By Brian Persaud, and
Gerhard Ramsaroop
A growing number of Guyanese are now enjoying the freedom and convenience of access to wireless networks, more commonly known as Wi-Fi. No clutters of cable, no expensive installation costs and the liberty to connect anywhere in our offices. We can even have our wireless network set up in a matter of minutes. For these reasons, Wi-Fi has become popular. But is there a downside to Wi-Fi and if so what is it? With WI-Fi everything on our network is being shared to the world…wirelessly: our internet connection, the confidential files on our PCs and our email records, among others. With wireless networks, as with television, radio and the cellular phones, information travels through the air via radio waves. What this means is that they are vulnerable to hackers who need not even be in the building connected to the network. Moreover, anyone with a wireless card and in close proximity can receive signal from your wireless network if it is not secured and access the data contained thereon.
Unsecured networks are prevalent among individuals who use wireless routers to share their broadband internet connections. While this is a simple facility to instal, however failure to secure the router leaves the entire network vulnerable to intrusions, including ‘piggybacking,’ a form of intrusion that allows your internet access to be used – without either your consent or your knowledge -through your wireless connection by intruders. This typically occurs in cases where buildings are in close proximity to each other or close to roadways from which vantage points, sitting, perhaps in a vehicle, hackers can have a ‘field day’.
Wireless networks and computers can be protected from intrusions by adhering to some procedures when Wi-Fi’s are being set up through a few basic precautions.
(1) Wireless networks should be concealed and the name changed:
Wireless routers announce their presence by broadcasting the names or Service Set Identifiers (SSID’s) of their networks. Access to networks can only be achieved through SSIDs. Disable the SSID broadcast option and your network is invisible to outsiders.
All routers are shipped from their manufacturers with default names (SSIDs). Changing this name and rendering the new name invisible makes outside access difficult unless the interloper is literally able to guess the new name correctly.
(2) Router default passwords should be changed
Just as with the default SSID, routers are also shipped with default passwords which are used to configure the settings on your wireless network. These passwords are usually no secret and are found in the documentation that comes with the router. A hacker who breaches your network and gets hold of this password can change your network settings. Changing passwords reduces vulnerability to hackers.
(3) Encriptions on routers should be configured All modern routers utilize an encryption standard called Wi-Fi Protected Access (WPA), or its newest version, WPA2. This provides security by scrambling the information passing between your router and computer. Configuration requires a fair amount of understanding of the encryption standard and should be done ensuring that both your router and your PC support it. This is in terms of the Operating System (Linux, Windows XP, Windows Vista, etc.) and your wireless network card specification (802.11g minimum).
Recently a simplified method of securing your wireless network known as Wi-Fi Protected Setup (WPS) has become available.
This utilizes all the encryption provided by WPA and WPA2. Its main goal is to make the installation and activation of security features on wireless networks quick and simple. It works by a Push Button Configuration (PBC) on the router or by entering a 4- or 8-digit PIN code from your PC. Only very recent routers on the market support this. Windows Vista and the upcoming Windows 7 natively support WPS.
(4) Computers allowed access to your network should be clearly determined and defined.
Every device that connects to your wireless network has a unique series of numbers and letters known as the MAC address. No two devices in the world have the same MAC address. Most routers have a section in their configuration called “MAC address filtering” which allows you to input the MAC address of those computers which you wish to allow access to your network. Any computers not on that list will not be able to connect to your network.
(5) Router software should be continually updated.
The programme that controls your wireless router functions is known as its firmware. Periodically manufacturers release updated firmware for their routers which address bugs and security vulnerabilities and provide software updates. Firmware updates can be found on manufacturers’ websites.
Configuring these steps will vary depending on the brand of equipment. Most routers will come with set up CDs to simplify this process. However all the fine tuning can be done through a web interface which the router provides. This information will be found in your router’s documentation.
Wireless technologies and security measures are constantly evolving and being improved. Unfortunately, so are the skills of hackers. The measures that we have listed are not 100% foolproof because of the nature of Wi-Fi. However the enforcement of these guidelines will at least serve as a deterrent to hackers and make life more difficult for them.