Secure Your Wireless (Wi-Fi) Connection

APCUG's picture

Almost all newer laptop computers as well as tablets, smart phones, video game consoles, and home entertainment systems utilize Wi-Fi as a primary or secondary method of connecting to the internet or some other network. According to published reports from several sources, the majority of home internet users have some form of Wi-Fi in their homes, and Wi-Fi is very commonly used in business, commercial, and academic environments. While the basics of Wi-Fi security apply to almost all Wi-Fi networks, home users have become especially vulnerable because many have never implemented anything more  than the minimum default security settings when installing and setting up the hardware.

The Wi-Fi Alliance (www.wi-fi.org) defines Wi-Fi as any "wireless local area network (WLAN) products that are based on the Institute of Electrical and Electronics Engineers' (IEEE) 802.11 standards."   Wi-Fi is a fancy radio device that sends and receives streams of data through the air, just as any other 2-way radio device. As consumers, we often see the presence of Wi-Fi in terms of its standard designations, such as 802.11b, g, or n (as in 802.11n), each of these terms indicating the speed, bandwidth, and channels available under those industry standard protocols. While new speeds and protocols are always being developed and tested, the fastest and most powerful of the current widely available standards is 802.11n, which is capable of a theoretical speed of 540 Mbps. A portion of the standard provides for downward compatibility, meaning that devices made for one of the newer standards, such as the "n" standard, must also be capable of communicating with lesser devices, such as the "b" and "g" standard devices.

For home use, most of us have some form of Wi-Fi access point, typically either a free standing device directly connected to the internet, integrated with a wired  (Ethernet) router, integrated with some form of modem (common with cable and DSL internet services), or as a combination unit of "all of the above."  In my home I have a major name-brand integrated unit that combines a broadband modem, 4-port router (four Ethernet ports for Ethernet cable connected devices), a USB port to connect a printer or other USB devices to the network, and an 802.11n wireless Wi-Fi with MIMO (Multiple-Input-Multiple-Output  technology) for improved performance. Purchased from one of the big box electronics stores for about $70, my multi-function device replaced the less-capable modem supplied  by my internet service provider (ISP), and offers more features, speed, and security than the one provided by my ISP.

For me, enhanced security was one of the primary reasons for replacing the older technology modem provided to me from my ISP just a few years ago. This older broadband Wi-Fi modem from my ISP incorporated the mid-speed 802.11g wireless access point, with archaic security and encryption capabilities. Being fully cognizant that home (and business) Wi-Fi networks are common targets of hackers and crackers, I wanted to harden my system from attack, and the newer integrated Wi-Fi access point offered far superior protection than did my ISP provided unit.

One of the first requirements of a reasonably secure Wi-Fi network is to implement the best encryption available on that particular device, such that unauthorized individuals who pick up the Wi-Fi signal will only find random garbage, rather than a useful stream of data. Since only Wi-Fi devices with the proper encryption key can exchange readable data, enabling the best type of encryption compatible with both devices (access point and remote device) will help protect the personal Wi-Fi network from intrusion. Unencrypted Wi-Fi leaves the entire network open to attack which can be used to steal personal data, passwords, user names, credit card information, and other information that can be illicitly used for a variety of malevolent purposes, including identity theft. At a minimum, an unencrypted home Wi-Fi network works like a free open network at a coffee house, where anyone can "leach" (steal or otherwise use) your internet access, slowing your connection, as the crooks are using your bandwidth. This "leaching" or theft of internet service may lead to unintended consequences, as it is not unknown for illicit drug dealers,  pedophiles and child pornographers to use an innocent persons unprotected Wi-Fi in order to conduct their evil enterprises; if law enforcement tracks the bad guys, it typically leads to the innocent Wi-Fi owner, rather than the miscreant who purloined the system.

A common game of hackers and crackers is "War Driving" (en.wikipedia.org/wiki/War_driving) where people with Wi-Fi computers and some readily available software drive around an area picking up and recording the locations of all detectable Wi-Fi networks, and posting the locations on a GPS coordinated electronic map. Even Google compiled a massive listing of Wi-Fi networks as its specialized vehicles travelled up and down virtually every street in the country for its Google Maps  "Street View" service, creating a massive firestorm with privacy and security specialists. While Google has graciously removed public access to its "war driving" database, there are a myriad of websites that post the maps and data found by amateur War Drivers, such that anyone can easily locate and tap into an unencrypted Wi-Fi system. Parallel to war driving is war chalking, war walking, war jogging, and war bicycling, which is common in densely developed urban areas. The simplest iteration of these is to use chalk on the side of a building or sidewalk to show the presence of a vulnerable Wi-Fi system, telling anyone on the street about the unfettered broadband internet access, compliments of an often unwilling provider. There is actually a standardized list of chalk symbols indicating the type and availability of Wi-Fi signals, these symbols being available from en.wikipedia.org/wiki/War_chalking.

Virtually all Wi-Fi access points offer some form of encryption. During the initial setup of the Wi-Fi system, the user is often requested to select an encryption method, or else "no encryption" is often the default setting, making the network accessible to anyone within range. The most common forms of encryption for Wi-Fi access points are

WEP, WPA, and WPA-2.  WEP (Wireless Encryption Protocol) is the oldest and least secure of the common encryption methods; while only having slight degradation in performance and speed, it is virtually useless against all except the least sophisticated hackers, with instructions on how to crack and defeat WEP being readily available on the internet. WPA (Wi-Fi Protected Access) is better than WEP in terms of security, but degrades performance a little more than WEP. On most contemporary home Wi-Fi access points, WPA-2 is the best of the commonly available encryption methods, but is slower and requires more computing resources then WPA; except for the most bandwidth intensive uses, the majority of users will not really notice the slightly slower performance of WPA-2.

Another security trick embodied in almost all Wi-Fi access points is the "Hide SSID" setting. SSID means "Service Set Identifier", also called "Network Name". At a minimum, the user should change the network name to some meaningless name that is not readily connected to the particular system. The reason for changing from the factory default name (often the name of the manufacturer, such as "Linksys") to a non-descript name is that there are online directories with default encryption and password settings for unmodified Wi-Fi access points; hackers can easily break into networks that are only using the factory default settings. An even better trick, if available on the Wi-Fi access point, is to totally hide the SSID, meaning that the network name is not openly transmitted, and only those in range who know the network name can connect to it. While not foolproof or totally secure, hiding the SSID is a simple way to make it more difficult for hackers to find your network. If war driving through your neighborhood, hackers may likely miss networks with a hidden SSID, while picking up the other, possibly more vulnerable neighborhood networks.

Another feature that can be enabled to restrict unauthorized access to your home network is  "MAC address filtering"  (Media Access Control). Every device that can connect to the internet has a unique MAC address, usually a series of about six two-digit  alphanumeric characters separated by periods. While MAC addresses can be counterfeited or spoofed, filtering only allows selected devices, as indicated by their individual MAC addresses, to access the network. By entering the authorized MAC addresses into the filter, and enabling the filter, only those approved devices can connect to the network. Likewise, the filter can prevent specific devices from accessing the network.

On my laptop computer and on my smart phone I can see several nearby homes that have Wi-Fi, some of which are not properly encrypted and accessible to anyone within range for any purpose, including illegal or other illicit activities. I cannot easily see networks with a hidden SSID. The unprotected household Wi-Fi networks are so vulnerable, when one neighbor had his home broadband connection out of service, and was waiting for the ISP to come and repair it, he illegitimately used another neighbor's Wi-Fi until his was repaired.  Do you really want someone else using your network without your permission or knowledge?  Secure your Wi-Fi, or face the possible consequences.

by Ira Wilsker

Ira is a member of the Golden Triangle PC Club, an Assoc. Professor at Lamar Institute of Technology, and hosts a weekly radio talk show on computer topics on KLVI News Talk AM560. He also writes a weekly technology column for the Examiner newspaper <www.theexaminer.com>. Ira is also a deputy sheriff who specializes in cybercrime, and has lectured internationally in computer crime and security.

WEBSITES:

http://www.makeuseof.com/tag/7-important-features-wireless-router

http://compnetworking.about.com/od/wirelesssecurity/tp/Wi-Fisecurity.htm

http://wiki.answers.com/Q/How_do_I_change_my_wireless_network%27s_security_settings

http://en.wikipedia.org/wiki/Wi-Fi

http://www.wi-fi.org

http://en.wikipedia.org/wiki/War_chalking

http://www.blackbeltjones.com/warchalking/warchalking0_9.pdf (Pocket War Chalking Card)

http://en.wikipedia.org/wiki/War_driving