Wi-Fi radio connections to the Internet at home, the office, and even in your local coffee shop are no longer a futuristic novelty but a convenience that many users rely upon every day. With ease, however, may come a very unrealistic feeling of safety.
As you might suspect, broadcasting your personal data through the air is not without hazards. Consequences can be quite serious, like having your computer directly accessed by hackers, with your confidential information, documents, and credit card numbers stolen, or it being used for other illegal activities for which you might be blamed.
It does happen. Recently, a panicked customer called in. He had received several serious DMCA complaints and threats from a giant media company that claimed he had illegally downloaded their content – either music or movies – and they had the right Internet address.
Yet, the man hadn’t done anything wrong except to use his Wi-Fi at home wide open and unsecured. Some unscrupulous neighbor must have profited from his naivety. The customer’s still waiting to see if the complaining company will take further steps against him, but meanwhile one of our techs set him up with strong WPA security to prevent further stealthy theft of his connection.
Basic Home and Office Defense
Proper set up is critical. Most of the steps to protect your computer should be implemented from the moment when you first set it up for Wi-Fi. While it’s impossible to guarantee absolute security, these steps may persuade a wireless hacker to choose an easier target.
- Change your gateway’s name and password. This should be done first thing, but be sure you write them down someplace secure.
- Disable the “ad hoc” mode. This allows peer-to-peer networking, which could permit rogue users to connect through a legitimate client. Enable “infrastructure” mode only.
- Disable SSID broadcast. The SSID is basically the network name for the radio access point. In open network mode, your router will invitingly broadcast its presence to the world 10 times a second. Turn it off to prevent both neighbors and passersby from accidentally detecting and accessing your network. For home networks, it’s not necessary anyway. You only need to type the SSID in once during the setup dialog for it to be remembered for future sessions.
- Turn on the MAC addressing filter. Most gateways let you restrict access to known MAC addresses, which are individually unique to each machine. By limiting access to pre-defined MAC addresses only, the network is further shut against rogue clients.
However, as long as you’re broadcasting, your wireless network can still be detected. Nearby hackers could capture the data packets as they zip through the air. These packets may reveal SSID and MAC addresses of trusted clients, allowing a hacker to “spoof” the address and pose as an accepted device. Therefore, additional steps to secure your system are necessary.
- Enable WPA or WPA2 encryption. Wi-Fi Protected Access encrypts the information traveling between computer and gateway. This is one of the most important things you can do to protect yourself.
The Internet, designed in a far more trusting age, had little thought given to protecting information in transit. The original Wi-Fi encryption scheme was known as WEP, which comes in different strengths. However, the underlying scheme is fundamentally flawed, and hackers have developed software tools that can now easily crack even the most advanced in just a few minutes.
WEP is better than nothing, though it may give a dangerous false sense of security. Users are strongly advised to use more advanced protocols. WPA builds on WEP encryption by scrambling the key and checking it to ensure it has not been tampered with. WPA2 is even stronger and provides better performance and is thus the currently preferred standard.
Note that both WPA and WPA2 require that all wireless devices on your network be set to them. Upgrading from WEP may require newer adapter cards or a firmware update from the manufacturer. And of course, it’s always a good idea to change your passkey regularly.
- Use a firewall, up-to-date anti-virus protection, and regularly check for system updates. Along with changing passwords, these are all fundamental means of protection that SWCP strongly recommends for ALL users, however you connect – be it any kind of broadband or even good old dial-up. Many routers have a built-in firewall, as do systems like Windows XP, Vista, and 7.
However, it is also a good idea to install a software firewall such as Zone Alarm on your computer for additional protection, especially if it’s a laptop you will be connecting to other systems, like at public hotspots. The firewall should be set at the strongest setting that does not interfere with your activities. Some experimentation may be necessary.
- Protect data with passwords. With newer operating systems including Windows 7 and Mac OS X, you can password-protect your entire computer or just selected folders or files. Use special protected directories that only you have access to for your most confidential and sensitive documents. This is particularly important if you share intimate pictures of yourself with a loved one. Hackers have been known to steal photos and even them for blackmail.
- Turn off wireless access when not in use. Inconvenient perhaps, but simple and foolproof. Your computer can’t be hacked when it’s turned off or not connected.
Public Protection
By their openness and lack of filtering or encryption, public Wi-Fi hotspots in coffee shops, airports, hotels, or wherever, pose special dangers. Lurking hackers can sniff passing network traffic, on the lookout for passwords, credit card numbers, and security vulnerabilities. Here are a few additional precautions you should take when access a public hotspot.
- Beware of “evil twin” hotspots. A truly clever, evil trick for hackers is to set up their own hotspot at the same location that mimics the legitimate access point. They will have an SSID as one would expect so it may be hard to tell them apart.
Evil twins are designed to collect passwords, usernames, even credit card data. This is a version of the “man-in-the-middle attack”, which can even happen at home as well, It’s a good reason to avoid any temptation to use your neighbor’s seemingly wide-open access also, as it could be a trap.
Do not set your wireless card to automatically connect to any available access point it detects, but first check the list of available SSIDs to make certain you are connecting to the right one.
- Be sure that file-sharing is turned off. At home or work, file-sharing is often used to easily copy files back and forth between networked computers, but it’s very dangerous to leave on in public. Use a sticky note if you need to remind yourself.
- Use web-based email. SWCP’s free customer web-mail service protects data in transit more than regular email. Plus, the messages stay on our server where you can access them from any location – handy if you use several computers for email.
- Use encryption where possible. Like our webmail service, many websites, especially commercial ones, have security features. Their addresses begin https:, rather than just http:. However, much information establishing contact and also in emails is transmitted unencrypted that can be sniffed by nearby lurkers. Sensitive email should be encrypted – and there are plenty of programs available to do this.
- Be aware of people around you. The range of Wi-Fi is limited, but the hacker does not have to sit next to you. Still, it pays to know who’s looking over your shoulder. Sit with your back to a wall if possible. There are films that can be placed over your screen to narrow its visibility, too.
Other, more technical steps can be taken to protect your data such as establishing a VPN, putting your wireless network on its own subnet, and changing internal IP numbers. For these you may need help from your company’s IT guru, who should definitely be consulted anyway if you plan to use wireless to access the business’ network.
None of this should deter you. Wi-Fi is a great convenience and with a proper set-up and some common sense, you should be able to use it to access the Internet without worries.
For assistance with the steps listed above, SWCP’s excellent Tech Support staff is here to help. Call or email if you have any questions or problems.