Millions of homes in the United States currently have wireless computer network devices. In fact, according to leading technology analysts over 34 million homes will have access to wireless for Internet access by 2009.
Wireless networks at home offer several conveniences that make them an attractive option for the home computer user: multiple computers can share a broadband connection without the need to run network cabling throughout the home, and laptop computers can be carried around both indoors and outside on the deck or patio to provide “anywhere” connectivity.
Network hardware vendors such as Linksys, NETGEAR, and D-Link have entire lines of wireless access points, network cards, and accessories marketed directly for home use. Most consumers, however, have little idea of the potential security issues they are bringing home with that wireless access point. It is surprising just how many home-based wireless networks are lacking in even the most basic security, with technology analysts estimating half of the home wireless networks in the United States are operating with no security at all.
Without the proper security measures in place, introducing wireless networking into your home could present a major security and privacy issue for you and your family. If your home PC or laptop-the one containing your personal financial information and electronic mail-is on a security-lax wireless network, and that PC has not been properly secured with the latest operating system patches and security updates, then your financial data and personal correspondence may easily be viewed by anyone close enough to your home to access your wireless network. Additionally, your instant messaging conversations and email traffic may be transmitted in the clear, as well.
Many wireless users setting up a new wireless home network will rush through the installation instructions to get their Internet connectivity working as quickly as possible. While the excitement is understandable, it is also quite risky as numerous security problems can result. Taking the time to understand the basics of the technology and how to keep your network secure are critical to protecting the personal and confidential information on your home computer and network. While technology limits ensure that no wireless network can be 100% secure, there are steps you can take to make it much more difficult for malicious users to compromise your home wireless network.
While this new wireless technology makes life a little easier, the lingering question remains: is it secure?
Wireless Networking Primer
Wireless networking (often referred to as WiFi, or WLAN devices) is based on one of several industry-standard technologies, typically referred to as the 802.11a, b, and g standards. These standards define the data transfer rates and the frequencies upon which data rides the airwaves. The 802.11b protocol operates at 2.4 Gigahertz (GHz) and 11 Megabits (Mbps), while 802.11a runs at 5GHz and 11Mbps. 802.11g devices operate on the same frequencies as 802.11b, but have higher data transfer rates of 54 Mbps. Basically, each of these specifications provides different frequencies for wireless (or radio) communications, thereby offering different capabilities in signal strength and range.
Wireless network devices can typically communicate in one of two modes: Managed and Ad-Hoc. Managed mode allows a device to act as a “node” on a network, just as a PC connecting to the data network. These nodes communicate with servers, printers, and other resources on the network in what is known as a client/server relationship. The PC is the client in this scenario. In the wireless world a device in managed mode connects to a wireless access point (or WAP) to connect to resources, and the access point acts as a communications bridge between the wireless device and the rest of the network (which can consist of wired systems, as well as other wireless devices.)
A device placed in Ad-Hoc mode does not need an access point to help it talk to the rest of the network. Ad-Hoc mode places the device in a “peer-to-peer” mode, allowing the device to act as its own access point to which other wireless devices in Ad-Hoc mode can attach. Wireless security standards were adopted early on, and were soon found to be flawed and ineffective.
WEP (wired-equivalent privacy) is today the standard method for protecting a wireless networking data transmission. While other technology and standards-such as 802.1x and
EAP-are being positioned to replace the shortcomings of the WEP security model, WEP today is still the most widely deployed method of protecting wireless networking communications.
During the inception of the 802.11 standards for wireless networking, the IEEE had to resolve a fundamental issue of wireless security; communications using this protocol are vulnerable because they use radio signals through open air space, as opposed to electrical signals through closed wires. The WEP standard was created to address this liability. It was supposed to make wireless networks as private as wired networks by using 40-bit and 128-bit encryption. WEP technology provides a means of encrypting the data communications taking place between a wireless networking device and a wireless access point, or two wireless networking devices (depending on which mode is being used, Managed or Ad-Hoc.) Typically the devices are designed to provide up to 128- bit encryption, which in itself is fairly secure. However, due to a lack of peer review or some other misstep the “equivalent privacy” is not so private after all. WEP can be broken very quickly after gathering 100 MB to 1,000 MB of data with freeware sniffers commonly distributed on the Web.
A sniffer is a computer connected to a network with its NIC placed in “promiscuous mode” (or “listening mode”). This allows that particular sniffer to eavesdrop on any communication passing along that network, and view the data contained within the packets. Even if the communication is encrypted, anybody with a $60 wireless NIC and a laptop can collect data, and in three to 30 hours break the WEP code using freeware utilities. This means the e n c r y p t e d ” p r i v a t e ” communications are no longer private. Making things worse, range is not our friend. A wireless network is vulnerable to this type of intrusion from points far beyond the company parking lot or the house next door. Ten dollars’ worth of parts from Radio Shack and a Pringles potato chip can be used to make a directional antenna, and boost a wireless network device’s 100-foot range to about 10 miles in a direct line of sight. As it stands today, the expectation of security and privacy assumed when using WEP in reality falls short of that expectation. WEP is easily broken, and therefore unreliable as a means to secure communications.
Wireless Security at Home
While most home-based networks use wireless access points that offer some form of data encryption like WEP, what you thought was secure may actually be easily overcome by any tech-savvy hacker having the tools and time to crack your WEP key. “The picture you paint is pretty frightening. If WEP isn’t a good solution for securing my home-based wireless network, then what is?” The answer: common sense. With a little thought you can easily augment WEP with some “in home” security practices that will strengthen your home-based w i r e less network against eavesdropping. Here are a few suggestions:
1. Never attach a personal computer that contains personal financial or family information to a home-based network via wireless. Most wireless access points come with a 4 or 6-port Ethernet switch built right in. Always connect these types of PCs to the network with a standard Ethernet cable. That ensures that all communications to and from this PC are secured within a wired connection.
2. Make sure that all of your home-based PCs are up to date with security patches and fixes from the operating system vendor (most often Microsoft).
3. If possible, change the WEP key on a scheduled basis. Come up with a new key every month or two, and make sure the key is long enough and complicated enough so that it is not easily guessed. Never use your name, house address number, or other easily guessed information in your WEP key or as the SSID string in your wireless network devices.
4. If your wireless access point offers the ability to “turn down” the signal power, reduce it as low as possible for your needs. The lower the signal output, the smaller the range of the access point. Out of the box most access points transmit a distance of over 1000 ft. This is far more range than is needed if you use wireless in your home office.
5. Always power off your wireless access point when not is use. Remember that all traffic flowing across your Internet DSL or cablemodem connection is traceable back to you, and in most legal situations is your responsibility. If a neighbor across the street is using your unsecured wireless access point at night while you sleep to download illegal material such as child pornography, these downloads are traced back to your DSL or cable modem.
Finally, as with all Internet communications, never say or reveal anything in an email, instant message, or chat conversation that you wouldn’t say in a public forum. Unless you are using advanced encryption technology or secured communications channels there should be no expectation of privacy in your Internet communications. If you need to say something of a private or personal nature, take the conversation to a voice phone call.