Blogging IT

There's always something new to learn......

Love, Hate, and Wireless

I have love-hate feelings about wireless networking. I'm geeky enough (sad enough, my son would say) that I like to lie in bed browsing my favourite websites on my Pocket PC. Wireless is great for that.

But it's dangerous. What I say to clients is that it's like taking a network plug, and putting it outside your office, behind the bushes where you can't see it. That is; YOU cant see it, but everyone in the street can, and you are giving them permission to plug their computer in and see if they can break into your network.

Some people doubt this, so I tell them about Doris. Doris is my daughter's laptop, and we won't explain why you would call a laptop Doris. Anyway... I came home one day to be informed that the wireless networking in our house was "Crap."
"What wireless networking," I asked? "You can't log onto the wireless!"
"I can," said Debbie. "And it's ok in the kitchen, but when I went up into the lounge, it won't work!"
"You can't log in to our wireless!"
"Well, I did. Doris asked me if I wanted to connect to the internet, and I said 'Yes.' And it must be us; it's called 'At Home.' But it stops working when I go away from your office up to the lounge."

My internet is not called "At Home." One of our neighbours has obviously bought a wireless router, plugged it in unsecured, and is letting half the street use their internet connection! We also have people near us called Mitchell. And another family who have a DLink router, which gives me a good hint as to what the administrative password might be if I want to break in!

If you use wireless

• change the user name of the wireless router or access point.
•  Give it a long password.
• Use WPA encryption.

If the router will only do WEP, chuck it out. Breaking into WEP is trivial- teenage stuff. Change the Identifier Name to something other than the name of the brand. And turn it off. You shouldn't broadcast your SSID to all and sundry. But be aware that there are plenty of programs around that will find you anyway, SSID or not!

We have wireless at our house. But it's OUTSIDE the network. It's outside the firewall. If someone hacks the wireless, they still have to break in through the firewall. All the computers are connect to the server by CAT5 cable. If you want to sit in bed and use your laptop at our house, fine. But you won't be on the network!

And we run a little utility that will tell us if someone is starting to steal our bandwidth. It sits in my system tray all the time.

A final story.

I found a client using 64 bit WEP encryption. WEP means Wired Equivalent Protocol, and can be  cracked in only a few minutes. This client was using it to allow the use of some old obsolete hardware. I told the person concerned that they were in danger of being hacked; their business was of a sort that had attracted attacks from "competitors" before.

Now it happens that there is a little quiet spot outside their door in the middle of the city, where people often have lunch. I've done it myself. As I set up the WPA (Wi-Fi Protected Access)encryption with new hardware  with a nice long password, the client wondered, with reasonable anxiety if they had already been hacked. "I've seen lots of people sitting out there on the benches with their laptops!"
"No, I don't think they've bothered with you. Someone near here is a Belkin 54G router. It shows up on the computers here. It's unsecured. Anyone can use it. And I reckon you're seeing people do just that!"

If you can use cabling in your network, then do so!