Wi-Fi security is paramount – without it, there are many things that someone could do on your wireless network – things that range from minor or barely noticeable all the way up to flat out illegal – and everything in between.
A case for security
Honestly, most people that are looking for Wi-Fi networks with no security or weak security are simply looking for free internet access. These people just want to check their email, surf the web, or download something without paying for internet access.
They don’t really have any hostile intent for your network.
However, there are also more sinister people looking to gain access to a wireless network for unsavory uses, such as:
- To steal your data – perhaps they can get your credit card number or tax information to use it for fraud, or maybe they want to steal photos or other personally identifiable information and use it to blackmail or otherwise expose you
- To invade your privacy, search for risque photos, or access sensitive financial information
- To download or upload illegal content online without being traced back to them – things like copyrighted material, illegal software, or child pornography
- To hack or attack other systems without being traced
- To download or upload large amounts of data without it slowing down their own internet connection
Ultimately, it comes down to this – someone is using something of yours without paying for it and without your permission. Is that really something you are okay with?
You could be liable
Furthermore, if the perpetrator does something illegal online using your internet connection, the authorities can investigate the source IP address. This will lead them to your ISP – upon which they can subpoena your ISP to provide the associated subscriber’s name and address.
Guess whose door they will come knocking on next? Yours.
The scary part is, it could be the guy next door, someone parked in the street, or a neighbor down the road. It is very difficult to physically locate the person.
Isn’t it easier to just set up ample security from the start to ensure that you are keeping all potential unwanted guests out?
Security Methods
There are several different modes and methods you can use to secure your wireless network. The easiest, most common, and most effective solution is to enable the proper type of security and encryption protocols on your router.
This will not only prevent someone from joining your network who doesn’t have the password, it will also prevent anyone in the area from eavesdropping on what you are doing online.
The main security protocols are:
- Open/None (AKA, no security)
- WEP (weak security, very easily cracked)
- WPA (better, but still weak)
- WPA2 (best for home use)
- WPA Enterprise (ok, for business)
- WPA2 Enterprise (best, for business)
Can you use the Enterprise versions at home?
I can see why you would want to – the enterprise versions of each protocol renew/update their keys at a set interval, whereas their non-enterprise counterparts simply use a pre-shared key. This key update makes the enterprise versions rock-solid secure, since the key is always changing.
A typical user would not want to attempt using an Enterprise protocol at home due to the advanced knowledge required to set it up. Additionally it requires setting up a dedicated server to make everything operational.
The vanilla WPA2 protocol is enough for most users and is much easier to set up and manage.
The best security option
For home users, WPA2 is currently the best choice. If your router gives you the choice of using TKIP or AES with WPA2, choose AES.
Additional security settings
Utilizing WPA2 on your router with a strong passhrase provides plenty of security for most users. If you are extra paranoid, you can also employ some additional security methods.
Here are some additional security settings that can optionally be enabled to enhance security on your wireless network. These features are not as robust or as easy to implement as enabling WiFi security/encryption – they are intended merely to be supplements to the security of your network.
Basically, you should not enable these options without security/encryption and expect your network to be secure.
Disable SSID broadcast:
With the SSID broadcast disabled on your router, people won’t be able to see your Wi-Fi network, or they will only see an “unnamed network” in their list of available Wi-Fi networks. Connecting to a network with SSID broadcast disabled is more difficult – you will have to manually define your SSID in your computer’s network settings before it will connect.
Fewer people will notice your network, but advanced users can still easily find your network using the right tools. Simply disabling the SSID broadcast also does nothing to protect your privacy as information is transmitted through the air – you need security/encryption for that.
If you are connected to an Open Wi-Fi network (one that does not use encryption), anyone that knows what they are doing can intercept your traffic and view what you are doing online without you knowing it.
MAC address filtering:
Like disabling the SSID broadcast, utilizing MAC address filtering will also do nothing to protect your information from eavsdroppers.
It will, however, make it more difficult for an unauthorized user to access your network. MAC filtering works like a whitelist – where only MAC addresses that are defined on the list can communicate on the network.
That said, advanced users can ‘sniff’ for a valid/authorized MAC that is currently in-use on the network, and then spoof their MAC to use an authorized one.
Enabling MAC filtering also makes managing your own wireless network very cumbersome – any time you want to connect a new device to your wireless network, you first have to log in to your router and add the new device’s MAC address to the whitelist.
Andrew Namder is an experienced Network Engineer with 20+ years of experience in IT. He loves technology in general, but is truly passionate about computer networking and sharing his knowledge with others. He is a Cisco Certified Network Professional (CCNP) and is working towards achieving the coveted CCIE certification. He can be reached at andrew@infravio.com.