Examples of Threats:
-
Passers-by getting free Internet access
-
Hackers getting access to your computer files
-
Hackers "listening" for passwords and other private information
Our Tips:
-
Turn off SSID broadcast.
-
Use WEP or WPA encryption.
-
Change the default password on your router.
-
Turn off the ad-hoc networking function.
-
Make sure your NIC does not unintentionally roam to someone else's wireless router.
It is pretty likely that you are currently (or will soon be) using a wireless networking device in your home. Wireless is great for all the flexibility it affords when it comes to setting up a home network, and it is cool when you want to surf the web or check e-mail when you are on the deck, or couch… or toilet (like you've never done it).
Wireless is affordable, flexible, and easy to install, and in general we highly recommend it. The problem is that to make it easy to install the manufacturers turn off most if not all the security features so that it connects easily out of the box. In fairness, most of the manufacturers we have looked at do have quick-start guides that show how to enable security, but as we demonstrate in this chapter many people just don't bother. This could be an expensive mistake if you consider what it costs to repair your credit history.
Why Should I Care About Wireless Network Security?
Access to a wired network is easy to control because people have to be physically inside your house to plug a computer into the router. With a wireless network, people just have to be in the proximity of your house. Physical barriers such as windows and doors do not control access in this case, so we have to take other steps to block intruders.
The security issue with a wireless network stems from the fact that the signal is omnidirectional. Unlike a wired network, where signals are fairly well contained, the wireless signal goes everywhere in all directions (including up and down for those of you in multistory buildings) for 300 feet or more. Anyone who wants to gain access to your signal need only put a receiver (a computer with a wireless card) inside the signal range.
Very Important
Why would someone want to access your wireless network? Well, there are lots of reasons. One of your neighbors could "leech" onto your network just to receive free Internet access. Although irritating, this is not all that harmful in itself, if all they are doing is browsing the Internet on your dollar. However, "war drivers" (people who drive around looking for unsecured wireless connections) or professional hackers could use the access to obtain your personal information. For example, eavesdropping while you are conducting an online purchase could expose your credit card information. They could also access the computers on your network.
One of the most unusual illicit uses of unsecured home wireless networks also offers perhaps the strongest reason yet to secure your wireless network. Recently, several instances have surfaced in which people conducting illegal activities used unsecured home networks for the anonymity that they can provide. One fellow parked in a neighborhood, easily gained access to an unprotected home wireless network and downloaded huge amounts of illegal child pornography. He was caught and arrested, but because of a traffic violation, not the downloading. (The police noticed the pictures on the computer after they pulled him over.) If someone commits illegal activity in this manner, it can easily be traced to your broadband subscription, and you could end up having to explain to the authorities (and your family) that it was not you or other family members conducting the illegal activity.
We are always amazed when we drive through a neighborhood and check how people have deployed their wireless networks. On one drive recently, we easily found 114 wireless routers, only 45 (roughly 40 percent) of which were protected in any fashion. From such a scan, potential intruders can easily obtain a survey of the available wireless networks, their service set identifiers (SSIDs), channel numbers, and most important, which networks have been secured and which have been left wide open (roughly 60 percent).
What Do I Do About Wireless Security?
You can take three really simple steps to dramatically increase the security of your wireless network. It is not foolproof wireless security, but it will keep you from being an easy target and it will keep most of the riff raff out.
There are plenty of easy targets out there, so all you need to worry about in most cases is the curious neighbor or someone specifically looking to access a network with no protection at all. The steps in this chapter will not keep out a really serious hacker; if you have reason to worry about a hacker specifically targeting you (as opposed to someone hacking at random), however, you can hire a security specialist, or better yet, just do not use wireless. For the vast majority of you, though, read on.
So what are the four things you need to do?
-
Change your router's password.
-
Do not advertise your network (turn off SSID broadcast).
-
Scramble (encrypt) your wireless signal (use WEP or WPA).
-
Do not use ad-hoc networking.
Before we get into the "How to Do It" section, let's take a closer look at the "what" and "why" of wireless network security. Do not worry if this seems a bit complicated; it really is not. The "How to Do It: Securing Your Wireless Network" section walks you through the setup so that these basic security features can be turned on in a fairly painless way. Trust us here: It is a far worse pain to have people get on and take advantage of your network than to implement these steps.
Change Your Password
Pretty much every router on the planet comes with a default password of admin. If you don't change this immediately upon turning on and connecting to your router, you are asking for trouble. You need to open the screen where the password gets changed anyway, so do yourself a favor.
Do Not Advertise Your Wireless Network
Every wireless router is given a name that allows clients (wireless-enabled computers) to find and associate to it. This name is called the service set identifier, or SSID. The first thing you can do to greatly improve the security of your wireless network is not to broadcast the SSID.
Most wireless routers have the broadcast SSID setting turned on when you take them out of the box. This feature announces the name of your network to every wireless-capable computer within range. Although this makes it easy for you to connect to your network, it makes it easy for the rest of the neighborhood, too. Turn this feature off (we show you how later in the section "Stop Advertising Your Wireless Network"). In addition, remember that knowing the name of a network (even if the broadcast function is turned off) gives you the power to get on that network, so you should choose a random SSID name. The same rules that apply to any password apply here, too.
Any SSID that is easy for you to remember is probably easy to figure out, so avoid SSIDs that include your name, the word home, the word network, or anything related to your name-homewireless-network. We suggest that you rename the SSID to something personal (but not easily guessed), or use a random combination of numbers and upper- and lowercase letters. Do not worry about having to memorize this; you can just write it down and keep in a drawer or a folder where you can access it later if you need it. Remember, however, that these steps only keep out the nosy neighbors and provide your router with some level of anonymity, but this step does not by itself protect your network.
Disable Ad-Hoc Networking
Your wireless-enabled computer has two basic modes of communication: infrastructure and ad-hoc networking. In infrastructure mode, all the computers on the network must communicate through the router. So whether you are talking to the Internet or with another computer on the local network, all your communication traffic goes through the router. This is what most people are and should be doing.
In ad-hoc mode, computers can communicate directly with each other without going through a router or any other device. This is great if, for example, you want to share a file with someone quickly. The bad thing is that if you have this mode enabled, those who know what they are doing can get access to all your files, possibly without you even noticing it. To avoid this, we strongly recommend that you disable this function. If you find yourself in a situation where you need to use this feature (such as visiting a friend's home that only has an ad-hoc network), turn it on for the duration of use and then immediately disable it.