Tuesday, March 06, 2007

Are you funding your neighbour's Internet connection?

How to secure your wireless Internet connection

If you decided to have a broadband Internet connection (probably DSL) at home, the most common and comfortable way providers are offering this service is through a wireless router. This is a very convenient way to connect several PCs and laptops to Internet without having to turn to additional cabling.

Even if we feel altruist and do not care about our neighbours using, and consequently, slowing down our wireless Internet connection, there is something we have to consider: should our Internet connection be used for any unlawful action (e.g. copyright infringement such as downloading video or music), then we will be held liable for it. Internet service providers are obliged by law to keep a register of subscribers and IP addresses used when browsing.

This article provides some recommendations about how to configure a wireless router so that only allowed computers can use it to connect to the Internet.
None of these recommendations are a silver bullet alone by themselves but the conjunction of some of them, following the security principle of defence in depth, will contribute to prevent your neighbour from using your Internet connection or just getting to your Internet traffic.

Although this could sound paradoxical, configure your wireless router using a network cable (normally provided with the router): Wireless routers can normally be configured via a web browser. However, they use http and not a secure https connection. Once you receive the router, connect it to your PC using a network cable (this cable is usually provided with the router) and then open the router’s configuration web pages. This is to avoid that the configuration of the router, including its password, is sent in clear text through the wireless connection.

Configuration tips for your wireless router:

- Limit the number of computers that your router will accept: Add the so-called MAC (medium access control) addresses of your machines so that they are the only computers that can connect to the router wirelessly. A MAC address looks something like this, 01-23-45-67-89-ab. On Windows XP, it can be found on Control Panel – System Properties.

- Most wireless routers have a simple built-in firewall that can control communications to and from your machines: Do not allow incoming connections to your router from the Internet that are not an answer to an outgoing request from your computer (i.e. it is fine that a web page is downloaded to your computer if you requested so but it is not so fine if a malicious piece of code in the Internet tries to access your systems).

- Do not broadcast the name of your wireless network i.e. the SSID (service set identifier). Additionally, choose an SSID name that is not obvious.

- Encrypt your communications using WPA2 (AES) or, at least, WPA (TKIP), forget WEP, this is a very-easy-to break encryption mode. Otherwise, your Internet data traffic is visible and readable from any wireless-enabled computer near your router.

- Update the firmware of your wireless router periodically: most of the current routers provide this functionality in an easy-to-use manner.

- Protect the configuration of your router with a password. All previous steps are of no use if any computer can modify the configuration of your router.

- For the most paranoid ones, most routers also offer the possibility to configure the sending of the connection logs (date and time of connection and even traffic volumes) to an email address. This could be of use if the router remains on while you are not at home.

Finally, I just cannot wait to tell you that, even if you do all this, there are still ways for your neighbour to use your wireless connection without you detecting it easily. But, at least, now your neighbour’s hacking skills need to be a little bit more advanced!

0 Comments:

Post a Comment

<< Home