How Real Is the Threat?

Make no mistake, the threat is real. If you compare a wireless network with a conventional wired network, essentially the security risks posed by the two are the same with one big exception. The big exception is that a wireless network provides no physical security. Essentially anyone can tap into a wireless network. In comparison, to hack a wired network you need a physical connection to the network's wiring.

Attacks from the Internet are a threat to both wired and wireless networks. But otherwise, no one can attack a wired network without gaining admittance to your premises. Wireless networks are vulnerable to attacks from people who are not on your physical premises. This means that protection cannot be obtained by physical security measures, but only by implementing appropriate internal management and security measures. A lock on your door should inhibit someone who would like to access your wired network, but it is meaningless to the security of your wireless network.

Another facet of the problem is that the default setup for a wireless access point/router, as I explained in Chapter 14, "Setting Up Your Access Point," just gets your Wi-Fi network up and running. It doesn't step you through the process of adding any security features, such as encryption, to your network.

An astounding percentage of private Wi-Fi networks?some estimates are as high as 80%?are run without any security features turned on.

It's also worth noting that public hotspots typically don't feature any security besides basic user authentication?because the people running the hotspot want to make it as easy as possible for people to log on.

I don't want to exaggerate the problem. You may quite rightly feel that you have no secrets, and that you don't care about giving away access to your files to strangers.

There's some merit to this position. It's likely that no one would really care about most of my files (or your files). In any case, it's worth a lot less effort to guard, say, Aunt Minnie's recipe for Tarheel pie than, say, the firing sequence for a nuclear warhead. Every security management issue comes down to a balancing act: Is that which is being secured worth the cost (in time, trouble, and money) of more stringent security? But everyone has something worth safeguarding. For example, you probably really don't want to hand out your Quicken or Microsoft Money data files to strangers.

The most stringent security of all would ban wireless networking, and indeed networking altogether?because whenever there is communication in and out, there is a potential risk. But, for most people taking that kind of step would not be worth the cost.

In order to more fully perform the security balancing act, I'd like to step back for a minute and look at just what the security threat to your Wi-Fi network is.



See Chapter 18, "Protecting Your Mobile Wi-Fi Computer," for information about turning file sharing off so that accessing files, even with network access, is harder to accomplish.

If your Wi-Fi network is completely unsecured, someone (whom I'll call the "nefarious evildoer"), within broadcast range of your access point but probably outside your physical perimeter, can become a node on your network. This is sometimes called penetration.

As a node (or client) on your network, the nefarious evildoer can access files on your network.

Access to the file systems on your computers means more than that the nefarious evildoer can read the files. The nefarious evildoer can also alter and delete them. If the nefarious evildoer is really malicious, your entire system could be wiped.

The nefarious evildoer, depending on how you have things set, can also change your network administrative settings. You could get locked out of your own network!



Concerns about losing bandwidth are particularly valid in the case of file-sharers.

Another concern in this respect is that file-sharers are almost certainly trading in copyrighted information (songs) and the person who is the owner of the connection to the Internet is the one that the RIAA (Recording Industry Association of America) is going to track down.

In other words, if you leave your network open, you may be liable (both civilly and criminally) for the actions of freeloaders who use it.

If you haven't changed the password in your access point, the nefarious evildoer could open its administrative panel, assuming (as most access points do) that it uses Web-based administration. The settings could then be changed to defeat whatever security measures are in place.

Of course, most penetration is relatively innocent, and is done to obtain Internet access. Yes, the nefarious evildoer may just not have Internet access and want to piggy-back (without paying) on yours.

Before you throw up your hands and say, "I don't care. I'm happy to share my Internet connection; it's not going to cost me any more. Besides, sharing is in the spirit of open source, Wi-Fi, and all those good things," you should think about a couple of ramifications.

By sharing your Internet access in this way, you are probably in violation of your agreement with your ISP. Okay, so I don't much care about this technicality either. But if some real nefarious evildoer does use your ISP account to launch a Web attack?such as a virus? you could be held responsible. At the very least, it could lead to the ISP shutting down your account. Also, if others are using your Internet connection, there's no doubt your connection speed will slow. I don't know about you, but even broadband isn't fast enough for me. I don't want freeloaders gumming up the works even more.

Before you say it's okay with you to have others use your Internet connection because it doesn't cost you anything more, think about whether you would leave the front door to your house open with a note saying, "Come in, use the phone, local and long distance minutes are free!"