Archive for the ‘Networking’ Category

So, seriously, when are you going to lock up your wireless?

Tuesday, December 28th, 2010

While my travels have shown a greater number of wireless networks are secure, there is still room for improvement.

I read an article recently about a man who had hacked into his neighbor’s wireless and did unspeakable things on that network with the idea that they’d be traced back to the neighbor and not to him.  I had previously blogged about locking up your wireless and how important it is.  This event shows just how much.  My primary reason then and today for locking up your wireless is to keep other people from using your network for purposes you can’t control.  You can read the article to see the kinds of things that can be done, but that’s not the limit.

Peer-to-peer filesharing can also get you in trouble if someone on your network happens to be sharing files for which someone else owns the distribution rights.  It wouldn’t feel right if your internet provider shut off your service because someone else who was using your network shared a popular movie to many others.

What security options are there?  For home users, you have several modes of encryption.  The best of them is WPA2 (WPA stands for Wi-Fi Protected Access).  Next best is WPA (without the ‘2’).  WEP (Wired Equivalent Privacy) is effectively useless as there are tools which can crack the keys used in a matter of minutes.  Basically WEP is only going to stop the person who is looking for an open wireless network.  It’s not going to stop someone who is intentionally trying to get in.

In my previous blog post, I recommended going with the best encryption that all your equipment can handle.  Now I’m going to recommend that you implement WPA and/or WPA2 and plan a way to upgrade anything which can’t handle it.  Plus, you need to have a sufficiently long and complicated enough wireless passphrase to prevent someone from attempting to guess or use some form of brute-force attack (a method where multiple keys are attempted in some logical manner).  It’s even been recommended to not use a common name for your wireless network (SSID) as that is used in combination with the passphrase in the generation of the actual key the equipment uses.

So, please, lock it up!

Lock up that wireless

Thursday, May 15th, 2008

I am a regular listener to the Clark Howard show.  He is a consumer advocate with a daily radio program.  You can listen to him locally on KCMX 880 AM or do as I do and download his podcast through iTunes or directly from his site.

A couple of weeks ago he had a caller who was curious about whether she should drop her Verizon broadband service in favor of this free “Linksys” one that she had access to which appeared to be much faster.  As I gathered from her call, she was using Verizon’s cellular-based broadband service and not DSL or FiOS.  The Linksys network was a neighbor of hers who hadn’t changed any of the settings on the router and just plugged it in.

In my travels, I would say that at least a third of the people who buy a broadband router will never customize any of the settings.  I’ve even noticed similar issues with the DSL or cable modem products which include wireless functionality (although this is beginning to change with the defaults having some form of security included).

One of the reasons why Clark told this caller to not use the free wireless that she could use was that she was at risk of having her user names and passwords to banks and other financial institutions skimmed while on an open network.  In general, this is not true as your bank will have an encrypted browsing session that goes directly between your computer and the bank so that nothing in between can capture that information.  Some reality, though, is that most people use the same user name and password for all sites they log in to and not all of them set up a similar amount of encryption.  It would then be trivial for a bad person to see where you were going and just try to use the credentials from a site which didn’t encrypt to try to get into your bank.

Clark did touch on the idea that using someone else’s open wireless connection without permission is a gray area under the law.  Since I’m a geek and not a lawyer, I’ll echo that sentiment.  However, if you own such an open network, you may be subject to whatever bad things these unknown users may do while using your internet connection.  I’ll go so far as to say that I’m very sure that the biggest risk you have with owning an open wireless connection is not that someone will steal your information as you attempt to use the internet but that the unknown user or users could do almost anything using your connection and your ISP, the police, or some lawyer could come after you as a result.

Whenever I am called to install a wireless network, I will ask three questions so as to lock down the network.  The first is the name of the wireless network.  All wireless networks have what’s called the SSID or Service Set Identifier.  Each wireless network in an area should have a different name, but if you have more than one wireless access point on a single network, they should all have the same name.  So, your wireless network name should be different than what your neighbors may use.  I usually recommend against using anything related to your name or address.  I’ve used words on a poster in the room to names of former pets.  What you name it doesn’t really matter at that point.

The second question is always the password for the network.  This is the encryption and security portion of your wireless.  I will always set the highest level of encryption that all the equipment (your router, computers, and anything else that may connect) will support.  The password will need to be at least eight characters long and should not be the same as anything you may use for anything else.   Why?  What if you have guests over that want to use your network?  Maybe you want to be stingy and not let anyone else in (and I won’t fault you for that).  If you’re more accommodating, you certainly don’t want to give your guests the same keys that would unlock your e-mail and bank accounts.

The third question will be for the password of the router or access point.  It’s okay for this to be the same as others (although I’d recommend keeping all your passwords for every account different, but that’s a different article) since the only time you’d be using it is to change the settings on the router.  How often will you need to do that?  Generally, almost never.  Once set, you’d usually only need to change these if you want to change the passwords or if you changed internet providers.  Another good reason is if you want to restrict which computers can get on the internet at any given time (e.g. your children’s computers).

Care to do it yourself?  By all means.  All of these routers will come with a manual or some easy to use software to get you going.  Otherwise, you can call me, give the answers to the three questions, and I’ll take care of it.