Almost all newer laptop computers as well as tablets, smart phones, video game consoles and home entertainment systems utilize WiFi as a primary or secondary method of connecting to the Internet or some other network. According to published reports from several sources, the majority of home Internet users have some form of WiFi in their homes, and WiFi is very commonly used in business, commercial and academic environments. While the basics of WiFi security apply to almost all WiFi networks, home users have become especially vulnerable because many have never implemented anything more than the minimum default security settings when installing and setting up the hardware.
The Wi-Fi Alliance (www.wi-fi.org ) defines WiFi as “wireless local area network (WLAN) products that are based on the Institute of Electrical and Electronics Engineers’ (IEEE) 802.11 standards.” WiFi is a fancy radio device that sends and receives streams of data through the air, just as any other two-way radio device. As consumers, we often see the presence of WiFi in terms of its standard designations, such as 802.11b, g, or n (as in 802.11n), each of these terms indicating the speed, bandwidth and channels available under those industry standard protocols. While new speeds and protocols are always being developed and tested, the fastest and most powerful of the current widely available standards is 802.11n, which is capable of a theoretical speed of 540 Mbps. A portion of the standard provides for downward compatibility, meaning that devices made for one of the newer standards, such as the “n” standard, must also be capable of communicating with lesser devices, such as the “b” and “g” standard devices.
For home use, most of us have some form of WiFi access point, typically either a free standing device directly connected to the Internet, integrated with a wired (ethernet) router, integrated with some form of modem (common with cable and DSL Internet services), or as a combination unit of “all of the above.” In my home I have a major name-brand integrated unit that combines a broadband modem, 4-port router (four Ethernet ports for Ethernet cable connected devices), a USB port to connect a printer or other USB devices to the network, and an 802.11n wireless WiFi with MIMO (Multiple-Input-Multiple-Output technology) for improved performance. Purchased from one of the big box electronics stores for about $70, my multi-function device replaced the less-capable modem supplied by my Internet service provider (ISP), and offers more features, speed and security than the one provided by my ISP.
For me, enhanced security was one of the primary reasons for replacing the older modem provided to me from my ISP just a few years ago. This broadband WiFi modem from my ISP incorporated the mid-speed 802.11g wireless access point with archaic security and encryption capabilities. Being fully cognizant that home (and business) WiFi networks are common targets of hackers and crackers, I wanted to harden my system from attack, and the newer integrated WiFi access point offered far superior protection than did my ISP provided unit.
One of the first requirements of a reasonably secure WiFi network is to implement the best encryption available on that particular device, such that unauthorized individuals who pick up the WiFi signal will only find random garbage, rather than a useful stream of data. Since only WiFi devices with the proper encryption key can exchange readable data, enabling the best type of encryption compatible with both devices (access point and remote device) will help protect the personal WiFi network from intrusion. Unencrypted WiFi leaves the entire network open to attack, which can be used to steal personal data, passwords, user names, credit card information, and other information that can be illicitly used for a variety of malevolent purposes, including identity theft. At a minimum, an unencrypted home WiFi network works like a free open network at a coffee house, where anyone can “leach” (steal or otherwise use) your Internet access, slowing your connection as the crooks use your bandwidth. This “leeching” or theft of Internet service may lead to unintended consequences, as it is not unknown for illicit drug dealers, pedophiles and child pornographers to use an innocent person’s unprotected WiFi in order to conduct their evil enterprises; if law enforcement tracks the bad guys, it typically leads to the innocent WiFi owner, rather than the miscreant who purloined the system.
A common game of hackers and crackers is “War Driving” (en.wikipedia.org/wiki/War_driving) where people with WiFi computers and some readily available software drive around an area picking up and recording the locations of all detectable WiFi networks, and posting the locations on a GPS coordinated electronic map. Even Google compiled a massive listing of WiFi networks as its specialized vehicles travelled up and down virtually every street in the country for its Google Maps “Street View” service, creating a massive firestorm with privacy and security specialists. While Google has graciously removed public access to its “war driving” database, there are a myriad of Web sites that post the maps and data found by amateur War Drivers, such that anyone can easily locate and tap into an unencrypted WiFi system. The simplest iteration is to use chalk on the side of a building or sidewalk to show the presence of a vulnerable WiFi system, telling anyone on the street about the unfettered broadband Internet access, compliments of an often unwilling provider.
Virtually all WiFi access points offer some form of encryption. During the initial setup of the WiFi system, the user is often requested to select an encryption method, or else “no encryption” is often the default setting, making the network accessible to anyone within range. On most contemporary home WiFi access points, WPA-2 is the best of the commonly available encryption methods, but is slower and requires more computing resources then WPA; except for the most bandwidth intensive uses, the majority of users will not really notice the slightly slower performance of WPA-2.
Another security trick embodied in almost all WiFi access points is the “Hide SSID” setting. SSID means “Service Set Identifier,” also called “Network Name.” At a minimum, the user should change the network name to some meaningless name that is not readily connected to the particular system. Hackers can easily break into networks that are only using the factory default settings. An even better trick, if available on the WiFi access point, is to totally hide the SSID, meaning that the network name is not openly transmitted, and only those in range who know the network name can connect to it. While not foolproof or totally secure, hiding the SSID is a simple way to make it more difficult for hackers to find your network.
Another feature that can be enabled to restrict unauthorized access to your home network is “MAC address filtering” (Media Access Control). Every device that can connect to the Internet has a unique MAC address, usually a series of about six two-digit alphanumeric characters separated by periods. While MAC addresses can be counterfeited or spoofed, filtering only allows selected devices, as indicated by their individual MAC addresses, to access the network. By entering the authorized MAC addresses into the filter and enabling the filter, only those approved devices can connect to the network. Likewise, the filter can prevent specific devices from accessing the network.
Listen to Ira Wilsker’s weekly radio show on Mondays from 6-7 p.m. on KLVI 560AM.