802.11b & 802.11g Wireless Modem / Router Installation
(Security Considerations)
Wireless modems and routers usually have four hard wired (ethernet) ports in addition
to its wireless capability.
If you're planning on installing a wireless modem yourself
we recommended you install it hard wired first. The configuration of the wireless software
is considerably easier via a fixed connection. If not, it's quite easy to lock yourself out
of your wireless network while you're configuring the necessary security surrounding the
link up between your PC and the modem.
It's no big deal if you do lock yourself out - you simply connect a cable from your PC to the
modem and thus bypass the wireless secuity.
Why bother with wireless security?
The main reason is to avoid people stealing your broadband connection.
The second reason is for your privacy (but this is not a spooky as it sounds).
In most installations for home and SOHO (small office / home office) we find that the
following suffices:
securing your modem to accept only certain wireless cards using MAC addresses (yours); and
securing your PC or notebook with a password (eg. the standard Windows login), This takes about 15-30 minutes per computer.
Securing your modem or router
MAC address
The most basic security is to use the MAC address of the
wireless card in your PC. A MAC address uniquely identifies a component of computer hardware.
By specifiying that the wireless can only be connected to specific MAC addresses (or vice versa)
you lock out
all other wireless cards.
There are instructions that come with your modem / router telling you how to do this.
Sounds simple, and it is, and it works. So what's the problem?
The problem is that the PC transmits the MAC address over an
insecure ("unsecured") network (your wireless network).
A would-be hacker can quite easily find out your MAC address.
Having done this they can then pretend to be you (they can "spoof" your MAC
address).
Encryption
The solution to this is to encrypt the signal being sent between the modem
and the PC (and in fact between PCs themselves if you have a fully integrated wireless
network).
Your instructions tell you how to do this too.
This does not provide bullet proof security, but it is as good as you need if
your main (or only) reason for having a wireless network is to access the internet.
[As an aisde: This type of
wireless encryption is unnecessary for doing secure transactions over the internet
such as banking / credit card numbers etc. Most of these transactions (certainly all of the
banks and all reputable online shops) have already been encrypted. If someone intercepts your banking
transaction over your unencrypted wireless they'll just get scrambled garbage. Also, most
free email accounts also encrypt you password. Your email is not normally encrypted but the
password to access the account is. While in transit, your email can be read, but not your password.
The down sides of these security measures
If a friend or colleague comes over to use your connection they will not be able to
unless you either switch off the MAC address secuirty measures or put their MAC address into the
list of acceptable addresses. Both of these are fairly trivial tasks and are well documented in
instructions.
Encryption slightly slows down your connection speed.
Securing your laptop or PC
Adding a password to your PC or notebook makes it more difficult for someone else
to connect your PC to their network.
Why would anyone bother to do this?
It would be rare but, theoretically, if they had a wireless network of their own
(and it does not necessarily have to be connected to the internet) and they connect your PC
to their network, they can then use that connection (between the two PCs) to access
your wireless connection to the internet.
Without the password to your PC or laptop it is difficult for them to connect
your machine to their network.
This artcle on wireless security from arstechnica will provide you
significantly more detail. It's a few years old but still current. Bear in mind that
they are talking about industrial strength security. Much of it is really only relevant
to private (non-world wide web type) networks, but it does provide the full security
scenario. | 