Protecting Your Wi-Fi Connection

1
Protecting Your Wi-Fi Connection

• Source WSJ, Sept. 15, 2003

2
Security is the blackcloud of Wi-Fi

• Wireless signals can easily be picked out of the
  air with the right equipment from Radio Shack
• Once a hacker gains access, he/she can
• -tie up your Internet connection,
• -eavesdrop on your communications
• -rummage around your hard drives
• Most home Wi-Fi gear sold with security settings
  deactivated to save buyers the hassle, but most
  users never bother to set them up!

3
Deterrents to Hackers

• Set encryption on (disadv slows speed)
• Create unique name for SSID (service set
  identifier) on access point and computers. For a
  computer to gain access to the network, its Wi-Fi
  adapter card must be set up with the networks
  SSID.
• (i.e., SSID on laptop wireless card must match
  SSID on access pt.)
• Change SSID regularly. Dont rely on the default
  settings like Linksys.
• Disable SSID broadcast option on access point
  to discourage jokers in front of your house from
  gaining access with a wireless device.

4
Passwords

• Currently, most access points come from factory
  with a standard password, like admin, that can
  be easily guessed. Change default password.
• Create an invite list (aka MAC address
  filtering) on access points settings. User can
  specify which machines are permitted to connect
  to the Wi-Fi network MAC address is usually
  found printed on back of Wi-Fi card. (Caution,
  this presents a hassle with lots of guests in the
  home.)

5
One More Password

• If hacker taps into your home network, he/she can
  not only use your Internet connection, but can
  also rummage through files on hard disks of your
  computers if they have been configured to share
  files with all users on network without requiring
  a password. (Useful for grabbing music off a PC
  in the den and putting it onto laptop in the
  bedroom, but its best to only share select
  folders and require password for all others.)

6
Encryption

• Set access point to scramble (encrypt) all
  communications to prevent eavesdropping.
  (Caveat Currently, setting up encryption, called
  WEP is a hassle involves entering a 26 character
  string key on multiple machines and access point)
• War Driving experiment Using a laptop equipped
  with Wi-Fi antenna on a 10-mile stretch of city
  roads, you are able to pick up SSIDs being
  broadcasted by home or office wireless networks.
  Out of 444 vulnerable access points, only 1/3
  were encrypted, which means you could not only
  use Internet connection to surf, but could also
  peeked at contents of communications on the
  network.

7

• Cont. However, this evesdropper would not be
  able to get credit-card transactions on most Web
  sites because of strong security features built
  into Web browsers (e.g., SSL, SET).

8

• For most users, taking the basic steps mentioned
  to prevent unauthorized access to an access point
  and turning on encryption will be good enough
  security.
• Future security is getting better in newer Wi-Fi
  products. E.g., Manufacturers are replacing WEP
  with WPA (wireless protected access) and 802.11i
  technology to further boost encryption. At
  present, I think its still a hassle to configure!