Securing a Wireless Home Network, Part I

Here are Parts II through VI:
Part II, Part III, Part IV, and Part V, and Part VI

It is pretty likely that you are currently (or will soon be) using a wireless networking device in your home. Wireless is great for all the flexibility it affords when it comes to setting up a home network, and it is cool when you want to surf the web or check e-mail when you are on the deck, or couchor toilet (like you've never done it).

Wireless is affordable, flexible, and easy to install, and in general we highly recommend it. The problem is that to make it easy to install the manufacturers turnoff most if not all the security features so that it connects easily out of the box. In fairness, most of the manufacturers we have looked at do have quick-start guides that show how to enable security, but as we demonstrate in this chapter many people just don't bother. This could be an expensive mistake if you consider what it costs to repair your credit history.

Why should I care about wireless network security?
Access to a wired network is easy to control because people have to be physically inside your house to plug a computer into the router. With a wireless network, people just have to be in the proximity of your house. Physical barriers such as windows and doors do not control access in this case, so we have to take other steps to block intruders.

The security issue with a wireless network stems from the fact that the signal is omnidirectional. Unlike a wired network, where signals are fairly well contained, the wireless signal goes everywhere in all directions (including up and down for those of you in multistory buildings) for 300 feet or more. Anyone who wants to gain access to your signal need only put a receiver (a computer with a wireless card) inside the signal range.Very Important: Why would someone want to access your wireless network? Well, there are lots of reasons. One of your neighbors could "leech" onto your network just to receive free Internet access. Although irritating, this is not all that harmful in itself, if all they are doing is browsing the Internet on your dollar. However, "war drivers" (people who drive around looking for unsecured wireless connections) or professional hackers could use the access to obtain your personal information. For example, eavesdropping while you are conducting an online purchase could expose your credit card information. They could also access the computers on your network.

One of the most unusual illicit uses of unsecured home wireless networks also offers perhaps the strongest reason yet to secure your wireless network. Recently, several instances have surfaced in which people conducting illegal activities used unsecured home networks for the anonymity that they can provide. One fellow parked in a neighborhood, easily gained access to an unprotected home wireless network and downloaded huge amounts of illegal child pornography. He was caught and arrested, but because of a traffic violation, not the downloading. (The police noticed the pictures on the computer after they pulled him over). If someone commits illegal activity in this manner, it can easily be traced to your broadband subscription, and you could end up having to explain to the authorities (and your family) that it was not you or other family members conducting the illegal activity.

We are always amazed when we drive through a neighborhood and check how people have deployed their wireless networks. On one dive recently, we easily found 114 wireless routers, only 45 (roughly 40 percent) of which were protected in any fashion. From such a scan, potential intruders can easily obtain a survey of the available wireless networks, their service set identifiers (SSIDs), channel numbers, and most important, which networks have been secured and which have been left wide open (roughly 60%).

In Figure 1, the networks with a circle and a padlock inside indicated that they are at least using encryption. The circles without a padlock are wide open. Anyone can sit on the street near these houses (or businesses), associate to the access point, and access the Internet or try to break into the rest of the home network. Tools that perform these kinds of searches are free and easy to find and use.

Figure 1. Example of scanning for wireless networks in a neighborhoodSeveral of the unsecured sites shown in Figure 1 are in the same condition that your wireless router is in when you take it out of the box. In other words, these people took their router out of the box, hooked it up, and started using it without enabling wireless security. It is great for getting up and running fast, but if you do not take a few minutes to secure your router (and it really only takes a few minutes), you could be asking for trouble.

Next: What do I do about wireless security?

About the Authors
Jim Doherty is the director of marketing and programs with Symbol Technologies' industry solutions group. Before Symbol, Jim worked at Cisco Systems, where he led various marketing campaigns for IP telephony and routing switching solutions. Jim holds a B.S. degree in electrical engineering from N.C. State University and an M.B.A. from Duke University.

Neil Anderson is a senior manager in enterprise systems engineering at Cisco Systems and is currently responsible for large corporate customers in the areas of routing and switching, wireless, security, and IP communications. Neil holds a bachelor's degree in computer science.

To contact either author, please email: [email protected] and use Home Network Security Simplified/post question as the subject line.Title: Home Network Security SimplifiedISBN: 1-58720-163-1 Authors: Jim Doherty, Neil AndersonChapter 2: Tip 2: Secure Your Wireless NetworkPublished by Cisco Press

Reproduced from the book Home Network Security Simplified. Copyright [2006], Cisco Systems, Inc. Reproduced by permission of Pearson Education, Inc., 800 East 96th Street, Indianapolis, IN 46240. Written permission from Pearson Education, Inc. is required for all other uses.

*Visit Cisco Press for a detailed description and to learn how to purchase this title.Next: What do I do about wireless security?

Another article by the same authors: Voice over IP--The Basics