Wireless fidelity, a plug-n-play, easy to install, open networking system has become widely common in homes and small businesses. However, due to ignorance, users do not adequately secure these, leaving them vulnerable to unauthorised access. Some of the recent terror attacks have leveraged ‘insecure Wi-Fi networks’ to initiate terror emails and other cyber crimes.
An insecure Wi-Fi network with no password protection is like a house with its door ajar. Unlike a wired network where a hacker has to first physically access the network and then pass through a series of online defence layers like firewall, proxy, etc, in a typical insecure Wi-Fi network, access is easy from a Wi-Fi enabled PDA or laptop within a radius of 80 to 100 feet of the Wi-Fi internet router or the access point.
According to estimates, more than 85-90% of home and small business enterprise-based Wi-Fi networks are either totally insecure or have inadequate security. In India, almost half of the four million broadband subscribers are on Wi-Fi and a significant proportion is vulnerable to malicious attacks.
The best strategy for securing Wi-Fi networks is to combine a number of security measures and ensure that users are aware of security requirements. The wireless access points or routers are at the core of the Wi-Fi networks and come with manufacturer-provided webpages to allow administrators or owners to enter the network addresses and setup security. These webpages are protected by default user name and password, which most owners typically leave unchanged. As a first step, the owners should change these settings immediately.
The second step is to ensure encryption or scrambling of messages sent over the Wi-Fi networks by enabling either wired encryption protocol (WEP) or Wi-Fi protected access (WPA). It is recommended to choose the WPA which is stronger of the two; although, some older network devices may not support this.
For most households and SMEs, WPA security at the Wi-Fi access point is sufficient. This provides a good foundation at no additional cost. However, for households and enterprises situated in crowded residential or office complexes where there could be several Wi-Fi devices, reinforcement by enabling the MAC ID filtering is recommended. This permits access only to computers/devices that contain certain specific MAC IDs or unique physical IDs. MAC IDs could also be faked over a network by sophisticated intruders. Further, enabling Static IP addressing and setting up a fixed IP range at the access point and then configuring authorised devices to match that IP range could greatly reduce the risk of casual intrusion.
Every Wi-Fi access point and router comes with a default SSID (or name), which is broadcasted over the Wi-Fi network to facilitate roaming. For added security, the default SSID should be changed. In case roaming is not required, it should be disabled. Today, most of the new access points and routers come bundled with a firewall option, which should remain enabled. Also, it is a good idea to install and run a personal firewall on each computer connecting to the access point.
Lastly, access points and routers have the option to log various activities of the computers that request for access. These could provide critical data about a Wi-Fi network, prove vital in tracking security breach and hence should be monitored regularly.
The Telecom Regulatory Authority of India (Trai) has now asked the department of telecom to instruct all internet service providers to educate their customers to take ‘proper authentication measures,’ while using Wi-Fi. Also, the Computer Emergency Response Team (CERT-in) is in the process of formulating guidelines to secure Wi-Fi networks in the government departments.
—The writer is director, Ivy Professional School
