Wireless Security 101

Wireless networks are becoming more common. There is a good reason for this: convenience.

No more long ethernet cables snaking down the hallway, no more cutting up of walls and floorboards to connect to PCs in bedrooms.

However, with this increased convenience comes an increased chance of a security breach in your home network.

As wireless networks become more mainstream, the companies making the wireless equipment have shifted the default system settings to make things easier for the non-technical user. This has led to decreased security settings as default, meaning that unless you change some settings your PC systems could be at risk.

This can be quite a shock for some internet users, as the traditional wired home internet system is much safer. The router and your PC provide some safety measures to stop unauthorised access via the internet, and you can see people who are physically plugged in to your router. With a wireless or Wi-fi network, any device with a network card within range can access your data free, and whenever they like.

In reality, the main security risk for a home Wi-fi network is a neighbour logging in by mistake and using some of your data cap. If you are really unlucky you could be targeted by someone "war driving", that is driving around looking for unsecured wireless networks to download stuff from. Riccarton Road in Christchurch is an easy target for these "war drivers".

"Big deal," I hear you say. However, the ramifications of having an unsecured network are potentially serious. You could have your monthly data cap blown and end up paying extra, you could have pirated copies of movies downloaded or people could infect your home PCs with all sorts of malware or viruses.

The worst-case scenario could be child pornography being downloaded on an IP matching your internet account.

Thankfully, much of this stuff is unlikely in New Zealand. But it does press home the need for beefed up Wi-fi security. Here are some simple tips to ensure you don't fall victim to any unsavoury actions:

Make sure you change the default password on your router. Anyone can log into 192.168.2.1/192.168.1.1 once inside the network. If you leave the factory default password on the router it is simplicity itself to take control of your home network temporarily.

Change the password to a secure one, and if possible disable the remote log in.

Make sure you change your SSID (service set identifiers) from the default name to a personalised one, and stop broadcasting this.

Changing the SSID will stop someone logging onto your network by mistake (for example, your neighbour), and stopping broadcasting SSID will make the network undetectable to casual Wi-fi snoopers (for example, your neighbours' troublesome teens).

This will not stop those determined to access your network though, as readily available packet sniffing software can easily find the SSID name even if it is not broadcasting.

Enable MAC address filtering on your network. Each network capable device is given a unique identifier called a MAC address. You can set your wireless network to only give access to certain MAC addresses. This is by no means foolproof either, as MAC addresses can be spoofed by those in the know. In my opinion, this is more a QOS (quality of service) feature and only has real merit as a security feature when used in conjunction with some of the others mentioned here.

The single most important wireless networking security point is encryption.

Make sure you have encryption of some description. Simplified, encryption means that your PCs and your router will have a shared password.

If a strange device tries to access any data on your network and it does not have this password, access is denied. WEP is OK, WPA is better and WPA2 is best.

It has been shown that WEP and more recently WPA are able to be cracked in up to 25 minutes by a determined hacker.

However, unless you have annoyed a computer geek recently, I wouldn't be overly worried. WEP or WPA will be sufficient security for most households.

It is an unfortunate fact that no wireless network is immune to compromise.

It is up to the owner to make this as difficult as possible. Thankfully, the risks of this in New Zealand are relatively low.

I still recommend most users combine at least two or three of the above measures to safeguard themselves.

With a decent password, changed SSID that is not broadcasting and MAC address filtering, your network will frustrate all but the most skilled hackers.

* Ross Martin is a Christchurch-based technology writer.

- © Fairfax NZ News