Using Wireless Technology Securely
In recent years, wireless networking has become more available, affordable, and easy to use. Home users are adopting wireless technology in great numbers. On-the-go laptop users often find free wireless connections in places like coffee shops and airports.
If you’re using wireless technology, or considering making the move to wireless, you should know about the security threats you may encounter. This paper highlights those threats, and explains what you need to know to use wireless safely, both in the home and in public. You will find definitions of underlined terms in the glossary at the end of this paper.
Home Wireless Threats
By now, you should be aware of the need to secure traditional, wired internet connections.* If you’re planning to move to a wireless connection in your home, take a moment to consider what you’re doing: You’re connecting a device to your DSL or cable modem that broadcasts your internet connection through the air over a radio signal to your computers. If traditional wired connections are prey to security problems, think of the security problems that arise when you open your internet connection to the airwaves. The following sections describe some of the threats to home wireless networks.
Piggybacking
If you fail to secure your wireless network, anyone with a wireless-enabled computer within range of your wireless access point can hop a free ride on the internet over your wireless connection. The typical indoor broadcast range of an access point is 150 – 300 feet. Outdoors, this range may extend as far as 1,000 feet. So, if your neighborhood is closely settled, or if you live in an apartment or condominium, failure to secure your wireless network could potentially open your internet connection to a surprising number of users. Doing so invites a number of problems:
Wardriving
Wardriving is a specific kind of piggybacking. The broadcast range of a wireless access point can make internet connections possible outside your home, even as far away as your street. Savvy computer users know this, and some have made a hobby out of driving through cities and neighborhoods with a wireless-equipped computer—sometimes with a powerful antenna—searching for unsecured wireless networks. This practice is nicknamed “wardriving.” Wardrivers often note the location of unsecured wireless networks and publish this information on web sites. Malicious individuals wardrive to find a connection they can use to perpetrate illegal online activity using your connection to mask their identities. They may also directly attack your computer, as noted in the “Piggybacking” section above.
Unauthorized Computer Access
An unsecured wireless network combined with unsecured file sharing can spell disaster. Under these conditions, a malicious user could access any directories and files you have allowed for sharing.
Protecting Home Wireless
While the security problems associated with wireless networking are serious, there are steps you can take to protect yourself. The following sections describe these steps.
Make Your Wireless Network Invisible
Wireless access points can announce their presence to wireless-enabled computers. This is referred to as “identifier broadcasting.” In certain situations, identifier broadcasting is desirable. For instance, an internet cafe would want its customers to easily find its access point, so it would leave identifier broadcasting enabled.
However, you’re the only one who needs to know you have a wireless network in your home. To make your network invisible to others, see your access point’s user manual for instructions on disabling identifier broadcasting. (In Apple wireless networking, this is called “creating a closed network.”)
While this kind of “security through obscurity” is never foolproof, it’s a starting point for securing your wireless network.
Rename Your Wireless Network
Many wireless access point devices come with a default name. This name is referred to as the “service set identifier” (SSIS) or “extended service set identifier” (ESSID). The default names used by various manufacturers are widely known and can be used to gain unauthorized access to your network. When you rename your network, you should choose a name that won’t be easily guessed by others.
Encrypt Your Network Traffic
Your wireless access point device should allow you to encrypt traffic passing between the device and your computers. By encrypting wireless traffic, you are converting it to a code that can only be understood by computers with the correct key to that code. For more about encryption, see the US-CERT Cyber Security Tip “Understanding Encryption,” http://www.us-cert.gov/ cas/tips/ST04-019.html.
Change Your Administrator Password
Your wireless access point device likely shipped with a default password. Default passwords for various manufacturers are widely known and can be used to gain unauthorized access to your network. Be sure to change your administrator password to one that is long, contains non-alphanumeric characters (such as #, $, and &), and does not contain personal information (such as your birth date). If your wireless access point does not have a default password, be sure to create one and use it to protect your device.
Use File Sharing with Caution
If you don’t need to share directories and files over your network, you should disable file sharing on your computers. You may want to consider creating a dedicated directory for file sharing, and move or copy files to that directory for sharing. In addition, you should password protect anything you share, and use a password that is long, contains non-alphanumeric characters (such as #, $, and &), and does not contain personal information (such as your birth date). Never open an entire hard drive for file sharing.
Keep Your Access Point Software Patched and Up to Date
From time to time, the manufacturer of your wireless access point will release updates to the device software or patches to repair bugs. Be sure to check the manufacturer’s web site regularly for any updates or patches for your device’s software.
Check Your Internet Provider’s Wireless Security Options
Your internet service provider may provide information about securing your home wireless network. Check the customer support area of your provider’s web site or contact your provider’s customer support group.
In recent years, wireless networking has become more available, affordable, and easy to use. Home users are adopting wireless technology in great numbers. On-the-go laptop users often find free wireless connections in places like coffee shops and airports.
If you’re using wireless technology, or considering making the move to wireless, you should know about the security threats you may encounter. This paper highlights those threats, and explains what you need to know to use wireless safely, both in the home and in public. You will find definitions of underlined terms in the glossary at the end of this paper.
Home Wireless Threats
By now, you should be aware of the need to secure traditional, wired internet connections.* If you’re planning to move to a wireless connection in your home, take a moment to consider what you’re doing: You’re connecting a device to your DSL or cable modem that broadcasts your internet connection through the air over a radio signal to your computers. If traditional wired connections are prey to security problems, think of the security problems that arise when you open your internet connection to the airwaves. The following sections describe some of the threats to home wireless networks.
Piggybacking
If you fail to secure your wireless network, anyone with a wireless-enabled computer within range of your wireless access point can hop a free ride on the internet over your wireless connection. The typical indoor broadcast range of an access point is 150 – 300 feet. Outdoors, this range may extend as far as 1,000 feet. So, if your neighborhood is closely settled, or if you live in an apartment or condominium, failure to secure your wireless network could potentially open your internet connection to a surprising number of users. Doing so invites a number of problems:
- Service violations: You may exceed the number of connections permitted by your internet service provider.
- Bandwidth shortages: Users piggybacking on your internet connection might use up your bandwidth and slow your connection.
- Abuse by malicious users: Users piggybacking on your internet connection might engage in illegal activity that will be traced to you.
- Monitoring of your activity: Malicious users may be able to monitor your internet activity and steal passwords and other sensitive information.
- Direct attack on your computer: Malicious users may be able to access files on your computer, install spyware and other malicious programs, or take control of your computer.
Wardriving
Wardriving is a specific kind of piggybacking. The broadcast range of a wireless access point can make internet connections possible outside your home, even as far away as your street. Savvy computer users know this, and some have made a hobby out of driving through cities and neighborhoods with a wireless-equipped computer—sometimes with a powerful antenna—searching for unsecured wireless networks. This practice is nicknamed “wardriving.” Wardrivers often note the location of unsecured wireless networks and publish this information on web sites. Malicious individuals wardrive to find a connection they can use to perpetrate illegal online activity using your connection to mask their identities. They may also directly attack your computer, as noted in the “Piggybacking” section above.
Unauthorized Computer Access
An unsecured wireless network combined with unsecured file sharing can spell disaster. Under these conditions, a malicious user could access any directories and files you have allowed for sharing.
Protecting Home Wireless
While the security problems associated with wireless networking are serious, there are steps you can take to protect yourself. The following sections describe these steps.
Make Your Wireless Network Invisible
Wireless access points can announce their presence to wireless-enabled computers. This is referred to as “identifier broadcasting.” In certain situations, identifier broadcasting is desirable. For instance, an internet cafe would want its customers to easily find its access point, so it would leave identifier broadcasting enabled.
However, you’re the only one who needs to know you have a wireless network in your home. To make your network invisible to others, see your access point’s user manual for instructions on disabling identifier broadcasting. (In Apple wireless networking, this is called “creating a closed network.”)
While this kind of “security through obscurity” is never foolproof, it’s a starting point for securing your wireless network.
Rename Your Wireless Network
Many wireless access point devices come with a default name. This name is referred to as the “service set identifier” (SSIS) or “extended service set identifier” (ESSID). The default names used by various manufacturers are widely known and can be used to gain unauthorized access to your network. When you rename your network, you should choose a name that won’t be easily guessed by others.
Encrypt Your Network Traffic
Your wireless access point device should allow you to encrypt traffic passing between the device and your computers. By encrypting wireless traffic, you are converting it to a code that can only be understood by computers with the correct key to that code. For more about encryption, see the US-CERT Cyber Security Tip “Understanding Encryption,” http://www.us-cert.gov/ cas/tips/ST04-019.html.
Change Your Administrator Password
Your wireless access point device likely shipped with a default password. Default passwords for various manufacturers are widely known and can be used to gain unauthorized access to your network. Be sure to change your administrator password to one that is long, contains non-alphanumeric characters (such as #, $, and &), and does not contain personal information (such as your birth date). If your wireless access point does not have a default password, be sure to create one and use it to protect your device.
Use File Sharing with Caution
If you don’t need to share directories and files over your network, you should disable file sharing on your computers. You may want to consider creating a dedicated directory for file sharing, and move or copy files to that directory for sharing. In addition, you should password protect anything you share, and use a password that is long, contains non-alphanumeric characters (such as #, $, and &), and does not contain personal information (such as your birth date). Never open an entire hard drive for file sharing.
Keep Your Access Point Software Patched and Up to Date
From time to time, the manufacturer of your wireless access point will release updates to the device software or patches to repair bugs. Be sure to check the manufacturer’s web site regularly for any updates or patches for your device’s software.
Check Your Internet Provider’s Wireless Security Options
Your internet service provider may provide information about securing your home wireless network. Check the customer support area of your provider’s web site or contact your provider’s customer support group.