Comments on: Worried about Wi-Fi security?

You should be. The complexity of maintaining a home network is leading owners to put security on the back burner.

[aemarques]

Complicated measures?

You say "There are also more complicated measures home network owners can take, such as swapping out the default service set identifier, or SSID".
However, changing the defauld SSID - or, better yet, blocking its broadcast - is one of the most simple and efective security measures one can make in a Wi-Fi network!

[djysrv]

re; WiFi Security

Cudos to Belkin on this issue. When I set up an 802.11g home network, I knew I'd be lighting up the entire neighborhood. Belkin's technical support staff walked me through setting up the router, changing the SSID, setting up 64-bit WEP encryption, strong password, and installing a USB wireless node. Everything Belkin said would work did. When I changed one of our home computers, and had to re-install the wirless node, Belkin's instructions were flawless, and the new PC got connected right away using the same secure methods.

[jeaninej]

If you aren't sure, take a class, ask questions

I took C/Net's free Wireless Home Networking classes before I even had equipment. They proved valuable sources of planning and security information when I did acquire my LinkSys equipment and set it up. I don't broadcast my SSID, have 64-bit encryption and definitely changed my IP addressing structure.

If you aren't sure what you are doing, then you shouldn't be doing it. GET EDUCATED!

[Not Bugged]

The guy is an IT pro and he's scared?

Okay, I'm not in IT but man it seems like I should be. If you set your filters to allow only specific MAC addresses, disable SSID broadcast, use a proprietary technology, mine is the D-Link which uses 256-bit encryption, don't use default settings there is no way anyone is getting in.

Other steps is make sure to strategically place the wireless router where it has the hardest time broadcasting outside of the home, like say in the basement.

Can someone break the encryption? Possibly, but that is why you change the keys (make sure it's shared) every couple of weeks or maybe once a month.

[egarc--2008]

How can managing a wifi network be a daily task??

I agree with the previous poster that keeping a wifi network
secure is not much work. But I don't believe you need to change
the key very often because it would take a hacker literally weeks
outside your house to crack WPA.

With SSID broadcasting off, MAC addressing on and WPA, home
users are safe. If you are still paranoid, make sure your
computers are asleep when not in use and change the
encryption key from time to time.

[Steven N]

That 's probably because he knows too much

The reason why he is feeling insecure is probably simply because he knows too much of it.

Changing the SSID doesn't help, it sill shows up in your wireless network list.
Hiding SSID could help a tiny bit more, but it can be retrieved through sniffing the connection.
During the same snif, you easily find out what MAC addresses can connect to the router, so MAC address blocking can easily be bypassed.
WEP keys can be retrieved in a matter of hours, depending on how busy your network is.
WPA seems to be vulnerable to dictionary attacks.

If you take a look at this you could leave some sleep over it...

However, people should not forget this is a personal network: there might be private information on your network, but how much is there on your PC that is of real importance to an outsider?
So unless someone is really, really comitted to breaking into your network, most of these security precautions will be sufficient to keep the occasional wardriver out...

On another note though, if hardware manufacturers are really comitted to security, then they should create their devices in such a way that no WIFI is possible unless it has some minimal security: e.g: no WEP key, no WIFI.
This cannot be that hard?

SSIDs are not unique, thats part of the problem.

The article states: "such as swapping out the default service set
identifier, or SSID, number--a form of unique identification for
each wireless local area network"

That's good advice, but I'd just like to point out that SSIDs are
not unique. For example the default SSID for some Dlink wireless
routers is WLAN, if your router is broadcasting its SSID (another
default setting for easier connection) then an atacker will be able
to guess what wireless router you're using. And since you
haven't bothered to change any of these settings the chances are
that the administration password for the router has been left on
the default value too!

My advice, call in a proffesional or read up on it and do it
yourself. If you get stuck you'll find plenty of free support in
newsgroups and forums (that is as long as your internet
connection's still working).

Radiuz Networks to the rescue!

Radiuz Networks (www.radiuz.net) offers a solution to the problem that's easy to setup, and lets you control your home WiFi network to match your preferences for security and sharing. If you want a locked down network you can. If you want a fully shared network you can. You can even cooperate with your neighbors - its all monitored so you've always got the security of that audit trail. Go check it out - I was surprised not to see it in their write up as its a innovative new take on the problem.

[freebedj]

Microsoft Wireless Security & SSID Broadcast

One security measure that I take in regards to wireless, is turning off the SSID broadcast. However, with a new laptop that was running Windows XP and an internal 802.11g wireless card, it depended on Windows Wireless Zero Configuration service. I was having problems with connectivity and the resolution posted on the Microsoft site was that not broadcasting the SSID was not a viable security mechanism. The MS recommendation was to turn on SSID broadcast.

So basically I have a choice to make:
Turn on SSID broadcast so that my new laptop can connect using the internal card
Buy a PCMCIA card that has management software that can connect if the SSID is not broadcasted.

[rpms]

WinXP Wireless Zero Config - possible work-around

This is a frustrating problem. Here's a possible work-around that you may or may not have considered.

1. Select Start > Settings > Control Panel
2. Open Network Connections
3. Right-click the icon for your wireless card and select Properties...
4. Click Configure...
5. Open the Advanced tab, or the Settings tab if available
6. Set the Network Name/SSID manually

I've found that all of my wireless cards -- even the ones meant to be managed through Windows XP or through proprietary software -- let me set the SSID the old fashioned way. Accordingly, I have disabled the Wireless Zero Connect service.

See if this approach works with your card. Good luck!

Paul Marcelin-Sampson
Santa Cruz, California, USA

[shadowself]

First step NOT last

In your suggestions as to what to do...
"As a final security precaution, consider limiting access to
network adapters with specific MAC addresses."

For a home system ... and any business system which does not
have a large number of visiting users ... this must be the first
step, not the last. Anyone who has a WiFi network which does
not have a large number of visiting users that does not restrict
access to specific MAC addresses has an idiot for an
administrator. Period.

Any system (base station, etc.) that does not allow a relatively
easy means (with proper, verified authorization of course) to add
and/or delet MAC addresses must be avoided at all costs.

This is the most basic means of protecting your network. Of
course other layers need to be added too in order to maintain
data confidentiality when you are using the network, but
restricting the network usage to specific MAC addresses is the
first step, NOT an optional last step.

Thank you!

You are all, mostly, correct. Limit the access to your wireless LAN by using MAC address filtering. Close your networks (in AirPort lingo or disable SSID broadcasting for you PC folks) and use the built-in encryption/security features of your router/access point. At the very least connect to your router's web-administration page and change the default password for the admin account!!! Or just leave your network open for all to use freely. The choice its yours. If you're still unsure, switch back to hardwired Ethernet connections... that's a REALLY secure connection!
My neighbor is lucky I found their network first and not some unscrupulous person. They left the admin passwords at the default and are running two routers! All without any security enabled! Great for me, but they should know better or go all hardwired. Take a few mintues to read the manual, it's all in there!

What's with the puritanical technofear?

"attackers could implant malicious programs, including spyware, adware and Trojan horse applications, directly onto a computer". How would they do that without an unprotected computer? This has nothing whatsoever to do with open wireless networks, a machine open enough to allow this to happen over wifi would have it happen with any internet connection. The only real threat in the entire article is totally bogus!

As to the rest, it gives people on your little corner of the net anonymity which the can use or abuse to do things you don't approve of. Good! I don't want to police what others do and if someone abuses the facilities to the point where the network slows down I simply put a block on their IP address (which is logged on my machine so it's not the masked intrusion you make it out to be).

At my home base is an open WIFI connection and in my RV is a signal booster for the same. Share and enjoy!

Scare Tactic... This story exaggerates

Sorry, but I think this story exaggerates to the point that it's a
bogus scare tactic. There ARE risks in an unprotected wireless
network, but connections in the article will keep readers up at
night.

e.g. -- Most WiFi are not protected... Link to identity theft story.
I'm sorry, but that's not the main concern.

I wish the story had given some practical advice... Secure your
PC so you are not vulnerable to nasty tricks from within your
LAN. Turn off services (like file sharing) unless you know what
you are doing. You should do this anyway. Then, your biggest
concern is someone using your bandwidth.

I just did a WiFi setup for a friend. Up-to-date PC's supported by
corporate IT depts. Connection to the office by VPN. No file
sharing, no services running. I don't think they even need WEP.

-- Sally

Window pane blocking Wi-Fi

Glass manyfacturer in Sweeden have for years sold dobble window pane with a transparent metal film, socalled Warm Pane. The film was put on to increase the insolation factor of the pane stopping the IR spectum to pass through. A sideeffect of this is that this panes attenuate 2.4GHz 40dB. The cellphone band is also effected, often makiong the cellphone quiet. transmissions

WIFI security

Another option for protecting your WIFI network is our free WIFI Internet Access Blocker. Works with Win2K, XP and supports WEP/WPA. Gives you real-time intruder alerts and blocks freeloaders from surfing using your network. Download from http://www.myWIFIzone.com

[bebbers]

www.witopia.net

they offer several wifi security services for your home and if you
use Hotspots that are easy to set up and very cheap.