Gopinath Kn (India) - Indian Wireless Security Posture: The Good, Bad & Ugly

Wireless has already made its presence felt in major Indian metros, enterprises, educational institutions, homes and even, government. Increased productivity, unlicensed band and the relatively low-cost are the key enabling factors for wireless proliferation. But, hey, wait a minute - what about wireless security? Wi-Fi signals can spill outside into streets and parking lots and hence, can potentially be used for unauthorized communication. I would like to draw your attention to an incident related to the inhuman terror attacks (2008) on India. People claiming to be from one of the terror outfits advertised their terror act using insecure Wi-Fi infrastructure of a university. As you can expect, it was not possible to trace the actual people that sent the mail, but, the innocent university came under some bad press.

So, is Wi-Fi proliferation increasing the security risk to the Indian digital nervous system in general? To answer this question, I would like to share my experiences from a survey that we conducted at AirTight Networks. Figure 1 represents results from an over-the-air scan performed in Y09 in 3 major Indian cities - Mumbai, Pune & Bengaluru. The scan covered areas with high-tech establishments, high-end hotels/cafes and residential locations. Based on the results, the good news is that there are certain APs with strong cryptographic security configuration - WPA/WPA2. However, the bad news is that a large portion of the deployments (e.g., 82% in Mumbai) support completely insecure configurations such as WEP and "Open". An attacker can easily connect to such APs or can potentially capture sensitive information by sniffing its traffic.

What are the key challenges involved in improving the wireless security posture in India?

Apart from the technology issues related to wireless security, India faces certain other demographical challenges as well in combating wireless threats. I will highlight some of these challenges below. I would love to hear if you disagree or think that some of these are also applicable to your geography.

Social The foremost challenge is to create awareness on wireless security. With Wi-Fi being deployed almost anywhere, a diverse set of people are involved in maintaining these networks. They range from enterprise IT staff to college/school admins to home users. A common instrument/medium to educate these users about security is missing. Further, given the large population and demographic diversity of India, it is very hard to quickly create such a common educational forum across the nation. However, Indian police and federal government are taking some good initiatives in this direction - e.g., creating a public awareness program, asking the ISPs to tighten the security in Wi-Fi hotspots**.

Legal Suppose India bans the use of Wi-Fi in certain sensitive government and defense areas, will this work? I am not sure if such a ban would work in any country for that matter, but, the chances of that working in India is miniscule. Due to various reasons, India is still catching up with some other developed countries in enforcing strict laws. Hence, without proper systemic changes, community education "thou shall not use Wi-Fi" will not work. Further, you should note that wireless scanning tools (e.g., wireless Intrusion Prevention System (WIPS)) are required to monitor and enforce such bans.

Economical I am sure you agree that financial constraints exist in any country/organization in today's economy. However, at a national level, it is important to note that IT security is not the only item that the Indian government has to worry about. More often than not, I have seen that IT security takes a back seat compared to other higher priority items. Hence, the budget allocated for IT security may turn out to be insufficient for procuring state-of-the-art wireless security systems. The government has to plan for such systems and release more budget to improve the overall state of wireless security in the country.


* Khalsa college terror email http://www.expressindia.com/latest-news/Latest-terror-email-sent-from-WiFi-at-Khalsa-College/352813/

** http://www.networkworld.com/news/2008/091708-india-wants-to-secure-wi-fi.html


Gopinath KN is Director of Engineering at AirTight Networks, India


« Harry Hare (Kenya) - Mobile Applications Development


Christopher L. Olsen (US) - The Who, What, Where, When and How of Data Governance »


Do you think your smartphone is making you a workaholic?