Wireless Security Tips

Contents:

 

Using someone else's wireless network

Most security issues associated with using your computer on a wireless network are the same as those encountered when using your computer on any network. Thus StartSafe and RUNSAFE principles apply. When you use a wireless network, however, you are connecting your computer to a network that could be operated by anyone. You may not know what kind of security precautions they take. You may not know who is running their network. You don't even know their intentions. And since the data is transmitted through the air, instead in wires, it may be more easily accessible to third parties.

As with any security issue, nothing can guarantee safety. But the following measures will decrease risk. The more valuable the data you work with, the more important these become. Perhaps the easiest thing to remember would be:

When using a public wireless network, avoid performing sensitive transactions if you can, and if you can't, perform them only with sites you've interacted with in the past using known good links and making sure the secure web lock icon is present on your browser.

 

1. Only Use Applications and Servers that Protect Your Data

Many wireless networks are notoriously easy to eavesdrop on. This means anything your computer sends over the network may be intercepted if the program you are using does not encrypt it. For example, before typing passwords or other sensitive information into web sites, make sure the lock icon is displayed indicating an SSL (https) protected session. Its probably less risky to use webmail when available rather than a mail client like Outlook as its easier to make sure the session in protected. Never use FTP or telnet over an unknown wireless network. Those applications pass their passwords in the clear. Keep in mind that many instant messaging programs send data across the network without protecting it.

Use the JMU Remote VPN client when conducting sensitive JMU business with JMU campus services. It will help ensure an encrypted, protected tunnel for all communications.

2. Use Common Sense When Connecting

When in doubt about the security of a wireless access point, don't use it for conducting sensitive transactions.

If you have to connect to a web site to obtain wireless access, make sure the web site is official. If its not a "secure web server", indicated by a lock icon on your browser, don't type in any sensitive information.

When connecting to a new, unknown wireless network, be on the lookout for login pages that ask for sensitive information or passwords for unrelated accounts. No wireless network outside JMU should be asking for JMU account information. Nor should they be asking for things like social security numbers and other personal information. Some may ask for billing information if they charge for the service. If so, make sure you are connecting to an official web site. Anyone can set up a wireless network. Some do it to dupe people into giving up valuable information. If they ask for such information, they should be SSL protected and your browser should display the lock icon.

Do not ignore web certificate warnings. If your web browser tells you a web server's certificate doesn't match the server name, either the provider follows lax practices or someone is trying to intercept your communications. You don't want to supply sensitive information in either case. If the certificate doesn't match, the lock icon doesn't mean anything. The session is not secure because you don't know who you're talking to.

If your computer gives you the option of connecting to multiple wireless access points, make sure you select the right one.

3. Disable File Sharing

You don't want to be sharing that office folder you share at work. Nor, with Windows XP, do you want to share the SharedDocs folder that is automatically shared. Even if you don't have anything valuable in it, someone else, including an automated virus, may put something there you'd rather not have.

4. Turn it Off When Not in Use

When traveling, disable the wireless network. If you don't, your computer will attach itself to unknown networks as it moves around while its powered on. That is fine if that is your intention. However, keep in mind the computer may be attaching itself to networks with infected computers or malicious individuals. It is also keeping a record of networks it finds that may be broadcasted later.

5. Turn Off ad-hoc Mode if Enabled While Traveling (i.e. enable "infrastructure only" mode)

This can help foil a number of attacks including:

  • Fooling your computer into connecting to the wrong wireless network
  • Getting information when your computer broadcasts the name of all the networks it has seen or used
  • Connecting to your computer

On Windows XP systems, this can be done by:

  1. Click Start
  2. Click Settings
  3. Click Control Panel
  4. Double-click Network Connections
  5. Right-click "wireless network connection"
  6. Select Properties
  7. Click Wireless Networks tab
  8. Click Advanced
  9. Select "Access point (infrastructure) networks only"

6. Apply Wireless Security Updates as they Become Available

Windows XP computers should have the following updates installed to provide better security:

 

More detailed information and examples are on the GetNetWise web site

 

 

Creating your own wireless network at home

Note: JMU's Information Technology department provides wireless networking on campus. Independent networks should not be installed.

Many home networks are set up in a way that allows any computer within range to use the network and eavesdrop on the wireless communciations. The effects of this may include:

  • Decreased bandwidth for the network owner. ( See N.Y. Times article Hey, neighbor. Stop piggybacking on my wireless! )
  • Compromise or infection of the network owner's computers
  • Eavesdropping on the network owner's communications and exposure of confidential or sensitive information
  • Problems for the network owner should the hitchhiking computer's owner send spam, infect other computers, or commit a crime.

See CNN's video "Keeping Web Activity Private" for an overview of issues.

 

The actual steps to take vary among products but they can be summarized as follows. 

Note - Links to more specific instructions can be found at the end of this page. It is recommended that you make one change at a time and test between changes. These steps assume casual home use. For business or more sensitive use, a Virtual Private Network (VPN) should be considered.

  1. Change the default password(s) for your wireless router. This keeps other people from connecting to your router and changing its configuration possibly undoing all your other security settings.
  2. Configure your wireless router so only your computers' network cards can connect to it. This is known as MAC Address restrictions or MAC Address filtering.
  3. Enable wireless encryption. This will help keep people from eavesdropping on your communications. Newer devices use a scheme known as WPA which is stronger than the older WEP.
  4. Change the default SSID for your wireless router. This makes it more difficult for the average person to connect to it because they won't know the "name". This is the name you will connect to from your client.
  5. Disable SSID broadcast. This will keep your router from broadcasting its presence for anyone to hear. Your clients can be configured manually to connect to the SSID you set previously.
  6. Keep your wireless devices and software up to date just as you do your other computer software.

Regardless of what you do, wireless networks are generally less secure than physically secure wired networks. Review the guidelines above for using wireless networks to keep risk to a minimum.

 

How to Secure Your Wireless Home Network with Windows XP
http://www.microsoft.com/windowsxp/using/networking/learnmore/bowman_05february10.mspx

Step-by-Step Guide for Secure Wireless Deployment for Small Office/Home Office or Small Organization Networks
http://www.microsoft.com/downloads/details.aspx?familyid=269902e8-fc41-4eb1-9374-44612e64f0fb&displaylang=en

Configuring Windows XP IEEE 802.11 Wireless Networks for the Home and Small Business
http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/wifisoho.mspx


Home Wireless Security (University of Pennsylvania)
http://www.upenn.edu/computing/wireless/general/homesecurity.html

Wireless Network Security for the Home
http://www.windowsecurity.com/articles/Wireless-Network-Security-Home.html

More information including videos showing configuration of NetGear, Apple, and Linksys wireless routers on the GetNetWise web site.