[Before I begin, I must apologize for the protracted amount of time between the first article in this series and this. Without going into details, someone very close to me was in the hospital for a protracted period of time. For the record, they are doing better little by little.]

Now… where were we… Oh right, the idea of security is a myth, abandon all hope. Yadda yadda yadda. Today, I want to make you paranoid about something that effects more and more of us every day… WiFi.

The risks of WIFI

It’s everywhere these days; in the malls, coffee shops, hotels, hospitals, restaurants, and more. It’s truly a great thing being able to have a fast connection most places we go. What’s more, we no longer have to rely on lugging around a bulky laptop when we can use our cell phones and tablet devices such as the iPad. It’s truly a great time… almost.

Why do I say it’s almost a great time? It’s like the whole saying, “With great power comes great responsibility.” Except, in this case it’s closer to, “With great things comes great peril.” The fact is, all that information you gobble up on your devices are nothing more than radio waves bouncing around the air. That means an attacker doesn’t have to be sneaky and tap into wires or anything so obvious.

There are two basic methods of attacking a wireless network, or to be more specific attacking clients on the network. On one hand, if an attacker can connect to a wireless network they have the ability to just sit and listen. You see, networks are divided into smaller, more manageable networks called subnets. When you connect to a WiFi access point you are one of many people connecting to said access point. At it’s core it is a method for allowing multiple devices to use a single connection. The details aren’t important. What is important is that when you connect to a WiFi network it’s not just you connecting to the internet… all other devices on the subnet of the access point can potentially connect to you as well. Actually, it’s even simpler than that. They don’t have to connect to you. They can simply sit back and listen.

Sniffing

The attacker is simply monitoring the network traffic with a “packet sniffer.” You see, at its core every web page (or piece of data) is broken up into chunks of data called packets. Imagine a map of the world; it is broken down into segments based on latitude & longitude. If you cut along the latitude & longitude lines and put each piece into individual envelopes and sent them to to a friend they would be able to reconstruct the map. This is true of all networked systems not simply wireless ones.

Take that same notion and apply it to a basic webpage. You should first be aware that there are fundamentally two parts to any web page. The first is the source. Essentially, this is what sets up the formatting and basic text data. The other half consists of all the media elements. The thing to remember is that data is transmitted in the clear (unless you are visiting an HTTPS encrypted page) and if someone is inspecting packets traveling over the wire they can dissect it and recover your password, credit card information, etc. It is actually very simple to do with some free tools and a little bit of research. This is why having some basic security is essential.

Lock it down

Going from an open wireless access point to an encrypted one makes a huge difference. Changing the default SSID (what the wireless network is named) can make a huge difference. The simple act of changing from WEP encryption to WPA2 makes a huge difference. Changing the default router password makes a huge difference too. What happens when you do all of these things? You get a have a basic moderately secure wireless network. Yes, there can still be security issues, but if you do all of these very basic tasks you will be left with a network that most potential attackers will avoid in favor of easier targets. See! Hope is not totally lost!

Now you may ask, “How do I accomplish these ‘basic’ tasks?” This is a bit trickier to answer directly. The reason is that every device and software handles things slightly different. The easiest thing to do is to call up someone that knows what they are doing to secure & setup your network for you. Personally, I highly recommend the services of Runlevel5, but I’m biased since it’s my own company. I wish I could field every question about every setup in a simple post, but each device is different and goes about things a different way. The best thing I can tell you if you are wanting to attempt it yourself (and there’s no reason you shouldn’t) is to take your time and read up on the specifics of your hardware setup.

Stay tuned…

I realize I am only scratching the surface of a rather complex area. I will delve deeper into things down the road, but I want to lay some basic groundwork to build upon. After all, not everyone reading is an intimately familiar with technology as others. It is my hope that some of the paranoia inducing overviews may serve as some framework for others down the road when I get into the finer aspects.