Truth 44 Wireless security at home

About four months ago, I moved into a new home. At the time that my wife and I were looking, we thought we were asking all the right questions. It seemed like a great location, it was the perfect size, and it even had a pool. Since I work from home, I thought it would probably be a good idea to get my high-speed Internet turned on. Sure, I should have planned ahead, but I figured as much as I travel, the ISP would get it installed while I was on the road. Imagine my surprise when I discovered that my home was located in a “dead zone,” which basically meant I couldn’t get wireless access. In the meantime, my work was piling up, and the lack of Internet access was causing a problem.

While most people would have bitten the bullet and gone with a dialup, I had another idea. I got out my power converter that allows me to power my laptop using the cigarette lighter in my car, and I hit the road. With my laptop beside me, I started to cruise the neighborhood. It turns out that only my street is “dead.” Ridiculous as it may seem, it’s true. For me, this had a silver lining, since as soon as I hit the next street over, my laptop started showing numerous available wireless connections that were broadcasting from my new neighbors’ homes. This would be my salvation.

When you install a wireless device in your home, it affords you the ability to use your laptop from any room in the house without the need for an Ethernet cable. This ease of mobility is great, but it often comes at the detriment of the user. You see, by default when you install this type of device, it is open to the world. This means if some guy happens to be driving down your street with his laptop in his car, he can simply connect to your wireless device and begin using your Internet service—for example, someone who lived in a “dead zone” and did not have high-speed Internet access of his own.

For the next several weeks, I found dozens of locations near my home where the sun was blocked by trees, so I didn’t bake in my car and didn’t look too suspicious sitting there all day long. I had full-speed Internet, and no one was any the wiser. Ultimately, I ended up installing DSL at home, but my few weeks working out of my car gave me a scary look at just how vulnerable many of my neighbors were.

Some might think I was breaking the law, but was I really? Often, hotels offer free wireless service in their rooms. Many coffee shops and book stores offer wireless access for free as well. How do you connect? The same way that I connected to my neighbors’ wireless. You simply open your computer, search for networks in range, and choose an unsecured access point. I didn’t crack any passwords, and I certainly didn’t receive any notices announcing that I was not authorized to access the service. So for all I know, these people had placed these wireless devices out there just for people like me who were in need of quick access to the Internet. I mean, why else would they not have put a password on the device?

Obviously, these wireless devices should have been secured properly, but not because of a potential freeloader like myself. The risks to home users who leave their wireless access points open is much greater. When I am hired to break into a company, often I go after computers by using an open wireless access point I find on the company network. The same can be done with home users. What most people don’t realize is that once I am on your network via the wireless device, I can start monitoring all the traffic on your network. If you receive an email, I see it. too. An instant message? I’m watching. You browse to your favorite Web sites, and I see everything you see. And that’s just the beginning.

Often, your Internet service provider (ISP) offers you an added level of security by blocking all incoming traffic to your computer. This “firewall” protects you from the would-be hackers of the world. So even if you have done a poor job of securing your computer, it’s okay because your ISP has you covered. Now if I gain access via your wireless device, I have bypassed the ISP’s external security, and I am sitting right next to your computer on your network. If you have any vulnerability, I can find it in minutes. The next thing you know, I am perusing files on your system, recording even more information about where you’re browsing, and most importantly, if you’re doing anything from online banking to e-commerce. Basically, it takes no time at all for me to gather all your account information, and just like that, the identity theft begins.

Of course, it’s not always that easy, and there are certain things that you can and should do to protect your computer and your identity.

Add a password to your wireless device. Each device is different, so you need to read the instructions to find out how to do that on yours. You need to make sure your password is difficult to crack. Using a single word won’t do. It needs to be a large password, and it should be random letters (upper- and lowercase), numbers, and symbols.

Make sure your device supports Wi-Fi protected access (WPA) and that you chose that type of encryption. There are two forms: WEP and WPA. Through the years, wired equivalent privacy (WEP) has been hacked numerous times, to the point where now it is no more secure than a closed window on your house when the burglar is carrying a lead pipe. If your wireless device offers only WEP, you should probably consider purchasing a newer device.

Don’t leave confidential information on your computer. I have broken into hundreds of computers that contained everything from text files that held lists of passwords to files that held all the user’s credit card numbers and expiration dates. If you are going to keep this kind of information on your desktop, you must encrypt these files. If you don’t, you are just asking for trouble.