Wireless Security Tips
Using someone else's wireless network
Most security issues associated with using your computer on a wireless network are the same as those encountered when using your computer on any network. Thus StartSafe and RUNSAFE principles apply. When you use a wireless network, however, you are connecting your computer to a network that could be operated by anyone, most likely someone you do not know. You may not know what kind of security precautions they take. Since the data is transmitted through the air, instead of through wires, it may be more easily accessible to third parties.
As with any security issue, nothing can guarantee safety. But the following measures will decrease risk. The more valuable the data you work with, the more important these become. Perhaps the easiest thing to remember would be:
When using a public wireless network, avoid performing sensitive transactions if you can, and if you can't, perform them only with sites you've interacted with in the past using known good links and making sure the secure web lock icon and https are present on your browser.
1. Only Use Applications and Servers that Protect Your Data
Some wireless networks can be easy to eavesdrop on. This means anything your computer sends over the network may be intercepted if the program you are using does not encrypt it. For example, before typing passwords or other sensitive information into web sites, make sure the lock icon is displayed indicating an SSL (https) protected session. It's probably less risky to use webmail when available rather than a mail client like Outlook as it's easier to make sure the session in protected.
2. Use Common Sense When Connecting
When in doubt about the security of a wireless access point, don't use it for conducting sensitive transactions.
If you have to connect to a web site to obtain wireless access, make sure the web site is official. If it's not a "secure web server", indicated by a lock icon on your browser, don't type in any sensitive information.
When connecting to a new, unknown wireless network, be on the lookout for login pages that ask for sensitive information or passwords for unrelated accounts. No wireless network outside JMU should be asking for JMU account information. Nor should they be asking for things like social security numbers or other personal information. Some may ask for billing information if they charge for the service. If so, make sure you are connecting to an official web site. Anyone can set up a wireless network. Some do it to dupe people into giving up valuable information. If they ask for such information, they should be SSL protected and your browser should display the lock icon.
Do not ignore web certificate warnings. If your web browser tells you a web server's certificate doesn't match the server name, either the provider follows lax practices or someone is trying to intercept your communications. You don't want to supply sensitive information in either case. If the certificate doesn't match, the lock icon doesn't mean anything. The session is not secure because you don't know who you're talking to.
If your computer gives you the option of connecting to multiple wireless access points, make sure you select the right one.
3. Disable File Sharing
You don't want to be sharing that office folder you share at work. Even if you don't have anything valuable in it, someone else, including an automated virus, may put something there you'd rather not have.
Creating your own wireless network at home
Note: JMU's Information Technology department provides wireless networking on campus. Independent networks should not be installed.
Many home networks are set up in a way that allows any computer within range to use the network and eavesdrop on the wireless communications. The effects of this may include:
- Decreased bandwidth for the network owner. ( See N.Y. Times article Hey, neighbor. Stop piggybacking on my wireless! )
- Compromise or infection of the network owner's computers
- Eavesdropping on the network owner's communications and exposure of confidential or sensitive information
- Problems for the network owner should the hitchhiking computer's owner send spam, infect other computers, or commit a crime.
See CNN's video "Keeping Web Activity Private" for an overview of issues.
The actual steps to take vary among products but they can be summarized as follows.Consult your device manual or vendor web site for details. It is recommended that you make one change at a time and test between changes. These steps assume casual home use.
- Change the default password(s) for your wireless router. This keeps other people from connecting to your router and changing its configuration possibly undoing all your other security settings.
- Enable WPA2 security and set a strong, long shared key password.
- Advanced steps for more risk reduction:
- Configure your wireless router so only your computers' network cards can connect to it. This is known as MAC Address restrictions or MAC Address filtering.
- Disable SSID broadcast. This will keep your router from broadcasting its presence for anyone to see. Your clients can be configured manually to connect to the SSID you set previously.