also often discovered features and such that I was unaware of
before. I like to think it enables me to get the most out of each new
gizmo that I add to my collection.
So, when the police knock on your door because your neighbor’s kid has
been using your WLAN to download copyright-protected files from the net,
we can talk about who was paranoid and who was just taking appropriate
measures to protect his assets.
I wouldn’t leave my WLAN unprotected any sooner than I’d leave my car
unlocked while parked at the airport.