Many of my neighbors are walking around the neighborhood with their pants around their ankles, kicking their open wallets down the street in front of them while they scream their bank PINs and credit card numbers out at the top of their lungs. I never really noticed it until now, but now that I’ve seen it I really have a hard time sleeping at night.
Ok, maybe this is a slight exaggeration, but believe me it’s not far from the truth. In reality, what I’ve discovered is that my neighborhood (and presumably your neighborhood as well) is rife with unsecured, unencrypted public access wireless networks. People are installing wireless (or WiFi) networks in their houses in droves. What many of them don’t realize is that these networks extend well beyond the boundaries of the walls of their houses and can be easily eavesdropped or misused by anyone in the vicinity with no effort at all. With just a marginal expenditure (I’m talking $50 or so) a knowledgeable techie can put together a wide angle wireless antenna or a signal repeater and have access to the network from even further away.
The WiFi networks aren’t the problem. The problem is that people don’t turn on the encryption on their network, or they leave their routers configured with standard login and password combinations that ship as default from the factory. Any unscrupulous person could simply turn on their laptop, connect to their network, and proceed to do any number of malicious things such as installing key sniffers to get their bank passwords, monitor their network traffic to get credit card information, rifle through their hard drives on their computers, or even log enough information to put together a profile of a person in order to manipulate them, defraud them, or turn them into yet another identity theft victim. Seriously malicious people could, in the space of a few minutes, install rogue software on someone’s home network to allow them to launch attacks on other sites, making it look like it’s originating from the innocent person’s computers. You could even plausibly make a case for terrorist cells setting up anonymous servers on unsuspecting systems to facilitate communications among cells.
You may think I’m making a mountain out of a molehill, that I’m oversimplifying the ease with which these things can be done. In reality, I’m probably not punching home exactly how easy it is. I’m not an intrusion expert; I don’t specialize in cracking networks apart. What may take me 10 minutes to accomplish will literally take someone else under a minute. I can very confidently state that in about a half hour I could make life pretty miserable for my neighbors. Good thing I’m the honest sort. Unfortunately, there are plenty of dishonest types out there.
The really sad thing is that these same people could very easily protect themselves, with about five minutes of simple effort and configuration, yet nobody bothers to explain to them how to do it when they sell them the equipment. Consequently, people don’t know they are vulnerable and the people who want to exploit their vulnerability like it that way.
I’m going to give you a very quick crash course in what you need to do in order to protect yourself. I won’t go into the nuts and bolts of what buttons to push, what toggles to switch, or what magic incantations to say but I will tell you in plain English what you need to do. Hopefully, armed with this knowledge you can then either figure out how to enable the things that need enabled or speak intelligently enough to a tech support representative to get them to do it.
Pure and simple, the most important thing that needs to be done on your WiFi network is to enable WEP, which stands for Wireless Encryption Protocol. What this does, simply, is to encrypt every bit of information that flies through the air so that even if someone is eavesdropping, they can’t understand what you are saying and steal any sort of information from it. WEP involves setting up a network key on your router, turning on the encryption, and then feeding the same information to each of the computers on your network. This key is then used to encrypt and decrypt all the packets of information flying around, and anyone without the key can’t get into your business.
In addition, you absolutely have to change the default passwords on your router. Routers ship from the factory with default passwords that anyone can easily spend 5 seconds on Google to find out. For instance, nearly all Netgear routers ship with the Admin account enabled with either the password “1234” or simply “password” and if your still using these you should go change them immediately. Use something hard to guess… one of the techniques I use for password control is to use two completely unconnected common words, separated by a symbol (such as &, %, ^, etc). This means I might have something like Golf#tornado for a password. Fairly easy to remember, fairly difficult to crack. You can also mix in some numbers in there, using a mix of letters and numbers.
There are other things you can do, such as only allowing specific computers to attach to your network. I do these things, but they aren’t absolutely essential to network security like the previous two steps are. If you are running without encryption, wide open, allowing anyone in the world to simply turn on their laptop and connect to your network you are doing yourself a huge disservice and are asking for trouble. Please, lock up your networks. Protect yourself. Stop walking down the street with your pants down while you scream your credit card numbers and bank PINs out to the entire neighborhood. Let me sleep peacefully at night.