Wireless network security flaw found

I’ve written here before about the importance of properly securing your home wireless network. Now comes word that a potential security flaw exists on newer wireless routers even if they have been properly secured and administered.

The flaw is with a relatively new feature called Wi-fi Protected Setup, or WPS. This feature is used to simplify the process of connecting wireless clients by using a short PIN code to connect, instead of the normal shared key or passphrase.

Setting up a wireless network can be a complicated and tedious process, and obviously anything that simplifies this for home users is a good thing. However, a security researcher has discovered a design defect in the WPS protocol that makes it possible for an intruder to penetrate a wireless network using a brute force approach.

This article from c|net explains the whole issue, if you would like to read the details.

The flaw is reported to affect router hardware from Buffalo, D-Link, Cisco, Linksys, Netgear, Technicolor, TP-Link, and ZyXEL – pretty much all the major vendors. The recommended solution is to disable your router’s WPS function entirely. Different manufacturers have alternative names for WPS. Buffalo calls it AOSS, and Cisco/Linksys refers to it as SES.

WPS is only useful when you are actually connecting a new device. Otherwise, it’s unnecessary. But if your router is configured to leave WPS active all the time, it’s a very good idea to disable the feature. The likelihood of an attack is somewhat remote on a home network, but there’s no reason to leave an exploit like this open if it’s easily addressed.

Avoiding a rude awakening

Clients sometimes wonder why I’m so concerned with configuring wireless security when setting up a new home router or reconfiguring an existing one.

You might think it’s no big deal if someone else connects to your unsecured network. After all, we’ve all taken advantage of someone’s open wireless in a pinch, at some point.

I know a teenage girl who hooked up an Xbox console herself. I had previously configured the wireless router in her house, and she didn’t give it a second thought when her Xbox connected wirelessly without asking for a passphrase. It wasn’t until months later that the wireless stopped working and we realized that her neighbor had finally secured his home router, which she’d been using the whole time without even knowing it.

There are two primary reasons to make sure your home wireless is password-protected using a solid security protocol. The first is that unauthorized users will suck up your bandwidth. If you’re paying for broadband, you don’t want to be the world’s dumbest ISP, supplying your whole neighborhood with free Internet.

The other example I give is that if some unknown person is connecting to your router and doing something illegal on the Internet, the authorities will trace it to you.

Think that’s a far-fetched scenario? Well, it just recently happened to a man in Buffalo. NY. A neighbor was using the man’s unprotected router to download child pornography, and the result was an FBI raid on the unwitting man’s home. And if the authorities assume you’ve been trafficking in child porn, don’t expect them to treat you courteously.

So, if you’ve installed a wireless router yourself, it’s a good idea to review your security settings. Make sure you are using a solid security protocol (WPA or WPA2). WEP is no longer considered secure – the keys can be cracked by anyone with a little technical know-how.

Your shared key or passphrase should be of a reasonable length (10 or more characters) and contain a mix of letters and numbers. Keep it private. If you have guests who need to connect to your router, offer to type in the shared key for them. It’s easier than changing the key after they leave.

There’s no need to be obsessively paranoid about this, but it’s an important enough issue that you should give it the appropriate level of attention. After all, you don’t want federal agents kicking in your door some morning. The neighbors will talk about it forever.

Surfing safely on public wi-fi

Free wi-fi is becoming ubiquitous at restaurants and coffee shops (Starbucks and Panera Bread are two that come to mind). It’s convenient, but it’s not secure.

Once again, hackers have found a way to ruin the fun for the rest of us. By using nothing more than a laptop or handheld PDA with wireless capability, a malicious individual can establish a spoofed access point that looks identical to the one hosted by the store. If you innocently connect to it, the hacker can capture all of the data you send and receive from your laptop, including passwords.

Worse yet, a hacker can use a public access point to launch exploits — code that attacks known security vulnerabilities in both the wi-fi network hardware and your laptop.

Chances are that the fellow jerking lattes at Starbucks is not a network security expert. Therefore, you need to take basic steps to protect yourself and your equipment.

A pcmag.com article by Jamie Lendino lists four things you can do to protect yourself on public wireless networks, which I will summarize as follows:

1. Keep your shields up. Make sure you have security tools installed on your portable device. Antivirus software is a must, as well as a firewall. The built-in firewall provided with Windows XP is sufficient for most purposes, but if you use a wi-fi network frequently, consider a two-way firewall such as ZoneAlarm. A full suite such as Norton Internet Security will cover all the bases, but it tends to be a resource hog, especially on older laptops.

2. Stay up to date.
Make sure you have installed all the latest updates for both your security software and Windows.

3. Don’t share. Make sure Windows file and print sharing are disabled when you are out in public. It’s a convenience when you’re in the office or at home, but an unnecessary exposure when you’re not.

4. Watch where you’re going. Before entering any personal info on a secure site, make sure it’s secure. Look for https:// in the address bar, as well as the padlock icon on your browser. Better yet, maybe you should think twice before conducting any major financial transactions on a public network.

I don’t want to scare you off using public wi-fi. It can come in very handy sometimes. These four tips are important for any PC use, public or private. But on a public network, they are vital.