Wireless Network Security

Today it seems that wireless LANs are available everywhere - in hotels, airports, coffee shops and office buildings. You may even have a wireless router in your home allowing multiple computers to share a single Internet connection. I'm Jeanna Matthews and today on Common Sense Computing, we will be discussing the security of wireless networks.

One thing that makes wireless networks more vulnerable to attack is that one can join the network without gaining physical access to the building containing the router. The term "war driving" has been coined to refer to driving around a neighborhood with a laptop looking for signals from unsecured wireless access points. This is unlike a wired network such as Ethernet for which an attacker would have to break into a person's home to access their network.

The biggest thing that makes wireless access points so vulnerable to attack is that most people do not change the default settings on the routers when they buy them. Thus armed with a laptop, a wireless card, and the default administrator passwords for a handful of popular products, attackers can actually take control of the majority of networks they find.

One of the best defenses against such an attack is to change the default password and to configure your router not to announce its presence via periodic beacons. Periodic beacons sent by a wireless router enable computers to automatically detect and associate to them. Without periodic beacons, you must manually configure your computer with the name or SSID of the router. However, for typical home users, the number of computers is small and doesn't often change. Manually configuring a handful of machines is a small price to pay for securing your network against attack.

Eliminating periodic beacons means that an attacker would actually have to catch you using your wireless network to know it exists. However, even without periodic beacons, attackers can still determine the SSID of your network by watching your own traffic and then attempt to associate. If you have changed the administrator password, then they won't be able to control the network but then can use your network connection and watch your traffic - your emails, what web sites you visit, etc.

The best way to prevent this is to turn on WEP or Wired Equivalent Privacy. With WEP, traffic sent between registered computers and the wireless access point is encrypted with a shared key. Once again, you will need to enter this key manually on each computer in your network. Once this step is done, registered machines will be able to see each other's traffic, but attackers will only see encrypted frames. There are ways to break WEP that involve collecting a large amount of transmitted data. This takes time, but not as much time as you might hope even on a relatively idle home network. Despite this, WEP still introduces a roadblock for the potential attacker and it will likely deter all but the most persistent and technically savvy attackers. Most attackers will simply move on looking for an easier target.

Securing your wireless network is much like physically securing your home. To make it more difficult for attackers, you introduce minor inconvenience for yourself by locking the door with a key. Still even though you lock the door of your home, you know an attacker could still break your window or watch to find out where you hide the spare key. Nevertheless, locking the door sends casual attackers looking for easier targets and unless you live in Fort Knox that is usually the biggest part of the battle.

For common sense computing, this is Jeanna Matthews.