Thursday, 26 March 2009

Is your wifi secure?

This article is from the Sydney Morning Herald's Digihub on 23rd March. Its a very timely reminder to do something about a wifi password if its never changed from the default that came with the router initially.
It's astounding how many people leave their digital front door wide open.

I was sitting in a doctor's waiting room the other day, getting a little work done while I waited thanks to the complimentary wifi. I hoped it was a complimentary service, because surely a doctor wouldn't accidentally have his wireless network open to the world.

Surely a doctor wouldn't set up his office so anyone could electronically walk in off the street, steal his internet access and snoop around his files. Not when he's got people's medical records siting around. Like mine. Surely of all people you could trust a doctor to spend an extra 60 seconds enabling encryption when setting up his wireless network.
A quick chat to the staff confirmed my worst fears. It seemed the doctor and his staff had No Fricken Idea about wireless security and every computer in the building was linked to the one open wireless network. Meanwhile the neighbours had probably cancelled their home DSL accounts, because anyone nearby could steal internet access from this doctor for free.

The doctor's office is also located on a busy main road, so it was only a matter of time before it was discovered by war-drivers - people who like to drive around the streets with a notebook looking for open wireless networks. Next thing you know they're sitting in a car outside the office late at night, downloading pirate movies and god knows what else (you know, the kinds of things Senator Conroy would frown upon).

In an effort to be a good digital citizen, I spent a few minutes explaining the problem to staff and showing them how to fix it. A quick check revealed the wireless router was still using the default login and password, so anyone could let themselves in and wreak havoc with the network. Of all the potential risks I explained to staff, it was fear of a massive internet bill that concerned them most.

If you've got a wireless network, it's essential that you enable encryption and change the default password for accessing your wireless gateway's configuration pages. The manual or installation CD should walk you through this, it only takes a minute. Unfortunately wireless encryption is usually not enabled by default, so when people plug in their new wireless router and it works straight away they assume that's all there is to it and don't bother to set a password.

If you're setting up a wireless network, take care when selecting the type of wireless encryption. Forget WEP as it's easily broken (if that's all your router supports, do yourself a favour and throw it in the bin). Opt for the stronger WPA or WPA2 encryption standard. When choosing a password, avoid words in the dictionary or other easy to guess words such as your name. A long pass-phrase, such as a movie title, is safer but still susceptible to a dictionary attack. Dictionary attacks also allow for leet speak, such as substituting 0 for O or 4 for A.

The strongest password is a seemingly random string, including upper and lower case letters along with numbers. If you want a random password that's still easy to remember, try using the first letters of the words in a phrase. For example, MhAlLiFwWaS looks random but is easy to remember if you know the words to Mary Had A Little Lamb. Once you've set the password you'll need to enter it into every computer that you want to access the network. The computer will remember the password, so you won't need to enter it every time you start up the computer.
It will only cost you 60 seconds of your time to set up your wireless network securely, but it could cost you a hell of a lot more if you don't.

No comments:

Post a Comment