Wi-Fi is convenient but is it secure?

What would you do if you opened up your Wi-Fi connection and saw five available wireless networks to join? How would you know which network to join and which, if any, could be dangerous? With the proliferation of instant connectivity and convenience comes a plethora of opportunities for cybercriminals to try to steal your data.

Lloyd Borrett, Security Evangelist for AVG (AU/NZ),  says: “Research shows that free wireless public networks located in airports, hotels, cafes and other public places are ripe for exploitation by the bad guys. Data transmitted in a wireless network is more susceptible to being tampered with than a wired internet connection.

“Setting up fake ‘free’ Wi-Fi hotspots in public places that can potentially be used to steal sensitive data, such as online banking passwords or personal information, is alarmingly easy to do. In fact, hacker websites provide instructions on how such crimes can be committed!”

Operating systems like Windows XP/Vista/7 automatically prompt you to accept or decline connections to available wireless networks. Naturally, most users will choose to connect to the ‘Free Wi-Fi’ access point, which could actually connect them to a hacker’s computer - a computer-to-computer connection - rather than a direct connection to what looks like an official airport wireless access hub.

To make matters worse, the SSIDs (service set identifiers), or names, of wireless networks you’ve joined before are saved on your system. Your PC will automatically log on to any network with that saved name. So if a cybercriminal offers a name familiar to you, he’s just given himself free entry to your PC.

Five tips for using public Wi-Fi connections

With the summer holiday season upon us, many of you will be packing your laptops so you can stay in touch with family, friends and business while away. So here are five tips to help keep you safe when using public Wi-Fi connections on your travels: 

• Check before you connect. Before connecting to a network, look around and locate a sign that advertises the official name of the legitimate network you want to connect to. 

• Turn it on, turn it off. Don't activate your wireless connection if you're not planning to connect to the web. Not only will this protect you from intrusion, it'll also save battery life. 

• Turn off shared folders. If you unwittingly connect to a malicious network, a hacker could easily transfer malicious spyware onto your laptop.

• Stop and think before using online accounts. Be very careful what information you share in public locations. Even seemingly innocuous logins to web email or social networking accounts could give cybercriminals access to your more important data.

• Turn on automatic updates. Ensure that your security software, operating system, utilities and applications are always up to date.

Have you secured your home or business Wi-Fi network?

Maybe you’re not travelling, but just using a Wi-Fi local area network (WLAN) at home or in the office.

Borrett says: “Securing your home or business Wi-Fi is not such a difficult task, but still many people use their network modems/routers with the default password - or worse, with no password at all. This may be because they don't know how to set the security up or because they believe that ‘nobody cares about their network’. But the result is the same. Even a novice hacker can then attack such a Wi-Fi network, steal private or sensitive data, or even abuse the connection for malicious or illegal activities.”

So here are some basic steps you can use to take to control your home or business Wi-Fi internet connection.

• Change the default administrator username and password for the modem/router. The bad guys know the default usernames and passwords used by the equipment manufacturers.

• Change the SSID. The SSID is the name that identifies the wireless network and manufacturers normally ship their products with the same SSID set. For example, the SSID for Linksys devices is normally ‘linksys’. This tells the bad guys two things. First, you have a poorly secured network, thus they’re more likely to attack it. Second, they now know what sort of device you have, which makes it easier for them to hack it. Don’t use a name that makes your network easy for others to identify your family, business or location. The name you choose for the SSID should not be the same as your Wi-Fi encryption key (password), or even used as a part of the encryption key.

• Make sure your network encryption is turned on. All Wi-Fi equipment supports some form of encryption. Encryption is the process that ‘scrambles’ the data sent or submitted over the wireless connection. This doesn’t stop unauthorised people from accessing the encrypted traffic sent and received from your computer but will make it extremely difficult, if not impossible, to understand the meaning of the encrypted traffic. Naturally you will want to pick the strongest form of encryption that works with your wireless network. However, the way these technologies work, all Wi-Fi devices on your network must share the identical encryption settings. Therefore, you may need to find a ‘lowest common denominator’ setting. Make sure you use the stronger WPA2-AES, WPA2-PSK, WPA2 or WPA encryption methods, not the quite weak WEP one.

• Assign an extremely strong encryption key (password). Any device or person seeking access to your Wi-Fi network must know the password to connect. You should aim to make the key at least 20 characters in length. Use a mixture of upper and lower case alphabetic characters, numbers, plus special non-alphanumeric characters, eg, +, -, $, % etc. Don’t use any dictionary words.

• Assign static IP addresses to devices. Most home networkers gravitate towards using dynamic IP addresses. DHCP technology is indeed easy to set up. Unfortunately, this convenience also works to the advantage of network attackers, who can easily obtain valid IP addresses from your network’s DHCP pool. Turn off DHCP on the router or access point, set a fixed IP address range instead, and then configure each connected device to match. Use a private IP address range (like 10.0.0.x) to prevent computers from being directly reached from the internet.

• Enable firewalls on each computer and the modem/router. Modern network routers contain a built-in firewall capability. Ensure that your router's firewall is turned on. For extra protection, consider installing and running personal firewall software on each PC connected to the router.

• Turn off the Wi-Fi network during extended periods of non-use. The ultimate in wireless security measures, shutting down your Wi-Fi network will most certainly prevent outside hackers from breaking in! If you’re going to be away from your home or business for extended periods of time, then most modem/routers will let you turn off the Wi-Fi facility. If you own a wireless router but are only using wired connections, you should check that the Wi-Fi capability on your broadband modem/router is disabled.

“Most modems/routers nowadays have very user-friendly set-up utilities or web interfaces and come with extensive documentation. If you are still not sure how to do it, just do a Google search for your router type and ‘wpa set-up’. It’s definitely well worth it,” Borrett concludes.