3/4/10

Be Aware of Your Surroundings

When using a public wireless access point, you should be aware of what’s going on around you.
Are others using their computers in close proximity to you? Can others view your screen? Are
you sitting near a window through which someone, using binoculars, could get a view of your
screen? If any of these conditions exist, your sensitive data might be at risk. Consider whether it

is essential to connect to the internet. If an internet connection is not essential, disable wireless
networking altogether. If you do need to connect, use caution and follow the steps noted above.

Disable File Sharing

File sharing in public wireless spaces is even more dangerous than it is on your home wireless
network. This is because you and your wireless-enabled laptop are likely to be even closer to
other wireless computers operated by people you don’t know. Also, many public wireless
networks feature peer-to-peer networking in which other computers will attempt to connect
directly to yours. To leave file shares open in this kind of environment is to invite risk. To
prevent attackers from gaining access to your sensitive files, you should disable file sharing
when connecting to a public wireless access point. Consult the help file for your operating
system to learn how to disable file sharing.

Connect Using a VPN

Many companies and organizations have a virtual private network (VPN). VPNs allow
employees to connect securely to their network when away from the office. VPNs encrypt
connections at the sending and receiving ends, and keep out traffic that is not properly encrypted.
If a VPN is available to you, make sure you log onto it any time you need to use a public
wireless access point.

Watch What You Do Online

Because you’re likely to have an unsecured, unencrypted network connection when you use a
public wireless access point, be careful about what you do online—there’s always the chance
that another user on the network could be monitoring your activity. If you can’t connect securely
using a VPN (see “Connect Using a VPN” below), then consider avoiding
• online banking
• online shopping
• sending email
• typing passwords or credit card numbers

Safe Wireless Networking in Public Spaces

Accessing the internet via a public wireless access point involves serious security threats you
should guard against. These threats are compounded by your inability to control the security
setup of the wireless network. What’s more, you’re often in range of numerous wireless-enabled
computers operated by people you don’t know. The following sections describe steps you can
take to protect yourself.

Unauthorized Computer Access

As is the case with unsecured home wireless networks, an unsecured public wireless network
combined with unsecured file sharing can spell disaster. Under these conditions, a malicious user
could access any directories and files you have allowed for sharing.
Shoulder Surfing
In public wireless areas, the bad guys don’t even need a computer to steal your sensitive
information. The fact that you may be conducting personal business in a public space is
opportunity enough for them. If close enough, they can simply glance over your shoulder as you
type. Or, they could be peering through binoculars from an apartment window across the street.
By simply watching you, they can steal all kinds of sensitive, personal information.

Peer-to-Peer Connections

Many laptop computers, particularly those equipped with 802.11-type WiFi wireless networking
cards, can create ad hoc networks if they are within range of one another. These networks enable
computer-to-computer connections, a situation that creates security concerns you should be
aware of. An attacker with a network card configured for ad hoc mode and using the same
settings as your computer may gain unauthorized access to your sensitive files. You should note
that many PCs ship from the manufacturer with wireless cards set to ad hoc mode by default.

Wireless Sniffing

Many public access points are not secured, and the traffic they carry is not encrypted. This can
put your sensitive communications or transactions at risk. Because your connection is being
transmitted “in the clear,” malicious users can use “sniffing” tools to obtain sensitive information
such as passwords, bank account numbers, and credit card numbers.

Evil Twin Attacks

In an evil twin attack, the attacker gathers information about a public access point, then sets up
his or her own system to impersonate the real access point. The attacker will use a broadcast
signal stronger than the one generated by the real access point. Unsuspecting users will connect
using the stronger, bogus signal. Because the victim is connecting to the internet through the
attacker’s system, it’s easy for the attacker to use specialized tools to read any data the victim
sends over the internet. This data may include credit card numbers, username and password
combinations, addresses, and other personal information.

Public Wireless Threats

A wireless-enabled laptop can make you more productive outside your office or home, but it can
also expose you to a number of security threats. The following sections describe some of the
security threats you face when using a public access point.

Check Your Internet Provider’s Wireless Security Options

Your internet service provider may provide information about securing your home wireless
network. Check the customer support area of your provider’s web site or contact your provider’s
customer support group.

Keep Your Access Point Software Patched and Up to Date

From time to time, the manufacturer of your wireless access point will release updates to the
device software or patches to repair bugs. Be sure to check the manufacturer’s web site regularly
for any updates or patches for your device’s software.

Use File Sharing with Caution

If you don’t need to share directories and files over your network, you should disable file sharing
on your computers. You may want to consider creating a dedicated directory for file sharing,
and move or copy files to that directory for sharing. In addition, you should password protect
anything you share, and use a password that is long, contains non-alphanumeric characters (such
as #, $, and &), and does not contain personal information (such as your birth date). Never open
an entire hard drive for file sharing.

Change Your Administrator Password

Your wireless access point device likely shipped with a default password. Default passwords for
various manufacturers are widely known and can be used to gain unauthorized access to your
network. Be sure to change your administrator password to one that is long, contains non-
alphanumeric characters (such as #, $, and &), and does not contain personal information (such
as your birth date). If your wireless access point does not have a default password, be sure to
create one and use it to protect your device.

Encrypt Your Network Traffic

Your wireless access point device should allow you to encrypt traffic passing between the device
and your computers. By encrypting wireless traffic, you are converting it to a code that can only
be understood by computers with the correct key to that code.

Rename Your Wireless Network

Many wireless access point devices come with a default name. This name is referred to as the
“service set identifier” (SSIS) or “extended service set identifier” (ESSID). The default names
used by various manufacturers are widely known and can be used to gain unauthorized access to
your network. When you rename your network, you should choose a name that won’t be easily
guessed by others.

Make Your Wireless Network Invisible

Wireless access points can announce their presence to wireless-enabled computers. This is
referred to as “identifier broadcasting.” In certain situations, identifier broadcasting is desirable.
For instance, an internet cafe would want its customers to easily find its access point, so it would
leave identifier broadcasting enabled.
However, you’re the only one who needs to know you have a wireless network in your home. To
make your network invisible to others, see your access point’s user manual for instructions on
disabling identifier broadcasting. (In Apple wireless networking, this is called “creating a closed
network.”)
While this kind of “security through obscurity” is never foolproof, it’s a starting point for
securing your wireless network.

Protecting Home Wireless

While the security problems associated with wireless networking are serious, there are steps you
can take to protect yourself. The following sections describe these steps.

Direct attack on your computer

Malicious users may be able to access files on your
computer, install spyware and other malicious programs, or take control of your
computer.
Wardriving
Wardriving is a specific kind of piggybacking. The broadcast range of a wireless access point
can make internet connections possible outside your home, even as far away as your street.
Savvy computer users know this, and some have made a hobby out of driving through cities and
neighborhoods with a wireless-equipped computer—sometimes with a powerful antenna—
searching for unsecured wireless networks. This practice is nicknamed “wardriving.” Wardrivers
often note the location of unsecured wireless networks and publish this information on web sites.
Malicious individuals wardrive to find a connection they can use to perpetrate illegal online
activity using your connection to mask their identities. They may also directly attack your
computer, as noted in the “Piggybacking” section above.
Unauthorized Computer Access
An unsecured wireless network combined with unsecured file sharing can spell disaster. Under
these conditions, a malicious user could access any directories and files you have allowed for
sharing.

Monitoring of your activity

Malicious users may be able to monitor your internet
activity and steal passwords and other sensitive information.

Abuse by malicious users

Users piggybacking on your internet connection might
engage in illegal activity that will be traced to you.

Bandwidth shortages

Users piggybacking on your internet connection might use up
your bandwidth and slow your connection.

Service violations

You may exceed the number of connections permitted by your
internet service provider.

Home Wireless Threats

By now, you should be aware of the need to secure traditional, wired internet connections.
If
*
you’re planning to move to a wireless connection in your home, take a moment to consider what
you’re doing: You’re connecting a device to your DSL or cable modem that broadcasts your
internet connection through the air over a radio signal to your computers. If traditional wired
connections are prey to security problems, think of the security problems that arise when you
open your internet connection to the airwaves. The following sections describe some of the
threats to home wireless networks.
Piggybacking
If you fail to secure your wireless network, anyone with a wireless-enabled computer within
range of your wireless access point can hop a free ride on the internet over your wireless
connection. The typical indoor broadcast range of an access point is 150 – 300 feet. Outdoors,
this range may extend as far as 1,000 feet. So, if your neighborhood is closely settled, or if you
live in an apartment or condominium, failure to secure your wireless network could potentially
open your internet connection to a surprising number of users. Doing so invites a number of
problems:

Update your computer’s network adapter drivers

Just as a router has firmware upgrades, the network adapter in your computer have driver updates. You can find driver updates at the adapter manufacturer’s website or at Windows Update web site.

If the signal strength doesn’t improve, you could try replacing your wireless router and network cards. You may have an old router which is based on the older 802.11b networking standard. 802.11g is the newer standard. 802.11g devices are several times faster that 802.11b devices. (802.11b devices operate an 11Mbps while 802.11g devices operate at 54 Mbps.)

802.11g devices are also backward compatible with 802.11b devices. In other words, if you buy a new 802.11g router, it will still work with the 802.11b network adapters in your computers. Still, if you upgrade your router to 802.11g, for best results you should consider upgrading network adapters in your computer to 802.11g as well.

If you decide to do so, consider buying extended-performance 802.11g devices which operate at twice the speed–108Mbps. But keep in mind that if you buy extended performance devices, you must buy all of them from a single manufacturer. Most manufacturers such as Netgear, Linksys, and D-Link make extended-performance 802.11g devices but they are not necessarily interoperable with devices from other manufacturers.

And if none of these solutions work, forget about wireless and go back to good old wired networking!

Update the network adapter on your computer

If you have a desktop computer with an internal network card, try using a USB network adapter instead. These adapters usually have an antenna of their own to better capture signals. Laptops with on-board network adapters are usually fine; you don’t need to replace them. But if you use a card adapter with your laptop, try getting one with an external antenna.

Try changing your router’s broadcast channel

Most cordless telephones have a little button on the handsets which you can press to change the channel if there is noise on the line. Like cordless telephones, routers broadcast on many channels too. You may be experiencing weak or noisy signals simply because your router broadcasts on a channel that doesn’t work well at your location. Try changing the channel. You will find an option to change the channel in your router’s administration interface.

If fixes at the router end of your network don’t work very well, you can try fixes at the other end — your computer.

Upgrade your router’s firmware

Log in to your router’s administration interface. You will usually find an option to upgrade its firmware. Most people install routers and forget about them. You may be surprised to find that your router has several firmware upgrades that you haven’t applied.

Install a repeater

A repeater is a device for boosting wireless signals across greater distances. If your router’s signal is weak in a certain location in the building, you can place a repeater half way between the router and the location to boost the signal strength.

Get a high-gain antenna for your wireless router

If you can’t more the router, you can try replacing your router’s antenna with a high-gain antenna. You can’t replace antennas on all routers, but you can do so on many newer models.

Antennas on most routers have 360 degree coverage. If your router is located in one cornet of the building, a good part of its coverage area will lie outside the building. In such cases, you can get unidirectional high-gain antennas which transmit signals in 180 or even 90 degrees. Again, you must have router which allows you to replace its antennas.

Move wireless router away from other wireless equipment

Most wireless networks operate at 2.4MHz, the same frequency as older cordless telephones and other wireless gadgets. Signals from these gadgets may interfere with your router’s signals. You can try moving you router away from such equipment (or the equipment away from the router if you can’t move the router).

Another possible solution may be to upgrade your phones to newer ones which operate at 5.8MHz.

Move wireless router to a better location

The biggest culprit for weak signals is the location of routers. Many routers are installed at less than ideal locations – under tables, in closets, in corners on the floor, and basements to name just a few. Many are installed near the outer wall of a building. This results in weak signals on the other end of the building.

It is often difficult to move a router too far away once it is installed. But it may be possible to move it by a couple of feet. Try moving it off the floor and away from the walls. If it is inside a closet, you may be able to get it out simply by drilling a hole in the wall for the cable.