Is City WiFi Secure?
From Seattle to Atlanta to London, major cities are striving to blanket metropolitan areas with public WiFi systems, stirring economic development, enhancing education, and potentially eliminating the digital divide. Interest in city WiFi systems is rising rapidly. According to MuniWireless.com, a leading portal on the subject, spending on city WiFi networks will reach US$1.8 billion in 2009, up from US$235 million this year.
Eager adopters include Rhode Island, which is rolling out a statewide wireless broadband network for emergency services employees, according to Charles Hewitt, CIO for the City of Providence, Rhode Island. Similarly, Aurora, Illinois, is rolling out a WiFi network to attract new businesses to its downtown area, according to Tony Hylton, IT consultant to the mayor of Aurora. The WiFi network will also serve the city's employees, eliminating US$10,000 a month in 3G wireless network fees.
The municipal WiFi boom introduces new IT security risks to mobile users. Already, an open-source project known as Metasploit has been upgraded to include code designed to attack 802.11 WiFi systems. "We had a lot of residents express concerns when we announced our WiFi strategy," recalls Hylton. "You've got to take the same precautions by installing antivirus, antispyware, and antimalware software on your systems."
Opinions differ about how secure city WiFi systems will become. Some municipalities are limiting access to their networks. Rhode Island's network will serve only state employees who work within emergency services. Other municipalities are designing mixed-use WiFi networks for city applications and residential Internet access.
Integrators recommend a range of security standards to safeguard public broadband networks. "The level of security will depend greatly on the applications you deploy," says Dennis Holmes, director of wireless services at Outsource Inc., a solutions provider based in Orlando, Florida, that has deployed public broadband networks across the southeastern United States.
Many cities are using Advanced Encryption Standard (AES) to safeguard network backhauls, VPN client software on mobile data terminals, and WiFi Protected Access to project mobile connections, Holmes says. A newer security standard, dubbed WPA2, has proven too complex for many cities to adopt at this time, however, he says.
"As with all public networks (DSL, cable, dial-up, and wireless), it's the users' responsibility to protect their devices with add-on software," says Jonathan Baltuch, founding partner of MRI, a consulting firm in Atlanta, Georgia, that specializes in municipal wireless projects.
Baltuch says WiFi network operators such as an Internet service provider or the city itself must provide information about, and access to, downloadable security software that protects WiFi clients and their users. "The municipal wireless networks that we have worked on for the public side are basically open," he concedes. "The only security in place between the client and the node is the blocking of peer-to-peer access. The traffic between nodes, gateways, etc., is fully secured."
Municipal networks also frequently support private-side systems, which run applications for public safety, fire, police, and other city services. "The private sides of the networks are fully secured or have varying degrees of security as dictated by the needs and legal requirements of the users," Baltuch says.
Those who link to city WiFi networks should take precautions. While some advocates promote encryption as a silver bullet for WiFi security, Baltuch says that's not a solution for most city WiFi networks. "In order for the municipal networks on the public side to remain accessible and effective, they cannot carry heavy encryption," he asserts.
What's the best security measure of all? "Ongoing diligence," Baltuch quips.
Joseph C. Panettieri has written for InformationWeek, eWeek, and CFO magazine. He now blogs daily at www.techiqmag.com.
Cart
PRINT THIS PAGE
