Securing Your Wireless Network

April 22, 2012 by  

There’s been a lot of talk lately about the use of wireless networks and how much security do you need to protect yourself and your computing equipment.

The emergence of wireless network standards has untethered computer users from fixed locations, permitting laptop users to use their devices pretty much anywhere in their home, office, or their favorite restaurant or bookstore. The addition of the various iDevices (iPhone, iPad, etc.) into the mix has further untethered users and provided the freedom to move around, yet stay in touch and remain engaged in their regular pursuits.

There are several different types of wireless networks out there—each with unique strengths and weaknesses.

First, there are the wireless services provided by the cellular telephone carriers, in particular the 3G and upcoming 4G services. These offer relatively good performance, and their underlying technology includes built-in encryption from the wireless device to the point where the wireless network marries up to the wired network. These encryption standards are fairly good, and would require expensive technology to crack those networks. It’s hard enough that bad guys are less likely to try to crack 3G or 4G services unless a specific individual was being targeted, and it would really have to be worth the effort. It’s actually more likely that bad guys will exploit security flaws in the wireless devices themselves in an effort to get credit card numbers, passwords, and other such information. Apple is not alone in putting out updates to the iDevices to make them more secure. Virtually all the phone manufacturers have had to deal with this issue. Some would say phone manufacturers haven’t done nearly enough—something to discuss in a future article.

Second, is the constantly evolving set of standards known as Wi-Fi (IEEE 802.11a/b/g/n). Wi-Fi devices have been around in quantity since the early-2000s, and have found their way into homes, offices, and commercial establishments (airports, restaurants, bookstores, etc.). Improved software has made installation and setup ridiculously easy, and with improved standards, speeds approaching those of wired networks are now possible. That’s the positive aspect.

The negative aspect is security, and it’s entirely up to the owner of each wireless network to properly secure it. Unfortunately, many people who have a Wi-Fi network running in their home do not secure it in any way. We’ll come back to that in a moment.

There are three security standards that can be set up for Wi-Fi networks: WEP, WPA, and WPA2.

WEP (Wired Equivalent Protocol): This obsolete standard was part of the original 802.11 protocol. Unfortunately, while it’s easy to configure, it’s even easier to crack. With WEP cracking software freely available on the Internet, bad guys can break into a WEP network in a matter of minutes. Once they have access to your network, it’s a short trip to using your connection to surreptitiously access the Internet and run a drug business, trade in illicit pornography, and any number of illegal activities. Bottom line is that this security standard is worse than no security at all, only because it gives you a false sense of security thinking, “I’ve got a password. I’m safe.” Nothing could be further from the truth. Never, ever use this security standard. Why it is still provided on new wireless routers is beyond me.

WPA/WPA2 (Wi-Fi Protected Access, first and second generation): WPA, or actually, WPA2 (a newer, improved standard), when used with a relatively long password containing upper and lowercase letters, numbers, and punctuation characters, is about as secure as a consumer product can be. If you secure your wireless network with a password of ten or more characters, using the mixed character set just described, your network is virtually uncrackable, barring access to a supercomputer for several months in an attempt to try every combination. One of the best ways to create a password for your network is to use a common phrase, but mix it up with special characters. For example, “Mary had a little lamb.” You can change that around to “mAry4aD@L1tT137AM#”.  Obviously, you need to write this down and save it somewhere. Check your wireless router documentation to see if you can use spaces in your password, as some do not permit it. You should only need to use this password to set up your wireless router, and set up each wireless device you wish to attach to your network.

Finally, to answer why you should never have an unsecured network, I touched on it briefly in the discussion on WEP encryption. Understand that there are bad guys out there who will drive through a neighborhood using scanning software to identify every wireless router that has no encryption or maybe WEP encryption. Once they’ve identified one or more connections, they just park their car on the street, and connect to the Internet with their laptop, using your connection. Aside from the increased bandwidth usage slowing things down for you, these bad guys are using your connection to perform any number of illegal activities. If they are being watched, due to whatever they are uploading or downloading, law enforcement agencies are going to look at just one thing, at least at first: your IP (Internet Protocol) address. A wireless router permits any number of devices to share a single IP address (the address on the cable modem, DSL modem, etc., that goes out to your internet provider), so the bad guy will be using the same IP address as everything else on your network. Guess whose door is going to be knocked on by law enforcement agencies? The correct answer is your door, and you’ll have lots of explaining to do. Oh, you’ll eventually be exonerated, but the hassle, temporary confiscation of your computer gear, and the efforts needed to restore your reputation in your job and your community will certainly be  enormous.

Another hint that may protect you from identity theft. Do not use wireless hotspots at neighborhood bookstores, restaurants, etc. to transact business where passwords or credit card numbers might be used. The person next to you, or a few tables down, might be using software that captures everything you are doing on your computer because those wireless hotspots are NOT secure. They are not using encryption of any sort. The fact that you might have to log in does not necessarily mean that having a password is the same thing as having data encryption. Be very careful about what kind of transactions you perform on these public wireless hotspots.

Some would say that configuring the security functions on wireless routers only attracts bad guys, because of the assumption that having security means there must be something of value there, or that if you are an honest person, you have nothing to hide, so you don’t need security. WRONG! The number of bad guys is growing every day. When it comes to computer security, paranoia is a very, very good thing. For those who think that computer and wireless security is bunk, well, please feel free to go right ahead and keep believing it. I’ll be there to hand you a crying towel when your bank accounts are emptied, or your credit card is seized by a bad guy, and keep telling you “I told you so.”

In the words of that great police sergeant from the long gone TV cop show Hill Street Blues, “let’s be careful out there.”