Monday, January 08, 2007

How Secure Is Your Wireless Network?

For those of you who aren't IT/computer security savvy, the New York Times has a good article about just how easy it is for someone to see almost everything you do on an unsecured wireless network. (hat tip to Bruce Schneier's blog)
From the article:

We met (John, the camera crew and I) in a Manhattan Wi-Fi coffee shop. Turns out there was absolutely nothing to it. John sat a few feet away with his PowerBook; I fired up my Fujitsu laptop and began doing some e-mail and Web surfing.

That's all it took. He turned his laptop around to reveal all of this:

* Every copy of every e-mail message I sent *and* received.

* A list of the Web sites I visited.

* Even, incredibly, the graphics that had appeared on the Web sites I had visited.

None of this took any particular effort, hacker skill or fancy software. Anyone could do it. You could do it.

Just to make it clear, the tools needed to do this are available for free on the Internet. Certain sites/activities will not be viewable to the naked eye (encrypted sites such as banks, financial websites, some web-based e-mail)--if there's the padlock image in the bottom status bar of your browser or the site begins with https:// instead of http://, all information sent that way will be encrypted, that is, difficult for someone to view (though, it is feasible that the encryption could be broken, it would require far more skill to do so).

For those of you using wireless networking equipment at home, there are some basic things you can do:
  • Use the highest level of encryption available. WPA2 is the best currently available. WPA is next. WEP is easily broken, but will keep most casual users from intercepting your communications.

  • Change the default device name (and administrator user name and password) for your wireless equipment (router or access point) and turn off SSID broadcasting. All wireless routers and access points come with a default name, examples include: Linksys, Netgear, Dlink. Disabling SSID broadcasting will keep your network from being widely advertised to the casual observer.

  • MAC address filtering. Every network card ever made has a unique ID, a MAC address. Most wireless equipment will allow you to specify that only certain MAC addresses can access the network. It's not failproof, but again, will keep your network from being the easiest one to get into. has these suggestions, and a few more--including directions on how to do them.

Disclaimer: These are suggestions for making your wireless network more secure. They in no way make your network "hacker-proof" nor will they keep all people from being able to see your communications. These are just some steps to keep your network from sending all information in plain text.

No comments: