Wednesday 3 February 2010

Wireless network security - Who is using your broadband and why you should care.

Many people enjoy the benefits of using a wireless network at home, or at work, to connect a variety of equipment such as PCs, laptops, phones and printers together and to the internet.  However, a recent survey by moneysupermarket.com has shown that as many as one in four people are unaware that an unprotected wireless network can be used without the owner’s knowledge by anyone close enough to it, or of the risks that this can entail.

Almost half of Britain’s home broadband users now use some form of wireless network, and the range of most of these will extend beyond the bounds of their property.  Nearly 20% of such networks are not even protected by passwords, let alone any other form of security.  In a recent experiment by the ISP Talk Talk, 23 unsecured wireless network connections were found in one street alone in Stanmore, and devices which detect and automatically connect to open networks are now freely available.  For some network owners, this might be a deliberate choice to allow access, made perhaps in return for their own use of unprotected networks whilst they are travelling, but it should be a choice made in the knowledge of some of the potential pitfalls of this approach.

At the least, it may be that if someone else is using your broadband connection they could slow down your connection speed and, if they are using it to download material in quantity they could take you over the download limits set by your ISP, for which you could be charged.

More worryingly, if unknown users have used your open network to download material illegally - for example, prohibited material such as pornography, or music and films downloaded in breach of copyright – then the suspicion of anyone investigating the downloading will fall on you as the network owner first.  On the face of it, you are the one responsible.  You could find yourself in the position of having to prove your innocence, possibly with your computer having been confiscated or your internet connection cut off for the time it takes you to do it.  I can’t imagine that anyone would want the work and anxiety that this would involve.

What’s more, you might ultimately struggle to prove that someone else was the culprit, as not many wireless routers keep a sufficiently detailed log of identifiable user activity.  One pub which operated a wireless hotspot for the benefit of its customers found itself in this position towards the end of last year and was fined £8000 for the downloading by an unidentifiable customer of files protected by copyright.

Finally, allowing open access to your wireless network could, by making an unknown network user appear to come from a trusted local IP address, compromise the security offered by your firewall and make it easier for your computer to be hacked.  This would obviously be a concern for anybody, but for those who use their computers for business purposes and who have customer information stored on it, it would cause the added problem of putting you in breach of Data Protection Act requirements for keeping the information secure.

My advice to anyone with a wireless network would be to secure it as soon as you can, so the next question is how to do this. 

Many wireless routers sold in the UK rely on the purchaser to configure the security settings, and in many cases this is never done.  Even where it has been done, many routers use the Wired Equivalent Privacy (WEP) protocol, which has now been shown to be easily defeatable within 2 to 5 minutes using tools available on the internet.  If your router is using this protection, I would recommend replacing it with the Wi-fi Protected Access (WPA) encryption system or, better still, its newer version WPA2. 

If you would like to know more about these issues, or would like advice on how to upgrade the security of your network or help with doing it, please don’t hesitate to contact AddinghamIT now for a quote.