Wireless security often breached at subscriber's peril

Tuesday, July 31, 2007 | 1:17 p.m. CDT; updated 12:45 p.m. CDT, Tuesday, July 22, 2008

COLUMBIA - While you’re outside relaxing on your porch with your laptop, do you know if anyone else is using your network?

Forty-seven percent of all Americans have access to broadband Internet at home, according to a Pew Internet Project report released earlier this month. Wireless routers cost as little as $50, so it’s easy to ditch the wires.

To change your wireless settings for a Linksys wir

1. When you are connected to the open network, type into your web browser’s address bar. This is an IP address that will let you change your router settings. 2. It will ask you for a user name and password. In the default setting, the username is left blank, and password is “admin.” If this password doesn’t work, hold the reset button on the router for 30 seconds and try the above combination again. 3. Once signed in, go to the “Wireless” tab on top, and in the first menu change the network name (SSID) to something other than the default setting, which is usually “linksys”. Of the 34 open networks I found, 10 still had this name. It’s also important to make sure it does not correlate to your physical location (Don’t name it 504 Chapel Hill if you live in that apartment). 4. Choose the menu “Wireless Security.” From the “Security Mode” drop down box chose WPA or WPA2 Personal, and in the box labeled shared key, create a key that is easy to remember but hard to guess. 5. Finally on the “Administration” tab at the top, you will see an option for “Management” where you can enter in a router password. This replaces the “admin” password you first entered, so even if someone found out your pre-shared key, they still couldn’t change the settings. Wireless Encryption — Which is best for you? WEP: The most basic level of security, the oldest, and the easiest to crack. WPA: Better than WEP, still accepted by older routers and access points. WPA2: The newest standard, the best for home users, uses the strongest encryption.

What many home computer users don’t realize is if the “packets” — bursts of data — now floating through the air are not encrypted, anyone can hop on, access your network and commit crimes in virtual anonymity, if they know what they’re doing.

Recently, I drove down University Avenue with a Macbook laptop in the passenger seat for 10 minutes and found 123 wireless networks. About one fourth of those were unsecured.

In one case investigated by the Mid-Missouri Internet Crimes Task Force, a suspect used an open connection in an apartment complex to entice a child. The owners of the network knew others were accessing it, but in some cases the subscribers have no idea that other people are using their Web access.

If your network’s name (also known as SSID), is “linksys,” “NETGEAR,” “default” or something generic, and you (or your 14-year-old tech whiz neighbor) didn’t already set up wireless security, you definitely must, said Tracy Perkins, the Mid-Missouri Internet Crimes Task Force’s detective.

Even if you think no one else is in proximity to see your signal because you can’t connect to it in the kitchen, it’s possible to build a homemade antenna increasing range from several hundred feet to miles. These can be made from anything that will reflect the electromagnetic waves of WiFi — a wok bowl, pasta strainer or a Pringles can.

Those so inclined can then take these antennae and a laptop, drive around a city and keep a log of where open wireless connections exist. The process is known as Wardriving, and there are Web sites dedicated to the activity.

This reporter had no malicious intent behind the drive down University, but what might an actively searching person do when they find open connections?

Committing crimes anonymously over your Internet access is just one risk.

“Though less likely, it is possible for a techno-savvy person to get into the files of your home network,” Perkins said. “Any crime that can be committed on a computer can be done through an open wireless network.”

This includes spamming and identity theft.

Certain companies take preventative measures for wireless security. Socket, the largest local Internet provider in Missouri, leases wireless routers alongside their DSL service and will set up the router with a password of your choosing before it’s installed in your home, shift supervisor Scott Dean said.

“Customers can call if they feel their security has been compromised, and we will walk them through changing passwords,” Dean said.

Check with your provider to see what tech support they provide.

MU is in the process of switching its wireless network over to TigerNet1X, a securer version of the current TigerNet. To gain access to the newer network, you must be a student, faculty or staff with a pawprint logon and password, said Terry Robb, spokesman for the department of IT. The current network is set up to accept a universal WEP password. The department of IT plans to convert all access points to the 1X network by January 2008.

Even if it is easier to log in to MU network, it is much harder to break through than a home network.

“We have an extensive array of intrusion detection and firewalls set up,” Robb said. “But the average home user may only have Windows Firewall or Symantec set up, which do work, but having that wireless security key in place really makes a difference.”

If you want more help, call your Internet service provider. If help is not available, go to theWeb site of your router’s manufacturer or call its support number. Finally, search online by typing words such as “set up netgear/linksys/d-link router security” into Google’s search bar.

Like what you see here? Become a member.

Show Me the Errors (What's this?)

Report corrections or additions here. Leave comments below here.

You must be logged in to participate in the Show Me the Errors contest.


Leave a comment

Speak up and join the conversation! Make sure to follow the guidelines outlined below and register with our site. You must be logged in to comment. (Our full comment policy is here.)

  • Don't use obscene, profane or vulgar language.
  • Don't use language that makes personal attacks on fellow commenters or discriminates based on race, religion, gender or ethnicity.
  • Use your real first and last name when registering on the website. It will be published with every comment. (Read why we ask for that here.)
  • Don’t solicit or promote businesses.

We are not able to monitor every comment that comes through. If you see something objectionable, please click the "Report comment" link.

You must be logged in to comment.

Forget your password?

Don't have an account? Register here.