pcnelson.com

One of the greatest assets of our new house is my office. Not since high school have I had 200 square feet that was solely mine. My office is on the end of the house and backs up to several homes on a busy street behind us. From my office I can “see” six wireless networks including my own. All of these wireless networks belong to my neighbors.

A few of them have innocuous SSID’s such as “Linksys” but many of them identify the house from which they originate, usually with a last name. Of those six networks that are available only two of those have any type of encryption on them and one of those is my own. I have offered my neighbors my tech services to help them lock those up but to date have not been taken up on my offer. I have heard a few of them say that they like the idea of being altruistic and sharing their bandwidth, however I wish I could thoroughly explain to them the danger of leaving your wireless network unencrypted.

It is truly dangerous not to secure your wireless hub. I have vowed not to allow this blog to become too technical but there are a few things that I need to discuss to explain this. Wireless hubs work like a network hub and not a switch, meaning that all of the traffic from your computer is broadcast to every other computer on that network. This is normally not a problem on wired hub driven networks in that you can usually trust everyone on your network. However, on a wireless network, without encryption, you are trusting anyone who decides to logon to your network. Techniques such as ARP spoofing allow hackers to easily play the man in the middle between you and anyone you are contacting on the Internet. This would allow anyone to read any of your email and watch your traffic.

So how does one protect themselves from such attacks? It is really simple but sounds complicated. Depending on your wireless router all of the setups will be different but will all have some or all of the following wireless security options.

• WEP
• WPA Personal
• WPA2 Personal
• WPA Enterprise
• WPA2 Enterprise

Do not use WEP encryption. It uses a very secure form of encryption called RC4, however it was implemented poorly and is easily hacked. There are no less than 1000 pages on the Internet explaining how to hack WEP encryption. It can be done in less than 30 minutes if you know what you are doing. WPA encryption on the other hand is virtually uncrackable depending on the length and randomness of your password. I do not see much benefit between WPA and WPA2 and most newer wireless routers will do both at the same time upon detecting what kind of wireless card is trying to logon. If your wireless router does not offer both simultaneously I suggest using just WPA as you never know if the wireless card trying to logon will support WPA2.

The difference between personal and enterprise has to do with the method used for authentication. WPA Enterprise can authenticate against databases as the personal version simply uses a key (password). For home use I truly believe that WPA Personal is more than adequate and is much easier to setup. All that is required is a key that is shared between the wireless router and the client which is your computer with a wireless card.

I mentioned a moment ago length and randomness. It is very important that your key or password for WPA encryption be long and random. Using your pet’s name fluffy will not do the trick, as anyone with a password dictionary will come up with that one pretty quick. I recommend using a very long and random key. I use a key generator to come up with my keys. It is a hassle when someone comes over to use my network but worth the trouble for the security. When someone comes over I do one of two things. I either temporarily turn off the network security while they are here, or I copy and paste the password key from a USB flash drive.

So this is the quick and dirty on setting up a safe wireless network. It really is not that big a deal, just important to follow a few basics. Maybe I will get my neighbors to add a little security to their networks sometime soon.