kishorebhargava

Pardon the title, I just couldn’t think of a better one. But the last few reports in the newspaper prompted me to write this post. I’m not one for making political statements, but seriously blaming technology because it is being used by terrorists does not work! Next we will hear them say things like they breathe the same air as we do and therefore the air must be bad or should not be used. Oh! wait, I think most people do consider the air to be bad! Anyways, the point of this post is to help people understand the hazards of using insecure WiFi. Be it at home, an airport, a coffee shop or any other hotspot!

Stupidity is not yet a criminal offence, but I’m sorry to say that people who feel they are safe or they have no data that can be of use to anyone else are sadly affected by this. Just because you feel you have nothing worthwhile on your computer it does not mean you don’t protect it. And the same goes for your WiFi router! Please for god’s sake admin/admin and admin/password do not make your router inaccessible. A few months ago, I was at my office after a long trip and was surprised to see that my router which has a hidden ESSID (extended service set identification or in simple words my routers name) seemed to have changed. For some strange reason it was showing up as “Netgear”. Assuming that my router had been reset after such a long period of neglect, I happily went about reconfiguring it. I changed the password, set encryption, set up an access list, blah blah blah and then went on to start using it.

When I came back to the administrator interface, I noticed a nice bright red logo stating 54G, although my router is a 54G, I don’t remember seeing this logo before. I have a slightly older version of firmware which does not display this logo. It got me wondering, and I turned around to take a physical look at the router. What I saw, shocked me! I had not even turned my router on. Question is, what happened here, who’s router did I just finish configuring?? As it turns out, the router belongs to a neighbouring office, I have not as yet gone out looking for it but somebody needs to tell them to change their passwords and provide some protection. Otherwise, face the consequences of being called upon by the police!

It is rumoured that legally a service provider (like an ISP) is to maintain a detailed log of all access via their services and network which can be used as evidence. What happens, if I have an open router and my entire neighbourhood can use it? Whether I realise it or not, I guess the same laws would be applicable!

So if you don’t wish to get into any trouble, at least take a few basic precautions to secure things or at least provide some kind of deterrence to avoid abuse of your resources.

Passwords

I could probably go on for a few days about the importance of passwords, but am just going to make a few quick recommendations and suggestions. First of all, try and use a slightly cryptic password which would be considered strong. A good example of this, is a password with a minimum of 8 characters, with at least 1 upper-case letter, 1 numeric character, 1 special symbol so believe it or not pass@Word1 is actually considered to be a strong password.

Please avoid using your own name, initials, your spouse’s name, kids name, pets name, car number etc etc. Also, those little yellow sticky notes are not really a good idea for you to use to write your password on and stick on the monitor! I’m serous, I have seen this happen often enough, not just at homes but in the corporate environment as well. And then when things go wrong, one just sits back and wonders, “…how did they get my password? …” These hackers are dangerous people! I don’t know about dangerous, but I do know if I find an open access point, I normally land up using it. If nothing else to at least test what kind of speeds one can achieve on a large download.

Default passwords on routers are normally setup by the manufacturers to help you get started. They are meant to be changed instantly. If for some reason you have to reset your hardware back to factory settings the default password is what will be set again. So keep that in mind and as soon as you set up your access, please please change your password. In many cases it is also possible to change the default administrator name, if so please change that too. No “root” is not a good idea, just call it something else a little less obvious!

With passwords out of the way, lets move on to some basic WiFi security.

WEP and WPA

WEP (wired equivalent privacy) is the simplest form of encryption/protection that you can provide on your WiFi router. It is by no means the most secure, in fact its not really very secure at all and can be broken into easily. However, remember that every little deterrent that you provide, pushes your intruder away by one step. Its like the gear lock on your car, its crude its ugly and it really does little to protect the car. But you’ll be surprised that the action of putting that gear lock on, actually keeps those burglars at bay. Besides, the big advantage of WEP, first its better than none at all and secondly it encrypts all traffic on the network so a sniffer will no longer be able to grab your passwords.

WEP was deprecated as an algorithm in 2004 and devices started to support the more popular WPA (WiFi Protected Access) and WPA2. While both WEP and WPA are a pain to implement on public networks and at a larger scale, at the level of your home router, they are neither resource intensive nor a very daunting task to implement. In fact, its as trivial as marking a checkbox and selecting a passphrase or a key.

Add to this an access list based on MAC (Media Access Control) addresses or the hardware address of your network card and your system is at least safe from the casual access leach. Now only a hacker serious enough to gain access will work on breaking in but it will no longer be that easy.

Secure Protocols and Safer Surfing

Now that you have some form of protection on your home/office router the next thing to worry about is what is safe in a public place. The rules of the game or no different, open a wallet with lots of money in it and the guy next to you is bound to be tempted to swipe it. So if at a public place you start surfing your bank account, don’t be surprised to find some money missing.

Its a bad world out there, just practise safer surfing and you will be fine. Along with that of course it would help greatly if you paid attention to the sites that you access providing secure versions. If you need to check your Gmail account, its good to know that the site is SSL enabled (the URL changes from http to https). Many sites also provide different URLs for the secure versions versus the plain text ones, most of the Cpanel hosted sites let you select the plain http webmail and along with that also the https webmail as well. Make sure that if you are in a public place or even if you are using a computer at a cyber cafe, then firstly try and avoid using sites that have information that you do not wish to have shared or compromised and if its unavoidable then definitely use secure protocols.

In today’s day and age everyone wants their email all the time. Be it on their laptops, phones or PDAs. But few actually pay attention to whether their collection of mail in a public place can result in somebody else reading their mail with them at the same time. All it needs is a sniffer, and such software is easy to find. Protocols like POP3 and IMAP are fine if you are on a secure network. But in a public place you want make sure you are using the secure versions of these, POP3S or IMAPS, both exist. Providers are aware that customers want it but not all customers are aware that they can get such services. Make sure you can.

A harmless chat on your instant messenger can also very easily be snooped, unless there too you use the secure versions. I use pidgin as my IM program and when in a public area I turn on the “Off-the-record” plugin.

A few simple steps and you can be a safer surfer in a public hotspot. don’t shun them, by all means use them but just take care!

Here’s hoping to see more access points closed and secured and yet more WiFi usage.

Cheers…Kishore
–