Effective WiFi Neighborhood Watch Programs

Monday, July 26, 2010

Christopher Burgess


Does your neighborhood have a “Neighborhood Watch?” These organizations exist in the United States and many other countries, including the United Kingdom and Australia.

Staffed by neighborhood volunteers and interconnected with local law enforcement entities, these organizations operate on a 24x7 schedule, looking out for the interests of their communities.

According to the good folks at USAonWatch, “The Neighborhood Watch is a crime prevention program which stresses education and common sense. It teaches citizens how to help themselves by identifying and reporting suspicious activity in their neighborhoods. In addition, it provides citizens with the opportunity to make their neighborhoods safer and improve the quality of life. Neighborhood Watch groups typically focus on observation and awareness as a means of preventing crime and employ strategies that range from simply promoting social interaction and ‘watching out for each other’ to active patrols by groups of citizens."

In 2008, the U.S. Department of Justice’s Office of Community Oriented Policing Services conducted a study as to the efficacy of these programs and concluded, “Across all eligible studies combined, Neighborhood Watch was associated with a reduction in crime.”

A review of the Wireless Geographic Logging Engine statistics show an increasing use of encryption within the 23.4 million identified wireless networks, over time trending from approximately 30% of wireless networks having encryption in January 2002 improving to approximately 67% in July 2010.

In May 2010, KPMG released the results of their survey of personal and business wireless networks in Mumbai, India.  Of the 28,000 identified wireless networks, nearly 9500 (34%) had little or no protection and could easily have been compromised; with 60% (2900) of those identified as business networks having either no or limited protection.

In my research, I found it interesting that, with the ubiquitous nature of wireless connectivity within our homes and businesses, I was unable to find an example of where a Neighborhood Watch had integrated the identification of insecure wireless access points within their neighborhoods.

I did find a program in Queensland, Australia where local law enforcement were, during normal patrol duties, essentially war-driving. When an unsecured network was discovered, they were informing the citizens of the vulnerable nature of their wireless access point. What a great public service!

I advocate including a wireless scan capability into Neighborhood Watch programs.  Most people who have a wireless access point do nothing more than simply pull it out of the box, and plug it into the wall and their broadband service provider. Neighbors can help neighbors stay safe by letting them know when their wireless access point is in an open or insecure state.

I believe that with awareness to the vulnerability of an open or insecure wireless access point, we create a more secure community and foster the essence of the Neighborhood Watch program, that is, neighbors taking care of neighbors.

It takes but a matter of minutes to secure and lock-down a router with WPA2 encryption (if your router doesn’t support WPA2, it’s time to upgrade). This small, but necessary focus on neighborhood wireless security, will be a great first step in helping your neighbors ensure their subscribed bandwidth (which may be data flow regulated) will not be used by an unauthorized individual; nor can the unauthorized have the ability to monitor, aggregate, and exploit the neighbor’s data stream.

I advocate Neighborhood Watch to “Advise & Inform, Discover & Secure Insecure Wireless Access Points.” What are your thoughts?

Christopher Burgess is a senior security advisor to the chief security officer of Cisco®, where he focuses on intellectual property strategies.

Cross-posted from CSO

Possibly Related Articles:
Security Awareness
Wireless Security Awareness
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.