Insecure Wireless Network Could Get You Arrested or Sued

Synopsis:

shocked girlHaving an insecure wireless network makes you liable for arrest or lawsuit! If you have not done all these things listed below to protect your wireless network, take the few minutes it will take to do the basics and DO THEM NOW!!

Basics

There is no excuse for not doing all these things
– Change default user name & passwords for routing equipment
– Use strong passwords
– Turn on encryption (WPA2 or better. WEP is hackable in minutes)
– Change default SSID
– Enable firewalls
– Turn off when not in use
– Update router firmware to the latest version

Advanced

Increases security but may require more time or expertise
– Disable DHCP and assign static IP Addresses
– Filter by MAC address
– Monitor network for intrusions
– Use software to test for network vulnerabilities

handcuffsDid you know that you can be arrested or be sued if your wireless network is insecure? If you have an insecure wireless router at home, someone could use your internet connection to start downloading child pornography, attack the NSA, send spam, release viruses, or hack your own computer and steal your identity! So when the police or NSA come knocking at your door how are you going to prove that you didn’t do it? All that activity will be traced back to your IP address and you will need a really good argument to convince them otherwise. But why waste your time, money, and possibly your identity by not taking a few minutes to secure your network? What about businesses that have wireless networks set up? If a business has an insecure wireless network, hackers can use that to steal information by monitoring the network or compromising computers on that network. If that happens, patients, customers, and employees are all at risk of having their private information stolen. Not good!

Lets step through the basics of what everyone should do to secure their wireless network.

– Change default user name & passwords for routing equipment

If you don’t change them, your router can be controlled by anyone. Changing the user name and password on your wireless router is easy. If you don’t know how to change them do a Google search for the user manual for the make and model of your wireless router.

– Use strong passwords

Please don’t set the password to be the same as the user name or the name of the router, that is just asking for trouble.  Good passwords generally need to be 7 or more characters with a mix of symbols, letters, and numbers. Using words that can be found in the dictionary  in your password means that it can probably be hacked in just a few minutes.

– Turn on encryption

Turning on encryption means that all the information won’t be sent over the air for everyone to see. Not having encryption turned on is like having a large electronic billboard outside your home or office displaying all the information that is being sent over the network. When turning on encryption on your wireless router, you will probably be presented with several encryption options. WEP is no longer a good choice because it is flawed and can be hacked in minutes. WPA2 is a  better choice and will keep your information much safer.

– Change default SSID

SSID is the unique name that devices use to connect with the wireless router. While changing the SSID of your wireless router doesn’t increase how secure it is, it can reduce the likelihood if it getting attacked. If a hacker sees that a wireless router’s SSID has been left at it’s default, there is a good chance that the router still has all or most of it’s default security settings (which aren’t secure). Changing the SSID moves your router off of the list of first to attack. You can even take that a step further and disable broadcasting of the SSID which means that devices will have to know the SSID before they can connect. Because an non broadcasted SSID can be found using the right tools, it should not be used as a sole means of security.

– Enable firewall

brick wall

Most routers come with basic firewall capabilities and it would be silly not to enable it. Firewall software should also be running on all devices connecting to the network if possible.

– Turn off when not in use

Obviously it is overkill to be turning your router on and off every 5 min. when you need to pull up a web page or check your email. Turning of the router when you will be out of town or know you won’t be using it for a while is an excellent preventative measure.

– Update router firmware to the latest version

Often a manufacture of a router will release an update to the software that runs the router to fix security holes or improve performance. It is always a good idea to check to make sure you are running the latest and update it if you are not. Make sure you read and follow all instructions for updating firmware to prevent “bricking” your router. “Bricking” means you broke it and it can be very hard or impossible to get it working again, like a brick.

– Disable DHCP and assign static IP Addresses

DHCP is great because it is dynamic and it’s easy but it can be used to a hackers advantage. Assigning an IP to each device that you know is on the network prevents other devices from trying to get an IP to connect to the internet.

– Filter by MAC address

You can filter connections to the wireless router by the computers MAC address. The MAC address is a uniquely identifying number burned into the devices network interface. This is really nice because you can set up a list of devices that can connect to the network while keeping everyone else off.

– Monitor network for intrusions

There are several ways to monitor your network for intrusions. The simplest way is to set your router to log connection information and you look over those logs consistently for abnormal activity. Simple but not very time efficient. A more advanced way to monitor for intrusions is to set up an intrusion detection system (IDS) to look for suspicious activity and inform you of it automatically. There are some units that cost and are ready to go, or there are open source solutions like SNORT. Monitoring a network for intrusions is an advanced safety measure and usually done by the safety conscious or those who must protect sensitive information on a network like a business, doctors office, or credit card company.

– Use software to test for network vulnerabilities

Ofter setting up a network to be secure, it is a really good idea to use tools to test for network insecurities. Many of the tools to test for vulnerabilities are the same ones used by hackers to gain access to your network, so why not use them to find the holes? Tool complexity range from clicking a button to typing in commands at a command line interface. If you are really serious about network security, or the information you have on your network mandates that you be paranoid about it, you had better be doing testing using these tools.

Resources:

Images:

Published by

MikeGrace

I am a Geek! I hope you enjoyed this recent post.

4 thoughts on “Insecure Wireless Network Could Get You Arrested or Sued”

  1. So, for work I am taught to prepare for scenarios. Thinking about different scenarios these preparations would effect. For one: I used my internet service for my home phone line with voip. If I want to receive calls while I am home on that line, I will need to have my Internet turned on but not necessarily the wireless. Are there any scenarios that would prevent a person from performing all of these tasks of protection? I guess it really is just a matter of weighing out your options.

  2. @Nic,
    Good question! There are only a few items that some might run into a problem with.

    – Encryption
    Depending on the devices that need to connect to the wireless network, you might have to use a lesser encryption to be compatible with that device. Ideally, you would set up a different wireless router for that device so all aren’t using the lesser encryption.

    – Disable DHCP and assign static IP Addresses
    – Filter by MAC address
    Both of these won’t work very well if you need to accommodate transient devices. If you know all of the devices that will need to connect then you should add them to you MAC address allowed list.

    – Disable SSID broadcast
    Less of a problem and more of an inconvenience, I have noticed that my iPhone won’t remember my wireless network after I disconnect forcing me to enter all of the connection info again. For transient devices that exhibit similar behavior will probably be more hassle than home users or small business are willing to deal with.

    For most homes and small business, there a few enough devices that aren’t mobile that most of the problems come from ignorance and not taking the time to just do it. I also like what you said about weighing your options. Some situations mandate a certain level of security but beyond that you need to weigh usability against security. Good security, in theory, should not get in the users way of usability. I enjoy security and have studied security risks a bit so I have a higher tolerance for sacrificing usability for security. Ideally we would eventually like not needing to sacrifice usability to get that security.

Comments are closed.