SECURING YOUR HOME WI-FI NETWORk
Have you used Google Maps for locating an address? Have you taken a look at the street view of the location? Ever wondered how Google managed to get those pictures out there? Google captured those images by using cars specially equipped with 360-degree cameras mounted on top of the vehicle and having them drive around every neighborhood taking pictures. Actually, these cars recorded more than pictures, they gathered data using equipment for Signal Mapping as they drove around and in the process Google has ended up with a treasure trove of information from unprotected home Wi-Fi networks. They have done this not only in the United States but in Europe and Australia as well and landed themselves in some hot water in the process. In March, the French National Commission for Information Freedom (CNIL) fined Google €100,000 for violation of privacy. Earlier, the United Kingdom Information Commissioner’s Office (ICO) also found that Google had violated the Data Protection Act – although ICO indicated that they did not intend to levy a fine. The lesson to be learnt here is that while home Wi-Fi networks offer great convenience and enable us to connect all sorts of devices wirelessly, if we do not secure the network, it will be wide open to prying by anyone who is so inclined and possesses the appropriate equipment. According to a survey conducted by the ICO as many as 40 percent of home Wi-Fi users do not understand the security settings for their WI-FI networks and rely on their Internet Service Providers to secure their networks diligently. What makes any unauthorized access of an unsecured Wi-Fi Network more insidious is that any activity carried out by these network hitchhikers will be traced back to the owner of the Wi-Fi Network – especially if they used that connection to do something illegal.
So how would you go ahead and secure your home Wi-Fi network? Here are some tips that will help you in this task. The first thing to do is to change the default name (Service Set Identifier or SSID) that the router comes with – for instance a Dynex Router has “Dynex” as its default name. If you use the default name, it is possible for someone snooping about to guess the router settings. So change it to a name that you know but which does not reveal the router type. The next thing to do is to change the router setting so that it stops broadcasting its SSID – in short, announcing to the world at large “I am here if you would like to connect to me.” Now some low-end routers do not allow this setting to be changed – but if your router will allow you to do this then you should. This change will essentially hide your network from anyone searching for a network. The third thing to do is to change the default router password and replace it with a “strong” password. A “strong” password will not be a name or word(s) that could be easily guessed. It should contain a mix of uppercase letters, lowercase letters, numbers and at least one special symbol (!, $, %, etc.). It should be easy to remember but unintelligible for a stranger. And the last and most important setting is to use the Wi-Fi Protected Access (WPA/WPA2) encryption for all wireless transmissions between the router and the devices connected to it. To make the encryption unique to your network, you must specify a pass-phrase (a phrase that you must use on all devices that connect to this router). This pass-phrase will be used as a private key to encrypt the transmissions and only devices that know the pass-phrase will be able to decipher the transmission.
Now speaking of encryption, do you use Twitter and/or Facebook? Hitherto, both of these social networking sites have used un-encrypted Internet uploads and downloads. But after the much- publicized hacking of Facebook Founder and CEO Mark Zuckerberg’s personal Facebook page, Facebook has provided users the option to use HTTPS encryption – which means only you, can see your information as it is being transmitted to and from Facebook’s servers over the Internet. However, this setting is not turned on automatically; you have to go into Account Settings and turn it on. Similarly, Twitter also has followed Facebook’s lead and offered its users similar encryption protection. The only problem with both Facebook and Twitter is that this encryption setting is an “opt-in” feature and it is not automatic. So if you are a Facebook and/or Twitter User, I urge you to opt-in for this encryption option.
Finally, March saw a major coup for the good guys in their fight against the bad guys on the cyber frontier. In a joint effort with the United States marshals and forensics experts under the Microsoft Active Response for Security (MARS) Program, Microsoft conducted an 18 month-long research and the intense effort bore fruit in the shutdown of the Rustock Botnet which, surprisingly, was hosted on a bunch of servers in Chicago, Columbus, Dallas, Denver, Kansas City, Scranton and Seattle right here in the United States; a couple of servers in the Netherlands and one server in Canada. By seizing the hard drives from these servers and effectively decapitating the Botnet, the group liberated a million plus compromised zombie computers rendering them ineffective Botnet soldiers. This joint effort has been a “game changer” because it has forged a relationship between multiple organizations and set precedence for the criminal justice system. By the way, if your computer has off-late inexplicably been working more efficiently and has been very responsive, it just may have been a liberated zombie.
Arun Marballi has worked in the Information Technology arena for more than 20 years with extensive experience in software development, process design and network/workstation management. For comments, questions, tips or suggestions, e-mail [email protected].