Protect Your Wireless Network

Too many WiFi setups are left unsecure, an invitation for illegal activity on your network.

Drive through a few neighborhoods in your area with a WiFi-enabled laptop or PDA and one thing will become quite clear:  there are a lot of wireless networks out there. But take a closer look at those networks and a more disconcerting trend will become obvious: people don’t know how to – or just choose not to – secure their wireless networks.

A recent Associated Press article detailed an 800-mile drive in the San Jose, Calif. area in which over 3,600 wireless access points were detected. According to the article, nearly 40 percent of those networks were completely wide-open. “Wardriving”, as it’s called, is a popular hobby with several Websites devoted to the subject. But while most wardrivers do it for amusement, unchecked access to a wireless network can cause quite a bit of damage. CNN even ran a recent report about “warflying” – flying over populated areas to detect wireless hotspots. In the report, they detailed a warflying trip in which over 3,000 wireless networks were detected and over 67 percent of the networks did not have any encryption enabled.

Security is Your Business

The footprint of an 802.11 wireless network can usually extend beyond a residential home or small business and into a street or neighboring property. Because of this, neighbors or someone out on the street can easily detect and access WiFi networks. With access to an unencrypted network, someone could easily utilize it for malicious or illegal activity.

If you share folders across your network, someone accessing that network can have access to all of your documents. This means pictures, work documents, personal information, financial documents, Web browser cookies and anything else you may have on your computer. And they can’t just view the information; they can save it on their own computer. Even without actively sharing folders on your network, there are ways into your private information.

Malicious acts can be just as troublesome as someone accessing your data. If your wireless router password is left as the factory default or you changed it to something easy to guess, someone can set up your network as they wish. This could mean completely locking you out of your network and the Internet. And if your router logs network activity, they can view logs of all of the Websites you have visited.

But beyond these privacy issues, someone with anonymous access to a wireless network can use it for much more menacing, and even illegal, activities. A wardriver could use your unprotected wireless network to surf the Web and go anywhere they wish on the Internet, without the fear of someone finding out who they are. This could mean posting incendiary remarks in Web forums or even writing threatening remarks about government officials or public figures. They could also send 1,000’s of spam messages from your network, share copyrighted music or movies, send out computer viruses, or even worse, upload illegal content to the Web such as child pornography – all from your public IP address. If this happens, the culprit is usually anonymous and all activity can be traced back to you.

Securing Your Network

What’s most disheartening to security experts is that enabling wireless security is incredibly easy. All 802.11b or 802.11g routers on the market today offer security options. Most, if not all, manufacturers explain how to enable security and some, like D-Link, go as far as providing a setup wizard that includes security options when you first access the router.

There are several ways to secure your wireless network all of which can be done together to prevent unauthorized network access:

1. Turn off broadcasting of your SSID. The “Service Set Identifier,” or SSID, is a broadcast message notifying every device within range of your network’s presence. All wireless routers have the option to turn off broadcasting your SSID. This is by far the easiest way to prevent drive-by crackers from accessing your network. While your data is still not encrypted, most wardrivers won’t know that you have a network and as a result, won’t try to access it. Some computers or wireless cards have problems connecting to wireless networks that don’t broadcast the SSID so there is a small possibility that this may not work for everyone.
2. Change the default settings of your router’s Web-based administration. While changing your admin login won’t stop anyone from intercepting your wireless traffic, it will prevent them from changing your settings. Most wireless routers allow you to change your admin name and password. While you’re at it, change the name of the SSID. If someone detects your SSID as being named “Linksys,” they can assume that your default username is “admin” and your default password is “admin” because that is the way Linksys networks are setup at the factory. If anything, changing your default setup will show a wardriver that you at least know something about setting up a wireless network.
3. Enable WEP or WPA encryption. WEP (Wireless Equivalent Privacy) or WPA (Wireless Protected Access) are ways of forcing users to enter a password, which is encrypted, before they can access a wireless network. WEP is the most common and for determined crackers, has been proven to be “hackable”. But, the time and energy it takes for someone to break into a WEP protected network will discourage most threats. WPA is so far uncrackable and is offered on most newer WiFi devices.
4. Allow access based on MAC address. A MAC address (Machine Access Code) is a unique number that every network-enabled device can be identified by. Most wireless routers will allow you to set up access based on MAC addresses, allowing access to only those computers or devices which you have entered into the table. This can be more time-consuming but will certainly prevent all but the most well-equipped crackers from accessing your network.  

Part of the problem of unsecured wireless networks can be traced back to the manufacturers. Most retail WiFi products are shipped with all security options turned off by default. Since they work fine out of the box, many users may not feel a need to look more into the setup options. However, all such devices come with pretty good instructions and there is no excuse for not reading the product manual.

An unencrypted wireless network is not just a security risk to the owner of the network, but potentially to everyone else on the Internet. Once someone has anonymous access to a wireless network, they can do whatever they want on the Web with total anonymity. Do yourself and your fellow Net citizens a favor and take the steps to secure your network.