Ten years ago, a virus had you bed-ridden and worms were for the birds. Today, anyone with a computer comes into contact with both on a daily basis.
Preventing the intrusion of worms and viruses has become a way of life (and relatively easy to do, if you have the proper software), but the issue of security becomes a little more complex when applied to a home network. Having your computer files deleted or messed with is one thing; being “digitally burgled” is quite another.
“When you think of security in terms of a home network, where data is passing in, through, and out of the house, the point of weakness is at the router gateway, where the house makes the connection to the outside world,” said Gordon van Zuiden, president of cyberManor (www.cybermanor.com), a networking company based in Los Gatos, California. “There are more and more of these wireless access points because they have become popular; with these, you introduce the ability for someone to be on your network and not be in your house because of the wireless range issue. That security issue opens you to theft, viruses and the ability for people to take advantage of your open e-mail system and attach files that do nasty things to your system.”
The protocols themselves are vulnerable, too, according to Bill Rose, president of WJR Consulting (860.313.8098) in West Hartford, Connecticut, which services companies that develop home networking technologies. “Wi-Fi is very easily hacked; if one has any desire and a bit of knowledge they can get through it. There is that vulnerability if you are wireless,” he said. “With Ethernet you are hard-wired, so you cannot really be hacked unless it is coming through the Internet. There, your security is only as good as your firewall.”
Security is something that needs to be factored in, acknowledged Frank Hanzlik, managing director of the Wi-Fi Alliance (www.wi-fi-org), which recently announced the IEEE 802.11g certification of the first round of products. “The people who are installing wireless networks need to really understand how to install these solutions successfully.” Hanzlik pointed to the Wi-Fi Alliance as a resource for companies that install these systems.
While those implementing home networking systems may be doing everything they can to ensure that networks are secure, these parties have little control once they bid their client farewell. Today’s security measures often make it difficult for users to perform simple tasks; homeowners with little patience for fiddling with finicky technology may just as soon operate their systems with the security features disabled.
“When we tighten up security–whether through logins, passwords, encryption keys, or firewalls–it comes at a cost,” van Zuiden noted. “The cost is one of typically poor or slower performance that prevents the user from doing something. You can install many of these systems, but most of the time they end up being a deterrent to the homeowner who wants to do something but can’t because they forgot a password, can’t do wireless encryption, or something like that.”
Rose has experienced this first-hand in attempting to configure his system – complete with security functions – to enable his son to play video games over the Internet. “It’s quite a bit of work to figure out which port to open in order to allow that to happen. The interfaces have to be much more friendly. If the standards were in place, the game should tell the user how to open the port instead of sending them off to a Web site that tells them to open port 2,110,” he said.
“There is a lot of talk out there in the industry and in the press about how 128-bit encryption is not secure, and that a sophisticated user can hack through it,” said Gary Hansen, senior product manager of networking products at Belkin Components (www.belkin.com) in Compton, California. “I don’t think that’s really the problem; I think most people don’t even have encryption on, and I am sure the reason is because it’s too complicated.”
Security-conscious installation and networking firms can look to the corporate sector for guidance, van Zuiden acknowledged. “You have to look at what is happening there to understand what the Information Technology (IT) people are doing to mitigate those risks,” he said. “The corporate networks require constant updates and the supervision of an IT department, which is not very easy to do at the residential level.”
In an era of flex-time and tele-commuting, however, corporate IT departments are increasingly concerned with residential networking technology; if a high-ranking executive who periodically works from home has the security features on their home network disabled, their entire company–including classified information–is vulnerable to hackers.
“One of the biggest issues that IT departments are facing is how they can plug up these holes, because they are popping up as these networks proliferate,” van Zuiden said.
Which can lead to legal problems. In commercial contracting, companies that implement life safety systems carry adequate insurance as a safeguard in the event of a system failure and a subsequent lawsuit delivered by client. It’s still unclear as to whether custom installation and home networking companies will be forced to take similar measures.
“I haven’t heard of any lawsuits, but I certainly see the potential for them,” Rose said. “If I was an installer, I would certainly to my best to make certain that the tools were there for the consumer, and that I demonstrated them. But you do have to turn the system over to the customer; once you leave the house, everything is re-configurable. Liability, then, needs to be limited.”
The good news, according to van Zuiden, is that most hackers aren’t interested in breaking into a home network…yet. “We have done hundreds and hundreds of networks, and not once has someone complained to us about an intruder doing something they shouldn’t be doing,” he said. “These cases are pretty rare.”
Carolyn Heinze ([email protected]) works from her office in Vancouver, Canada.