Music retailer HMV will go live with wireless networks in all its UK stores in the new year. The network will support mobile point of sale systems and product scanning devices.
The 802.11b wireless networks will be used in 150 stores, connecting between three and 65 tills in each. Derek Walklate, HMV group systems audit manager, said two or three access points were required for each store.
In the course of setting up the network, HMV discovered that neighbouring businesses' unsecured wireless networks were visible when carrying out testing on its premises.
Walklate said, "We were using AirMagnet software to test the network to ensure that the third-party network provider had implemented it correctly. We discovered that, in some cases, three or four large retailers were broadcasting SSIDs and network traffic without encryption into our shops."
HMV's networks will be bolstered by standard security measures to deter intruders but initially they will not have high-level security.
Walklate said, "We are using mainly standard security - SSIDs are disabled and we have 128-bit WEP. It could be better and plans are in place to move from that but we have not decided to what."
SSIDs (service set identifiers) are the unique codes that allow devices to access specific wireless Lans. Ensuring that these codes are not being broadcast through a default setting is a basic security measure that should be taken by anyone operating a wireless network. However, even if they are not being broadcast, SSIDs can be sniffed out by a cracker with the right kit.
WEP (Wired Equivalent Privacy) is relatively easy to crack by someone with the means of sniffing transmissions and discovering patterns in the encryption key because the standard contains repetitions that are more predictable than they ought to be.
Analysts recommend that these basic measures are fortified with the use of virtual private network technology, which creates a secure "tunnel" through public networks such as the internet.
Walklate said the greatest challenge in setting up such a network involved checking signal strengths and locating access points correctly. "It is a science getting it right and very time-consuming. Using testing tools in conjunction with a floor plan you can measure the signal and adjust the position of access points," he said.
Wireless security basics
- Turn on default security settings. They are not perfect but they will delay an attacker
- WEP is relatively easy to crack but will delay an intruder
- Do not broadcast SSIDs, the codes allowing devices to access wireless Lans
- Turn on Mac address filtering. This regulates which physical devices can access the wireless Lan. It is another basic measure that can be taken to slow an intruder, though a skillful cracker can discover Mac addresses and spoof them
- Beyond these basic measures a virtual private network is the only surefire way of securing a wireless infrastructure.
Source: Iain Stevenson, Ovum