Let me, at least, make one important correction to what you’ve described:
If you give someone access to your wireless access point, you have given them access to your home network.
They’re on it.
Now, what they can see depends on a number of things but to be blunt…
I hope you trust them.
Become a Patron of Ask Leo! and go ad-free!
A Wireless Connection
It’s important to realize that a wireless connection – regardless of how your hardware is set up – is a connection to your network.
A very common scenario looks like this:
That’s a simple setup where multiple computers are connected to the internet via a single device: a wireless router. Some computers are wired, and some computers are connected via the wireless connection.
It’s important to realize that this is exactly equivalent to this:
A wireless router just puts the wireless access point in the same box as the router itself, but in either case it’s nothing more than a connection to your local network.
And of course machines on your local network should all be able to “see” each other.
About That Encryption
It’s good that your wireless access point is using encryption, but it’s important to realize what it does and does not do.
By giving your neighbor the password you’ve given them the encryption password. As a result, the encryption is not affecting your security with respect to them at all. It’s as if they were connected directly to your network – because they are. It’s almost the same thing as having given them a wired connection to your router.
The encryption prevent others – people to whom you have not given the password – from accessing your network.
But that’s all.
What’s the Risk?
There are three basic risks:1
- If you have computers that share files or a printer among themselves, your neighbor may be able to access them.
- There’s a tiny risk that depending on how your router routes traffic that your neighbor may be able to “see” that traffic. I call it tiny because routers typically do not route traffic to computers not involved in the conversation.
- If your neighbor’s computer becomes infected with malware it may propagate to your machines.
To be honest, it’s the last one that scares me the most. The first two are all about your neighbor’s intention, which in most cases is probably honest and above board and is at least something you can attempt to judge. The later, however, involves your neighbor’s ability to keep their own system free of malicious software. That’s a risk I’d be reluctant to take even with the best of intentions.
To address your banking concern: as long as your bank is using https then I don’t see an issue. Https encrypts the connection between your computer and the bank, so even if your neighbor was able to see your network traffic they would not be able to decode your banking conversation.
So, short of denying your neighbor access to your network, what can you do?
At a minimum turn on the Windows or other software firewall on every machine you have on your network.
A more secure approach is to use a second router:
The important characteristic here is that there is a router between your local network and the point at which your neighbor connects.
As I often say, a router acts as a firewall, and as such it has a “trusted” side – your local network – and an “untrusted” side – normally the internet – that it’s protecting you from. This setup draws that trusted/untrusted line between you and your neighbor.
Yet another approach is to get a wireless router specifically designed for this application. In recent years wireless routers have come to market that actually provide two separate wireless connections, one of which is isolated from your local network. While the intent is typically to provide access to the occasional guest in your home, the guest connection could also be the one you share with your neighbor.
One Possible Legality
Finally, there’s one more thing I want you to look into before you agree to share your internet connection with your neighbor.
I want you to check the terms of service with your ISP.
It’s very possible – perhaps even likely – that they explicitly prohibit this type of sharing (you’re taking away a potential customer after all).
While it’s unlikely that they would detect that the connection was being shared with a neighbor, if they did, you could be penalized in some fashion.
1: Note that on a password-protected Wifi hotspot being able to access the hotspot does not imply that you can also sniff the traffic of other computers connected to the same hotspot. Even though the password to connect is shared among all users, in WPA and WPA2 the actual encryption key used for each connection is different.