By Bob Sullivan Technology correspondent
updated 10/26/2005 2:24:26 PM ET 2005-10-26T18:24:26

When you work at home, the definition of “office” tends to be a bit loose. Sure, there’s your official desk in the spare bedroom or next to the laundry machine. But work at home long enough and you and your laptop will soon be wandering around your home: from TV to fridge to front yard, all without missing an e-mail. This is the glory of wireless.

Wireless networks are everywhere. In fact, in the past 18 months, they surpassed old-fashioned, tethering wired networks as the method of choice for connecting computers at home.  According to Jupiter Research, there's now over 12 million wireless home networks floating around America.

You probably knew that; because if you flipped open your laptop on your front steps, you've seen almost that many listed when you ask it to "View available wireless networks."

We love wireless. In fact, we love it so much that we like to share it. Nearly everyone with a wireless card or chip has now had the experience of seeing just how many neighbors have wireless routers turned on. So you know what the problem is.

Reading e-mail in bed is great, but you knew there was a catch, didn’t you? If you can walk around your house picking your files out of thin air, so can anyone else. In fact, the snooper doesn’t even have to be in your house. The little radio station you install in your home to beam the Internet around the place doesn’t understand property lines. So when you go wireless, you should know that neighbors several houses away can see what you are doing. Yes, they can literally pick your data right out of the air.

Despite all the publicity surrounding wireless insecurity, experts still believe many home wireless networks are left casually insecure like this, with people unknowingly sending their newly “liberated” data up and down the block all day long. Frank Hanzlik, managing director of the Wi-Fi Alliance, would not peg a number, but he said "a good percentage" of those 12.6 million users haven't turned on their wireless security.

That's a lot of exposed data flying around.

The good news is, there’s a lot you can do to severely decrease the odds that you’ll be snooped.

Four basic steps
Protecting your home wireless network is a good news/bad news story. First, the bad news. Most experts will tell you that there’s practically no way to make it completely safe from prying eyes. Every encryption standard eventually gets cracked.  But the good news is almost all wireless devices now sold come with a new, improved standard that's much stronger than previous wireless devices, called WPA (Wi-Fi Protected Access).

Still, it's useless if you don't turn it on. And for some reason, wireless manufacturers continue to insist on shipping wireless devices with the security turned off. That's asking for trouble. But on the flip side, installation wizards are making it ever easier to turn on security measures.

"The industry is really working on make it easier to set up. There are a lot of one-button wizards, for example," Hanzlick said. Still, every device is different, and consumers still seem confused about wireless safety — evidenced by the number of insecure networks that are around. "There are great solutions, but they are still not enough."  

To make sure everyone's on the same page, here's a handy checklist of four steps that home wireless users can take to greatly reduce the likelihood that someone will snoop your data.

1. Don't call attention to yourself
Each wireless device has a name, called a Service Set Identifier, or SSID. Any device that tries to hop onto the wireless party line must know this name. By default, most networks broadcast this name to make connecting easier — the equivalent of saying to the world “here’s my front door, it’s probably open if you want to try it.” That’s a good idea if you are Starbucks, and you want customers to breeze in and out of your network. It’s a bad idea if you don’t want Victor, the voyeur next door, to read your e-mail. Turn off the broadcast SSID function and you’ve won 25 percent of the battle. It means a hacker will have to guess your network’s name to get in.

2. Change your name
Now, make guessing that name much harder — change it. Wireless network vendors ship their products with SSID names set to obvious defaults. For example, the popular LINKSYS product often uses the name “linksys” as its SSID, until it’s changed. Hackers know this, and wander round town using programs with names like “Netstumbler” to see who’s leaving their data up for grabs. If they detect you’re using a Linksys card, they may attempt to connect to your network by trying the linksys SSID. Take another moment to change the default, and you’re halfway there. If you change your SSID every few months, you’re more than half way home.

3. Scramble your data
Thanks to days gone by when the various brands of wireless devices didn’t play nice with each other, manufacturers decided it was best to turn off encryption when their products were sold. That solved some of the incompatibility problems, but it created the big problem we have today — namely, that when Victor the neighbor hops onto your network, he can read your e-mail because it flies around your house in plain text. But nearly all new devices have an option to scramble the data using an encryption tool called WPA, or the newest standard WPA2. It's superior to the old WEP standard, which could be cracked fairly easily. Set correctly, it also keeps Victor from even hopping on your network to use your bandwidth for some casual Web surfing of his own. That's probably a good idea; at least, your DSL provider will think so, because Victor will have to get his own DSL.

The Wi-Fi Alliance has a list of products that meet its encryption standards.

Unfortunately, there's still a lot of WEP hardware and networks still in operation. And while there are no published hacks of WPA, techniques for hacking into WEP networks are improving all the time. It used to take hours to hack into WEP-protected data; now some are claiming it can be done in minutes — or even seconds. So if what you are doing at home is at all critical, upgrading to new equipment is probably a good idea.

4. Telecommute through a tunnel
If you’re using your home office to run a small business, this step won’t help you. But if, like many, you’re telecommuting to an office, you need know about Virtual Private Networks, or VPN. A VPN creates a digital “tunnel” between your backyard laptop and your office. It’s essentially a special piece of software that’s used to log on to the office network (and you’ll need to get help from your office to set up your access). But the tunnel is fortified with better encryption than WEP — so much better, that most experts think it’s nearly foolproof. The good news is the tunnel that protects data as it travels over the phone line and the Internet to your office also protects it as it flies around the airwaves near your home. When you are sending traffic through the tunnel, it’s nearly certain a hacker can’t sniff it.

There is a caveat — the tunnel only protects data that’s destined for the office. Even if you are logged on to the VPN, when you send files around your home network, they are not protected by the tunnel. So for example, when you download a secret company merger document off a server, and look at it on your laptop in at the edge of your swimming pool, the data is protected. But if you beam it to your printer in your home office, it’s not — unless you have followed steps one, two and three.

An exclusive list
There is one additional step that can be taken, but it’s only available with some wireless devices. Every computer device with networking capabilities has a unique MAC address, a bit like a serial number. Some wireless devices allow users to create an “authorize MAC address table” which means only devices with these specific serial numbers are allowed on the network. Hackers can “spoof” MAC addresses, effectively telling their computer to impersonate one of yours. But to do so, they will have to somehow learn your device’s serial number — another serious hurdle to overcome.

Even with all these steps, experts concede that there’s no way to promise 100 percent security for a wireless network — and in fact, there's no such thing as perfect security for any network. Protecting a home wireless network is more about improving the odds that you’ll be safe than it is about slamming the door around Fort Knox. And in fact, many federal government departments still don’t allow wireless networks because of the various security concerns.

One simple step
All four of the steps to making wireless secure are important; but if you are so short on time or attention that you can only take one step, Hanzlik said turning on encryption is by far the most important — whether you have an old WEP device or a new WAP one.   

"The easiest thing to do is just enable encryption," he said. That way, even if someone hops onto your network, they won't be able to see what you are doing, unless they have special hacking tools. "You've just got to flick that switch."

© 2013 Reprints


Discussion comments


Most active discussions

  1. votes comments
  2. votes comments
  3. votes comments
  4. votes comments