Secure your WiFi network

Posted on 18 Apr 2007 at 10:20

• 
• 
• 
• 
• 
• 
• 
• 
• 
• 

 1 of 10

Gallery

Running an unsecured wireless network compromises your computer's security and puts you at risk. Karl Wright shows you how to make your network as safe as houses.

In July 2005, Londoner Gregory Straszkiewicz was convicted of repeatedly using his neighbour's WiFi connection, fined £500 and given a 12-month suspended sentence. He may be unique in having the misfortune of getting caught, but Straszkiewicz is not the only one stealing his neighbour's bandwidth. According to a survey carried out last year by AOL, nearly one in six UK computer users (six per cent of women and 22 per cent of men) admit to having illicitly used someone else's wireless broadband connection.

None of this should come as a big surprise to anyone. Take your notebook down a residential street in any British town or city, and the chances are you'll discover at least one unsecured wireless network along the way. In a study carried out last year, the computer security company Panda Software found that up to 60 per cent of users did not secure their network. One reason why people don't take wireless security seriously is that they don't appreciate the dangers they are facing. Allowing unauthorised access to your network and to your broadband connection can have serious and potentially far-reaching consequences.

In this article, we will explain how you can secure your wireless network. We'll walk you through the basic steps you can take to restrict access, right up to the advanced data-encryption techniques used in major enterprises.

Know your enemy

In the most benign scenario, a hacker will, like Straszkiewicz, just steal your bandwidth. This may sound trivial, but it could soon become intensely annoying. If, for example, the hacker is using bandwidth-intensive applications such as P2P file-sharing, you may experience a very slow internet connection.

A more mischievous intruder could easily use an unsecured wireless network to access the computers on your network. Once they have access to your network, it's easy for the intruder to steal your data. In 2004, Brian Salcedo of North Carolina was convicted of stealing credit card information from a chain of hardware stores. He did this by logging on to an unprotected WiFi access point and installing a program that monitored card numbers being entered into the store's database. While your home PC might not contain a list of customer credit cards, someone could gain access to your private correspondence, your PayPal user login details and your online banking records.

Then there's drive-by pharming. This is a relatively recent phenomenon whereby a hacker sets up a webpage with some hidden code that will make significant changes to the configuration of your broadband router or wireless access point, without you having to download anything. These changes mean that its DNS server settings will point to the hacker's DNS server. The hacker has control of your internet connection and can send you to whichever site they want you to go to, regardless of the address you entered. This type of attack is successful because many people don't change the default password on their router, making it easy to guess.

In the final and most disturbing scenario, an intruder who gains unauthorised access to your wireless network could use your PC and your broadband connection to break the law. They might use your connection to download child pornography, illegally share copyrighted material or upload viruses and other forms of malware to the internet. They might even use your network connection to commit a serious hack. One of the ways in which hackers make it difficult for others to trace them is by remotely taking over the PC of an unsuspecting victim and then using that PC to perpetrate a crime. When the hack is traced, initially at least it will be traced back to the IP address of the first victim. But this method has drawbacks: it can be difficult to execute, and it may put the authorities off the scent for a short time only. Connecting to an unsecured wireless network, however, is easy, and unless the victim has enabled connection logging on their router (which is pretty unlikely) it will probably leave no traces.