Looking for WiFi in All the Wrong Places...
A client once asked me to add security to his home wireless network. I was able to set it up without issue. The next day, his neighbor calls me and tells me that he has a networking problem. The network is now asking for a passcode, even though he never set up security on his network. What’s going on? Here’s what was happening: Even though he had his own wireless network set up, his laptop had been routinely connecting to his neighbor’s wifi – unbeknownst to him. Even after security was set up at the neighbor’s, his laptop still wanted to connect as usual, but was now blocked. To fix, the laptop just needed to be directed to the proper network.
In this day and age, it’s not uncommon for a mobile device to have ten or more wireless networks in the vicinity available to connect to. Several may be open-access, either because they’re public or because the person who set up the wireless router never bothered to set up wireless security. A computer, tablet, or smart phone might connect to any network available, depending on (1) which one it successfully connected to last time, (2) which has the best signal strength, (3) which has the easiest access, i.e. least security. A device may try one network after another until it finds one it can connect to. Most people are oblivious… so long as their web browser and email works.
What’s an SSID?
Needless to say, people should be aware of which wireless network they’re connected to – or at least be aware that they ought to be connecting to their own. This is important for security, functionality (e.g. your signal will generally be strongest, your neighbor can’t turn it off, etc.), and ethical reasons (e.g. tapping network bandwidth from your neighbor). SSIDs (Service Set Identifiers) are names that identify individual wireless networks. An SSID might be “linksys”, “RP23028”, or “MelrosePlace”. You might see several networks all identified as “linksys”. Your wireless network should have a unique, but not necessarily obvious, SSID, so that you know that you’re connected to it.
What’s the harm?
Aside from other considerations (of functionality & ethics), connecting to an unknown wireless network carries an element of risk. Know that every bit of information coming into or going out from your device can be intercepted en route by a wireless listening device. This can include web pages, instant messages, email passwords, and banking information. This means that any piece of information accessed by or through your device needs to be appropriately encrypted. The best way to achieve this is to use your wireless network with adequate encryption security set up (i.e. WPA/WPA2). Otherwise, be sure that the software you’re using is communicating via encrypted protocols such as HTTPS, or POP3 with SSL. For example, if you’re using Outlook to read your email over a public wireless network and your connection is through POP3 without SSL (or APOP), a listener could collect your email credentials, including your password.
OK, so now what?
(1) Connect with a wire if viable. It’s safest, fastest, and most reliable.
(2) Use only your own wireless network – with WPA/WPA2, or at least WEP encryption.
(3) Use HTTPS, SSL, and other encryption protocols whenever possible.
(4) Never use an open/public wireless network for financial transactions (e.g. paying with credit card, paying bills online, etc.) or when entering sensitive information (e.g. social security numbers).