Wireless Security

The prevalence of wireless Internet connectivity is on the rise due to availability, convenience, and the need to connect when traveling. Business travelers use wireless laptops to stay in touch with their home office, vacationers send photos to friends while still on their trip, and shoppers place orders from the comfort of their home.

A wireless network connects computers in different parts of your home or business without a tangle of cords, enabling you to work on a laptop from anywhere within range of the network. It also allows connection to the Internet from any available wireless connection. Wireless "hot spot" connections are commonly found at coffeehouses, airports, hotels and restaurants.

A typical home wireless network consists of a broadband Internet connection (such as a cable or DSL line connected to a modem) and a wireless access point (sometimes referred to as wireless router or base station) which broadcasts a signal, sometimes as far as several hundred feet. Any wireless-equipped computer within range can gain access to the Internet by connecting through the access point.

Wireless Concerns

The proliferation of wireless connectivity increases security risks. Without taking certain precautions, anyone with a wireless-ready computer can use your network. Your neighbors, or even nearby hackers, can "piggyback" on your network, or possibly access the information on your computer. If an unauthorized person uses your network to commit a crime or send spam, the activity can be traced back to your account. The good news is there are steps you can take to protect your wireless network, your networked computers, and your wireless laptop used in public "hot spots" or while traveling.

The following steps should be used together to provide adequate wireless security.

How Can I Protect Myself?

  1. Use encryption. The most effective way to secure your wireless network from intruders is to encrypt, or scramble, communications over the network. Most wireless routers, access points, and base stations have a built-in encryption mechanism. If your wireless router does not have an encryption feature, consider getting one that does. By default, manufacturers often deliver wireless routers with the encryption feature turned off. You must turn it on! The directions supplied with your wireless router should explain this process. If they do not, check the router manufacturer's website. The two most common types of encryption are Wi-Fi Protected Access (WPA) and Wired Equivalent Privacy (WEP). Your computer, router, and other equipment must all use the same encryption. WPA is stronger; so use that if you have a choice. It should protect you against most hackers, but by itself is susceptible to sophisticated hacker attacks. Certain older routers use only WEP encryption, which is better than no encryption. It should protect your wireless network against accidental intrusions by neighbors or attacks by less sophisticated hackers. If you use WEP encryption, set it to the highest security level available.
  2. Use anti-virus and anti-spyware software, and a firewall. Computers on a wireless network need the same protections as any wired computer connected to the Internet. Install anti-virus and anti-spyware software, and keep them up-to-date. If your firewall was shipped in the "off" mode, turn it on. For more information on anti-virus, anti-spyware and firewall protections, please see the complementary courseware within this Training, Education and Awareness Module entitled Viruses/Worms, Trojans and Spyware or Home Firewalls.
  3. Turn off identifier broadcasting. Most wireless routers have a mechanism called identifier broadcasting. It sends out a signal to any device in the vicinity announcing its presence. You do not need to broadcast this information if the people authorized to use the network already know it is there. Hackers can use identifier broadcasting to locate vulnerable wireless networks. Note the SSID name so you can connect manually. Disable the identifier broadcasting mechanism if allowed by your wireless router.
  4. Change the default identifier on your router. The identifier for your router is likely to be a standard, default ID assigned by the manufacturer to all hardware of that model. Even if you router is not broadcasting its identifier to the world, hackers know the default IDs and can use them to try to access your network. Change your identifier to something known only by you, and remember to configure the same unique ID into your wireless router and your computer so they can communicate.
  5. Change your router's pre-set password for administration. The manufacturer of your wireless router probably assigned it a standard default password that allows you to set up and operate the router. Hackers know these default passwords, so change it to something known only by you. The longer the password, the tougher it is to crack.For more information on choosing a strong password, see the complementary courseware within this Training, Education and Awareness Module entitled Creating a Secure Password.
  6. Allow only specific computers to access your wireless network. Every computer that is able to communicate with a network is assigned a unique Media Access Control (MAC) address. Wireless routers usually have a mechanism to allow only devices with particular MAC addresses access to the network. Hackers can mimic MAC addresses, so do not rely on this step alone.
  7. Turn off your wireless network or your wireless adapter at times when you know you will not use it. Hackers cannot access a wireless router when it is shut down. If you turn the router off when you are not using it, you limit the amount of time that it is susceptible to a hack. If you are traveling with your laptop but not connecting to the Internet, be sure to disable your wireless adapter.
  8. Do not assume that public "hot spots" are secure. Many cafés, hotels, airports, and other public establishments offer wireless networks for their customers' use. These "hot spots" are convenient, but they are typically not secure. Ask the proprietor what security measures are in place. Be wary about sending or accessing information from a public wireless network. To be cautious, you may want to assume that other people can access any information you see or send over a public wireless network. Unless you can verify that a hot spot has effective security measures in place, it may be best to avoid sending or receiving sensitive information over that network. Also, be wary of "shoulder surfers" who will try to watch you type your password from behind and never leave your laptop unattended.

These helpful tips are provided by Digital Defense, Inc., a computer security company working with your bank as a responsible member of the community to help insure the privacy and security of our nation's financial information.