Wireless networks are rapidly becoming ubiquitous but are often insecure and leave users responsible for their own security. We empirically study whether users are successfully securing their client computers when using wireless networks. Automated techniques are used that scan users' machines after they associate with a university wireless network. This determines whether a firewall is being used and what TCP ports are open. Results show that over 9% of 3,331 unique computers scanned were not using a properly configured firewall. In addition, almost 9% had at least one TCP port open, with almost 6% having open ports with significant security implications. We also found and discuss cases where connected computers were compromised by Trojan programs such as SubSeven and NetBus. We discuss the generalizability of our results to other potentially insecure wireless networks, and suggestions for further research.
This document was originally published by IEEE in 40th Annual Hawaii International Conference on System Sciences, 2007. Copyright restrictions may apply. DOI: 10.1109/HICSS.2007.589
Chenoweth, Tim; Minch, Robert; and Tabor, Sharon. (2007). "User Security Behavior on Wireless Networks: An Empirical Study". Proceedings of the 40th Hawaii International Conference on System Sciences, 145b - 145b.