With the rapid pace of today’s technology it is a significant challenge for the average person to keep up with the latest security problems are that may affect them.   Many people have a difficult time just staying on top of the current security fixes and patches for their operating system and applications.  The security industry (and the greater security “community”) are part of an extremely fast paced environment, wherein threats and exposures can change daily.  Each security problem discovered often arrives right on the heels of the previous one, leaving little time for most people to actually understand their exposures and how to protect themselves. 

With the popularity of wireless networking technologies today, this problem is more noticeable than ever.  Wireless access points used in homes and offices to access the Internet have rapidly proliferated over the last few years.  Most of these devices are designed to be as easy as possible for the consumer to set up, and therefore, their default configuration “out of the box” is often much more open than is prudent, from a security point of view.  This technology at its most basic level is a network device that turns the data that normally travels across wires, and converts it into a form that can be carried by radio waves transmitting through the air.  Because the user has little control over the direction and distance of the radio transmission, anyone in ranges of the access point can intercept information, disable legitimate access to the device, or perform other forms of attack.  Such an attacker could steal your credit card information while you make a purchase online while using wireless Internet connection.  An attacker could even steal your social security number if you file your taxes or pay bills online.  Because of this, it is crucial to understand the issues associated with owning and using a wireless router or access point, and knowing what you can do to protect yourself and your information from being stolen and misused.

Questions & Answers

1.         Q.        But how can someone know I have a wireless Internet connection?

            A.         Wireless routers always broadcast their presence openly over the radio waves no matter how they are configured.  Anyone walking by with a notebook computer or wireless-capable device can receive these signals and know that the router is there and on.  Even when you disable the ‘SSID broadcast’ feature on wireless routers, it still broadcasts its presence.  That setting only stops the router from advertising its network name, but not that it exists.

2.         Q.        Why would anyone ever bother to try and “hack” my wireless access point?

            A.         Many wireless attacks today serve different purposes than just stealing for money.  Many people will use your wireless access point just to steal your Internet access; that is, to get onto the Internet for free.  There are many cases, however, where someone will hack a wireless router to get onto your network, and then proceed to hack your computer.

3.         Q.        What can someone steal when I’m on my wireless Internet connection?

            A.         Once your wireless router has been cracked, anything that you do on your wireless connection could be compromised.  This includes buying things online with a credit card, checking your e-mail, logging into your bank accounts online, paying credit card bills online, or even filing your taxes!  Anything you do on the Internet can be monitored or intercepted by the attacker once they have succeeded in cracking your wireless router.

4.         Q.        I use MAC address filtering in addition to my encryption, so an attacker can’t connect to it.  Why do I need to do anything else?

            A.         This security feature is often a cause of confusion for users of wireless routers and access points.  On some routers, this feature is called an ‘Access List’ or ‘Allowed devices’.  It allows you to block any computers other than those you want to allow to connect to your wireless router.  This may help stop the casual person from getting onto your wireless access point, but to a knowledgeable attacker this is easily evaded.  Most attackers will know how to change the MAC address, or ‘unique number’ of their wireless card.  Armed with this knowledge, they can simply wait and see what the address is on your wireless card, and copy it.  So, even though MAC address filtering is a good preventative measure that can help protect against the “casual Internet stealer”, it does not provide any real protection from a knowledgeable person who wants onto your network.

5.         Q.        But I use the encryption built into my wireless router, so I’m protected, right?

           A.         Every single type of encryption available on most consumer wireless routers today is easily cracked.  The only protection against this is the use of very strong passwords and enabling the strongest encryption types supported by the device.  It is important to understand some types of encryption used by wireless access points are weaker than others.  The Wired Equivalent Privacy encryption scheme (WEP) can almost always be cracked within an hour or two, whereas WiFi Protected Access (WPA) could take days, weeks, or even years to crack.  However, the encryption method selected is by itself an indicator of how well protected you may be.  Without a strong password, even the strongest wireless encryption methods can be cracked in a matter of minutes or even seconds.  The use of strong passwords combined with strong encryption, can make the amount of time required to crack a password so long that it’s not worth the effort. 

6.         Q.        Then, what kind of encryption should I use?

           A.         The best available options available now for consumer routers are WPA and WPA2.  These methods of encryption have fixed the numerous significant security problems associated with WEP, and protect against directly finding the password.  Instead, these encryption methods force a hacker to try billions of different passwords until they have matched the correct one.  Using these types of encryption combined with a strong password, your wireless router will be much better protected. 

7.         Q.        How often should I change my password? What kind of password should I use?

           A.         When creating your wireless router password, you should treat it just like any other sensitive password you use.  The best practices in industry for strong passwords call for creating very long passwords, including numbers and symbols, and changing them often.  Following these practices can help protect you and your network, however, with regard to your wireless router at home, procedures this stringent may not be practical.  Most people don’t want to remember the long strings of random characters typically associated with “industrial-grade” complex passwords. Instead, try using the first sentence from your favorite book, and placing a symbol or number at the beginning or end of it.  Also, you could make up a sentence with numbers, or perhaps skip certain spaces in the sentence.  Using these methods, you can create fairly strong passwords for yourself while still helping to ensure that they are easy to remember.  Next, you should make sure to change your wireless password often.  Changing the password can force a hacker to have to start cracking it all over again.  We recommend changing this password every week, but even doing so once a month will increase your protection.