Questions and Answers: How To Protect My Wireless Network

Wireless technology is everywhere, look no further than the MacBook Air that was announced at Macworld Expo. And for the most part we benefit from not being tied down to cables. More and more of us have wireless networking, Wi-Fi, at work as well as home, with all the security and privacy implications that brings. Written as a question and answer session, this article is meant to try to clear up some common questions surrounding Wi-Fi.

Q: My friend told me he doesn’t pay for his internet broadband. Instead he is “piggybacking” on other people’s unsecured Wi-Fi networks within his apartment building. Is this possible?
A: Sure it’s possible. I think anyone who lives in an apartment building can attest to how many wireless networks there are, and that many of them are open and unprotected. Many who buy Wi-Fi equipment and set it up at home don’t secure their networks. And by default pretty much any Wi-Fi equipment is open and accessible to all. So unless you set some security on the Wi-Fi network, your neighbors can enjoy a free ride at your expense. Whether this is ethical or moral is a debate we’ll save for another time, but there are obviously security and privacy implications of having other people using your internet connection. And if that other person does something really bad while using your Wi-Fi, like hack into a bank and take money, then it’s quite possible you end up liable because they were using your connection. So besides protecting your information and equipment, you want to secure the wireless network so you don’t end up paying for what someone else has done.


Q: What type of security should I have on my wireless network?
A: The short answer is WPA with a good password. But let’s try to expand that answer a bit. Generally you have a choice between WEP (Wired Equivalent Privacy) and WPA (Wi-Fi Protected Access). WEP was for a long time the only protection available for Wi-Fi networks, but fortunately we now also have WPA to choose from with most access points and clients. WEP encryption is fairly easily broken, but WPA with a good password is much harder if not practically impossible to crack. We should point out that if you have older wireless equipment it may not support WPA, in which case you have to stick with WEP.
The SSID (Service Set Identifier) is the name of the wireless network. You typically set this in the wireless settings section of your access point (see next question). You can choose between broadcasting the SSID or hiding it. If you hide it, someone who casually passes by will not “see” the wireless network. This offers very little protection, as the wireless signal is still broadcast and with just some knowledge a person can still access it. So don’t broadcast the SSID if you like, but don’t think it protects you in any way.
Every device that connects to a network has a MAC address (Media Access Control). It’s a unique identifier that’s used to make the network traffic find its way to the proper destinations. With most Wi-Fi base stations you can select to only accept certain MAC addresses with which to connect. Even if others can see the SSID, they can’t connect unless they use an approved MAC address. A problem with this approach is that it’s fairly straightforward to spook (fake) a MAC address, so it offers little real protection.
All this security is no good unless you also have a strong password. Having “password” as a password, for example, I think we all realize is a really bad idea. The password should be as long and as random as possible. Let a random password generator (such as the one at http://www.pctools.com/guides/password/) generate a password for you, and your password will be as secure as it can be. If you make up your own password try to stay away from anything that may appear in a dictionary, and mix characters and digits.

Q: How do I access and change my wireless settings?
A: This is usually done by going to a specific URL with a web browser. So once you’re connected to the wireless network you would browse to something like “http://192.168.1.1”. Note that the specific URL may be different for you, depending on who makes your Wi-Fi base station. The first time you enter that URL there is probably not a password, but you need to set one as soon as you can. If you don’t, anyone else can connect and change your settings. Follow the above advice about passwords. It’s different with Apple wireless base stations: To administer an Airport Extreme or Express base station you have to have the Airport Utility, which comes on a disk when you purchase the equipment.

Q: I sometimes use my MacBook when I’m out and about, like at coffee shops. I’m worried that someone can access my private files. What countermeasures should I take to avoid this happening?
A: Public access points such as Etisalat’s iZone in the United Arab Emirates are generally wide open and not secured. This means the information is sent unencrypted and the guy sitting next to you, although he looks innocent and harmless, may be saving all the information sent on the network. If you got to a web site that uses “https” then you’re secure, but most of the time sites don’t use encrypted connections and it’s rare the email does, so be careful. If you want to make really sure that you’re safe, you have to use something like a VPN (Virtual Private Network) connection.

Q: I went to my local electronic store looking for a wireless router. There were so many names and numbers to choose from that I walked away totally confused. Please could you advise me on the best choice for a home-based wireless network?
A: It can be quite a jungle and it’s hard to know what’s good and what you need. Generally speaking I would stick with the major brands, such as Linksys, NetGear, 3Com, Buffalo, etc. One thing to check first is the speed. That’s the “802.11”-something. The latest standard is 802.11n, but not all devices support it yet. If you really want to be on the safe side, 802.11g is the way to go, and it’s rated at 54Mbp – which should be plenty for everything but the heaviest of file-copying. If you have something that’s 802.11b, be aware that it is outdated technology and only rated at 11Mbps. And know that if you use any 802.11b device on an 802.11n network, the network speed will not go over the 802.11b specifications. It will always follow the lowest common denominator. Also consider whether you need a DSL modem. There are many combined DSL modems and Wi-Fi routers to choose from, which of course is convenient because it’s all-in-one. Apple currently doesn’t sell any product that works as a DSL modem, so if you have Apple wireless gear such as an Airport Extreme you still need the DSL modem part in the form of another device. At home we use a 3Com Wi-Fi router/modem, but we only use it as a DSL modem and we have an Airport Extreme working as the Wi-Fi access point. The combinations are almost endless.

Q: Any final piece of advice?
A: Wireless technology has come a long way in a few years. Problems that were common before have now gone away and overall devices are much more reliable than they used to be. It’s wonderful not being tied to cables, and Apple is clearly setting a trend with the MacBook Air and Time Capsule – saying that wireless is the way to go. I think once you’re wireless you wonder how you could ever have done without it before. Good luck and have fun. Any further questions or problems, remember that we’ll do what we can to help at http://www.emiratesmac.com.

Answers by Magnus Nystedt

Popularity: 1% [?]