Sunday, October 11, 2009

Securing Your Wireless Networks


With the increase in recent years of the popularity of broadband access, connection sharing and falling prices of wireless routers, it's not at all surprising to observe the mushrooming of numerous wireless networks around the island be it in the residential nor commercial areas.

While it makes sense to use wireless technology to share internet access, one very worrying trend emerges; that many of these hotspots are lacking in basic security... Just like how you do not allow strangers into your home, there are plenty of such networks everywhere that failed to secure it's doors, allowing anyone out there to hook onto the unsecured network for the most harmless activity of FREE surfing to the most damaging acts of stealing your data for malicious intent.

It is precisely with securing your wireless network in mind that I've decided to pen this entry today... There are 101 ways to secure a wireless network but I'd not be able to cover all. I shall just stick to the basic defenses that you can deploy with out-of-the-box features that your wireless router should come with...

1. Do not broadcast your network SSID. The SSID is the name of your wireless network. Broadcasting it is equivalent to telling the whole world your home address, potentially inviting a whole lot of junk mails and other unwanted attentions.

2. Enable MAC Filtering. Each devices that needed to access the network must have a MAC Address and by limiting only those MAC Address which you are aware of, you are simply 'distributing your house keys only to those whom you know and trust'.

3. Limit IP Address Range to only as many as you need. Do not over allocate as this is similar to 'leaving excess sets of your house keys lying around'.

4. Change the default IP Range of your router. Change the default IP Range of the router to something similar but not the default. Some IT savvy folks may be able to guess your IP Range and conduct malicious tasks against you. As such, changing the default IP Range is similar to why some home owners prefered to change the locks to their homes when they initially bought it.

5. Enable encryption (WEP or WPA) on your wireless network. These 2 are the most common standards available in all of today's routers. WEP had been cracked before while WPA had proven resilient so far (phew). What happens now is that with either of the standards enabled, your communication between the PC/Laptop to the router is now secured. Think of it as if you are talking in some lingo that only you and your colleagues understand such that you boss will not be able to catch that you 2 are actually gossiping about him!

Do note that the above are not foolproof. They are only able to provide some basic defenses against evil-intentioned folks. To the experts, these defenses can be easily breached in hours, if not minutes. However, in the normal context, this is just about sufficient protection.

4 comments:

Irene Ang said...

I think I'm one of those people who are absolutely blur about wireless security. Even after I've read through your recommendations, I don't think I can understand a single bit of what you've said. Let's just say that my internet / computer policy is that, if you don't want people to find out your secrets, don't put in any secrets that people might be able to access. Yes, don't put any secrets in your computer and on the internet.

In regards to wireless "crime", I use to commit the same crime of surfing using someone elses wireless network for FREE. Can't blame me, I was poor and can't afford my own connection (days of being a student) and I was very very very thankful that these people have left their connection open. I would have openly share my network if I am more savvy in regards to my wireless connection. Now I simply do not know how to share it... LOL

Uncle Law said...

It isn't really that hard to secure your wireless network. In fact, I think the instruction manual's guide is decent enough to kick things off.

You might think that you do not have any secrets in your computer but what those hackers are after isn't your vital stats or how many calories you've piled on in the past 2 months. What they are after is your personal data, credit card details, account names, passwords, etc. Anything that they can use to impersonate you in order to get money... that's their pot of gold.

Surfing using other's network is actually illegal in Singapore and you could be arrested for that. There was a case some years ago of a teenager who did just that because his mum locked him out of his home network. Desperate, he hooked onto his neighbour's network and posted some deframatory remarks online. The police eventually traced it to his neighbour's network and from there, traced it to his laptop's MAC Address. As such, do think twice the next time you try to use other's free network.

I wouldn't recommend that you leave your network open for others to share just like how other's had shared theirs' with you. This is the most straightforward way to invite malicious folks to tap into your network and steal data.

Trust me, securing your network might take some time to fix up but the troubles it can save you later on is immeasurable.....

Irene Ang said...

Guess I should be glad that my network is already secured. As in like the password are all set up. My problem is that I've forgotten how I set it up, so now I don't know how to remove the password and stuff. But looking at your advice, I think I should not deactivate my network security :)

Still have this feeling that I should share with those in need though. Its so hard to be a good Samaritan these days...SIGH

Uncle Law said...

You can always refer back to the manual for the setup instructions. If the manual had been misplaced, you can still visit the product's website and look for the product's support page for the manual. Lastly, you can ask your IT savvy friends to help you take a look too.

Yes, I strongly suggest that you keep the basic security of your network on. As for being a good Samaritan, there are 1001 other ways to do it without inviting potential troubles to yourself.