This article deals with the protection of wireless networks. It gives some practical insights and recommendations on how to set up and maintain a secure WiFi network.

Wireless networks are becoming more common, and the hardware to support wireless connectivity is included on almost every laptop sold today. Being connected and staying mobile is a huge advantage both for business and personal Internet use – you no longer have to be in one place, tethered by cables, when you want to get online. Wireless ‘hotspots’ at airports and hotels are the norm today, and many handheld devices are equipped with WiFi modules that enable Internet access on the go. Wireless signals travel through walls, floors and other physical obstacles, so you can enjoy the Internet’s wealth of information and enjoy lying outdoors in the sun at the same time while your wireless router feeds an Internet signal to every computer in your household.

But of course, all this freedom comes with a caveat: a greater need to be aware of Internet security risks and to take extra steps to protect your wireless connection against them.

Security and public wireless access
Let’s start with the assumption that wireless networks are more susceptible to breaking and eavesdropping than physical, cable-based networks due to the inherent weaknesses of radio transmissions An intruder has to be physically connected to the target wired network to be able to capture or monitor data in transit, whereas all that’s needed to break into a wireless network is to be within the range of the signal.

Public hotspots represent a big risk because the data may pass through them in an unencrypted form, rendering it visible to hackers. Armed with the appropriate tools, hackers can easily “sniff” data packets, re-assemble them, and extract confidential information such as email account passwords, private IM chat sessions and other non-encrypted data that inevitably leave your computer as you connect to different authorization servers on the Internet. A technique called VPN tunneling can help to mitigate the security risks of unencrypted connections, but that’s beyond the scope of this article.

So, what can someone with a WiFi-enabled laptop do to ensure secure access in public places?

First, it’s important to remember to keep all your software updated: install all the latest OS and application patches and check the website of your wireless adapter manufacturer for the latest drivers and firmware updates.

Next, disable “File and Printer Sharing” for any public network you intend to connect to. This restricts access to your computer’s shared resources over the untrusted WLAN (wireless LAN) while still providing Internet connectivity.

Of course, you will also have installed a firewall such as Outpost Firewall Pro to protect your connections against “man-in-the-middle” attacks, where perpetrators seek either to set up a rogue Access Point (AP) and make you connect to it or to intercept data packets in transit through the sniffing techniques noted above.

Now, configure your wireless adapter software or the Wireless Network Setup Wizard in Windows to NOT automatically connect to any new-found wireless network. If there is more than one wireless network where you are, construct a prioritized set of networks according to trust level. Make sure to deactivate the wireless adapter switch on your laptop when you’re not using the Internet.

Make it a routine to know the available WiFi networks around you as you travel around – what’s operational and what entity is operating each network. Where possible, connect to a network that’s promoted by the location you’re currently in (hotel, airport information booth, caf?, for example).

One of the key things to remember is that you should never do anything that requires the submission of passwords and other confidential data over a wireless network that has not been protected with WPA2 encryption. This includes sending and receiving email, logging on to non-HTTPS pages, conducting financial transactions. Browsing the Internet and checking weather reports, sports scores or reading freely available news is probably not a big security risk, but any activity requiring personal identification should not be engaged in during any unencrypted browser session.

One final point: two wireless devices can connect to each other directly over the airwaves to establish an ad-hoc network. Some overlooked configurations in a number of wireless adapters enable the setting up of an ad-hoc network automatically without requiring consent from the users. Make sure your system is not configured that way.

Setting up a personal WiFi network and safely connecting to it
In wireless networks, encryption is the key to data security. To safely deploy your own wireless network, you’ll need a router or AP that supports WPA2 encryption. And even then, you should pick a strong passphrase that will be resistant to brute-force dictionary attacks. Consult one of the password generators here. Weaker encryption algorithms such as WPA (with a short passphrase) or WEP can be broken in a matter of minutes, so you’re strongly advised to use WPA2 encryption. Some routers provide an upgrade to WPA2 from earlier algorithms through a firmware change.

Another way to improve basic wifi network security is to change the default login for remotely accessing your AP’s configuration page. If your device comes with the standard “Admin”/“Admin” user name and password combination assigned at the factory, change this as soon as possible to something more unique and cryptic. This will prevent potential intruders from altering the security settings in your router and giving themselves access to your personal network using their own credentials.

Other recommended precautions include:

Wireless networks extend both mobility and Internet access, which is useful in many situations. Unfortunately, most are not properly protected by default settings and require extra effort on the part of the user to make them secure. If you follow the advice provided here, you’ll be well on the way to ensuring that your wireless communications risk-free.