Become a Patron of Ask Leo! and go ad-free!
Transcript
Hi, everyone! Leo Notenboom here for askleo.com. I got an interesting question this week that got me to thinking a little bit and actually has me suggesting that you do something very specific to secure your local network.
The question was this, simply that an individual found out that her internet connection was being used by her neighbor, and in fact, this was apparently confirmed by the ISP, although for reasons that I really don’t get, the ISP wasn’t really willing to help her diagnose it much further than that.
The issue was, of course, that this other individual, a nearby, next door neighbor was using up her bandwidth or basically doing things that she wouldn’t be doing on her internet connection, and she wanted to know how to stop it.
Having someone else use your internet connection puts you at a couple of different kinds of risks. The biggest is liability. What most people don’t realize, and again, I’m not a lawyer here. This is more conceptual than it is legal wrangling, but what it boils down to is that you, as the owner of your internet connection, are responsible for what happens on that connection.
If it’s legitimate stuff, obviously, not a problem, but if it’s things like downloading movies illegally, the biggest example we hear of from time-to-time, then you could get contacted by the authorities, because it’s going down your internet connection even though you’re not the one actually doing it. Maybe it’s the kids, or in a scenario like the question today, maybe it’s the neighbor who’s piggybacking on your internet connection.
Another problem you could have with having somebody else use your internet connection in a way like this is performance. All of a sudden, your internet connection becomes very, very slow as they’re hogging all of your bandwidth. It’s a limited resource.
For example, here at home, I’ve got 20 MB download. If somebody else were to come onto my property and start hogging that bandwidth, all of my internet activity would slow down dramatically. That’s something that people sometimes see.
And of course, another problem that I had to experience for a while was that of data caps. If you’ve got a capped connection, which I did, I was limited to a certain number of gigabytes per month before I had to pay overage charges. If somebody else comes along and without your permission and without your knowledge starts making massive downloads on your connection, you are the one still responsible for paying the bill.
So it can be a problem in a number of different ways. Now, the router is typically the point of vulnerability, and in fact, specifically, it’s usually your wireless internet connection that you may be using yourself to connect your mobile device, your laptop or whatever else to your internet connection.
The problem is usually either that you have an open Wi-Fi hotspot. In other words, there is no password required to connect, or you are using a form of encryption or a password that has not been changed from the manufacturer’s default. Many routers, many wireless access point and wireless routers come with a stock password that, to be honest, you could just Google to find out.
If you’ve got this brand, or this model of router or wireless access point, and you look that up with “default administrative password”, you’ll find that not only can you find out how to log in to the router, but you can also then find out what the default Wi-Fi password is usually set to. The solution, of course, is conceptually really simple – secure your router. Specifically, when it comes to your wireless connection, make certain that you have a WPA2 password on your wireless connection.
Now what that means is twofold: One is you can only connect if you know the password, which basically means that your neighbor who won’t know the password, can’t connect anymore. The other thing, though, of course, much like the scenarios in open Wi-Fi hotspots like a coffee shops and so forth is that by putting a WPA2 password on your wireless connection, that wireless connection becomes encrypted and nobody can “listen in” to whatever is going on that connection.
If you’ve got a neighbor that’s close enough to connect to your router, then they’re also close enough to snoop on your connection if it’s not encrypted. So there’s another reason to make sure you’re using encryption on your wireless connection.
WPA2 is what you want. WPA will do in a pinch, but most routers these days support WPA2, which is a strong and secure encryption of your connection. You won’t notice any performance difference. The only thing you’ll have to do is, the first time you connect your computer or your device to your wireless access point or wireless router, you’ll need to specific the password that you selected.
And as always, make sure it’s a good password. It doesn’t have to be super, duper secure, because it’s very difficult actually to do a brute force approach on these things, but it is a password that should be easy to remember, relatively easy to type in and still relatively secure. I recommend at least 10 or 12 characters worth of something that you can remember and easily type in.
This is one of those cases where you can’t always use copy/paste; you can’t always use a password manager for wireless Wi-Fi passwords so you end up having to make up some kind of a compromise between complexity and type-ability, but that’s actually usually a good enough solution for wireless access points.
A couple of comments I typically get when I bring up the point of using wireless encryption, using encryption on your Wi-Fi connection, people ask is WEP good enough? The answer is very clearly no. WEP which stands for Wired Equivalent Privacy is not private. In fact, it was shown to be very easily crackable not long after it was released.
It is essentially almost as good as having no encryption at all. The only reason you should ever consider using WEP is if you have an older device that cannot do WPA or WPA2. In a case like that, you need to look very carefully at how your network is laid out, because it does put your network connection at risk. Hackers can very easily crack WEP encryption.
People also ask me about MAC filtering. Your MAC address is a unique number assigned to every network connection on your machine. And that includes every wireless network connection. The intent is that by specifying at the router, which MAC addresses are allowed to connect to the router, you, by definition, disallow everybody else.
Now, there are a couple of problems with MAC address filtering. It is good, but it’s not perfect. There are a couple of issues. One is that the MAC address even on an encrypted connection is not encrypted. It’s kind of like the address and the return address that you would put on a letter that you are mailing to someone.
The post office needs to know who to send it to; the contents of that envelope, the letter inside can and should be encrypted in the case of Wi-Fi, but the outside part that says this is where this letter is going can’t be encrypted, and that’s the MAC address.
Why is that important? Well, what it means is that if somebody can listen in on your connection, they can see the MAC addresses that are allowed to connect to your router. Seems like an OK thing? What does it matter?
The issue is that while MAC addresses were originally intended to be specific and unique to every individual network adapter, turns out, they can often set in software, which means that someone who is interested in hacking into your wireless connection can first, take a look at the traffic going by, they can’t see the data in the traffic but they can see the MAC addresses that are allowed.
Then they can set the MAC address on their network adapter to be one of the ones that they saw that was allowed, and “poof” they’ve bypassed your MAC address filtering. So, it’s good; it’s something that you could certainly look into. It’s a bit of a hassle. I much prefer WPA2. Just setting up an encrypted connection and leaving it at that.
It’s less problematic, less hackable and secures the important stuff – the data inside the packets, the data that’s being transferred back and forth on your wireless network connection.
And finally, to be honest, one of the things that I kinda rely on is distance. Now, that’s kind of a false sense of security, and I know that to a certain degree, I’m putting myself at risk.
The issue here is this: Wireless networks only work so far. You’ve probably experienced this. If you get too far away from wireless access point, then all of a sudden the wireless connection doesn’t work any more. Well, by definition then, if you are somewhere where your wireless access point is far away from everybody else, like I’m sitting in the middle of a 5 acre parcel of property.
It’s difficult for somebody to get close enough to actually pick up my Wi-Fi signal. Or is it? Again, if somebody were dedicated, it would not be that difficult to put together an antenna or something where they could, in fact, pick up my wireless signals, and in fact, recently, I picked up my neighbor’s wireless signals as technology gets better, the ability to pick up, send and receive, wireless signals over longer distances is improving, so that concept of distance may not really help you as much as you think.
A very quick rule of thumb is that if you bring up a machine that has a wireless connection, say your laptop or your phone, and you suddenly start seeing other people’s access points, other people’s wireless connections, then they can see yours. It’s that simple, so that distance is not helping you at all.
You do need to take some steps to secure your network, and to be completely transparent; I actually have two networks here. I have an open network for my guests and yes, presumably somebody driving along the street could connect to that and start using my network.
Everything else, literally everything else in my home is connected with WPA2 regardless of whether or not somebody can get close enough to it, they still can’t connect to my network on those connections, because I’m using WPA2.
So, bottom line, please secure your router. Make sure that your wireless connection is secure so that somebody else doesn’t use your internet connection when you’re not expecting it and certainly when you’re not giving them permission.
What do you think? What are you doing to maintain security on your network? Let me know. Leave a comment down below. As always, if you are anywhere but on Ask Leo! go visit this link right here. It will take you to the page on Ask Leo! where I’ve got this video and moderated comments. I’d love to hear your concerns, what you think about wireless security and what you’re doing to keep yourselves secure. As always, I look forward to hearing from you and I look forward to seeing you again next week. Take care, everyone. Bye-bye.
Is WPA2-Personal the right type of protection (vs WEP)?
WPA2 is the latest protocol for protecting a wireless network. WEP is very easy to crack. If you have the option, use WPA2 AES (advanced encryption standard) not WPA2 TKIP which not very secure.
I have a Verizon mobile hot spot; is that also a router? This is a confusing question for me.
Thank you. Ilona Stewart
Yes. A hotspot is the physical area where the internet can be accessed through a wireless router. Hotspot is often used as another name for a wireless router.
I can also allow time slots for access and/or specify an amount of time each user may have to be on the internet. That means I can turn off access for when I am sleeping or I am at work.
WPA-2 may be the best available encryption available but the plain truth is that it is also easily cracked.
How so?
The traditional way to crack WPA-2 Personal passwords is to use the dictionary attack method. When you initially connect to the Wireless Access Point (WAP) a cryptographic hash is generated by using a mathematical algorithm using the SSID (network name) + passphrase. If someone were to intercept this hash, they already know your SSID, they would just need your passphrase to produce an identical hash. So they get a dictionary file (text document with lots of words – one on each line) and try running the same mathematical algorithm to compare which word yields the same cryptographic hash.
To better protect yourself, make your passwords really long; the longer the password the longer it will take to crack. Check your password strength at https://howsecureismypassword.net/ . Also, disable WPS because that’s easily hacked and allows hackers to bypass even the strongest passwords within seconds.
WPA-2 Personal is also weak in that it is a pre-shared key. This means that all users on that network use the same password to connect to the hotspot which is also used to encrypt/decrypt network traffic. As a result, once the password is broken, everyone’s wireless traffic on that network can be decrypted. Just to clarify, if you’re on a secure website (HTTPS) such as your bank, you can think of it as being double encrypted: (1) from laptop to WAP and (2) from your browser to the bank’s server. This means that even if someone breaks your WPA-2 password, they still can’t read your secure web traffic by just intercepting your packets. However, if they get on your network they can do other things to steal your information.
On cracking WPA2: to me that’s a red herring. Any password can be cracked if it’s bad, no matter what the technology involved – dictionary is just one approach. A reasonably secure WPA2 password cannot be “easily” cracked, as someone else was claiming.
On pre-shared key: my understanding of WPA2 is that it gets you entry into the network, at which point a unique encryption key is generated specifically for your connection. Meaning that even connected to a wireless access point with WPA2 encryption you still cannot sniff the wireless traffic of other connections. (This is a marked difference from WEP.) And yes, https over WPA2 is double encryption. :-)
“On cracking WPA2: to me that’s a red herring. Any password can be cracked if it’s bad, no matter what the technology involved – dictionary is just one approach. A reasonably secure WPA2 password cannot be “easily” cracked, as someone else was claiming.” – It is indeed a red herring. It’s all about the password rather than the technology and, so long as a strong password is used, WPA2 is extremely secure.
Leo,
You are correct in that a unique encryption key is generated at the start of the connection. Specifically, this is called the Pairwise Transient Key (PTK). The only problem is that this PTK is always derived from the Pre-Shared Key (PSK) during the 4-way handshake (initial connection). So If an attacker were to capture that four way handshake, he would be able to reproduce the PTK. Even if the attacker didn’t start capturing until after the connection was established he could very easily conduct a de-authentication attack (anyone can do this even without password) to knock the user off the network as their devices would automatically reconnect to the access point. At that point, he could collect the 4-way handshake packets (EAPOL) along with all the wireless traffic and view them in a program called Wireshark; all he would need is the PSK (password). Wireshark takes the PSK and the 4-way handshake packets and automatically makes the PTK which it then uses to decrypt all the network traffic.
So yes, if the original 4-way handshake packets were not captured, an attacker would not be able to decrypt the packets since he would need the PTK which changes at every session. However, as I stated it would be very simple to force a new connection to decrypt all packets from then on.
Note: This is why I use WPA2-Enterprise on my home network which each user has a unique username and password which are stored securely on a Radius server. WPA2 Enterprise truly has per-user encryption security so that even if one user gets compromised (highly unlikely) all the other users are safe. It’
Sources:
http://www.howtogeek.com/204335/warning-encrypted-wpa2-wi-fi-networks-are-still-vulnerable-to-snooping/
https://wiki.wireshark.org/HowToDecrypt802.11
Jimmy D said, “All he would need is the PSK (password).” And if somebody has you password, all bets are off – no matter what form of encryption is being used. WPA2-Enterprise doesn’t offer any features that would make a home network more secure – in fact, it’s complexity may actually result in decreased security. As its name implies, WPA2-Enterprise is aimed at enterprises – not home users – and it enables them to, for example, block access to former employees without needing to change a global password, restrict AP use and client device connections, restrict login times on a per-user basis….and a bunch of other stuff that’s really only relevant in a business setting.
“On pre-shared key: my understanding of WPA2 is that it gets you entry into the network, at which point a unique encryption key is generated specifically for your connection. Meaning that even connected to a wireless access point with WPA2 encryption you still cannot sniff the wireless traffic of other connections. ” That’s not correct. As Jimmy D said, you can indeed sniff the wireless of other connections on a WPA2 network, so long as you know the PSK. In fact, tools such as Wireshark make it very easy to do. The moral: use a strong PSK and be careful who you share it with!
Can you provide a reference for that claim?
How can I ensure my new personal WD My Cloud device is secure from intruders.
I do have password protection on my Router.
I realy only want to use it for home Backup of 3 PCs and 4 portable Apple products
2 iPhones 2 iPads and then I must back it up at least monthly to capture those daily changes. I have an automatic backup program running onthly but that requires the PCs to be turned at the right but some times they are OFF, so NO backup until I arrange a physical one.
This WD cloud system appears great but I need to ensure that the data is secure from intrusion
I have read and enjoyed your data for many years and at 74 digest a great deal..I have never submitted a question as you are so busy but now with a personal cloud product I submit one.. I do noth thrust the CLOUD as such but am alSo sceptical of the invasion of the personal Cloud.. I have the Highest Level of TREND security software installed (a fan since it was PCCillan) and I use Malware Bytes also since its inception (Trend annoys me whenever I have a “NEW” update and it UninstalLs MalwareBytes so I have to reinstall it each time. Sorry the question wraps about securing my new WD Mycloud device from the prying web.. LOVE all the information
RgdS SPOOK NSW OZ
Hope you were able to have a relaxed Xmas and best wishes for a successful 2016
As an ADDED layer of security, you can also hide your SSID together with WPA2 protection and other options that Leo mentioned.
Leo’s comment that “if you can see theirs, they can see yours” is certainly correct, but the implication seems to be “if you can’t see theirs, they can’t see yours.” I believe that implication is not reliable. A close neighbor may have their router configured such that their network name is not broadcast. In this case, you would not see their network, but they could still see yours. Depend on physical distance only if you actually have enough of it and it is reliably maintained. With the increased use of hobby drones, however, I think that becomes a dicey proposition as well. If your network needs to be secure, secure it with WPA2.
Please expain in baby-steps how to be sure that the WPA2 is working? –
I cannot see others in the neighborhood while using this PC (laptop) but using the small computer (Acer) there’s always a list of neighbors’ accessable so I have to remember which is mine; one time, I clicked on the wrong one & was on-line then realized my mistake only because their name popped up.
You’d have to check the documentation that comes with your router to access the administration pages. Sadly, I can’t tell you how since it’s different for each one.
If you need to enter a password in order to connect to your wireless network, it’s working.
Indeed, they don’t even have to hide their SSID, they could simply have better equipment with which to see signals further away than you can.
Greetings, Leo…
In addition to using WPA2-AES, I also turn off SSID so that my wireless router isn’t “visible” to my neighbors. Does turning off SSID help to make my wireless connection more secure by making it harder, if not impossible, for others to find?
…ted benjeski
More difficult, but not impossible. Personally I don’t think it’s worth it.
Security is a series of layers similar to having a fence and a couple of doors to pass through on your house. Each layer in itself isn’t necessarily enough, but combined, they add up to good security. Things like hiding your SSID or MAC filtering are not strong layers, but combined with WPA2 encryption make your system safer than not using them. Personally, I’m happy with WPA2-AES.
Well put.
No, not at all. In fact, disabling the SSID broadcast can, in some ways, be a less secure option.
I agree with Dennis. Hiding the SSID is a simple added layer. And that should be different than the default router SSID too. Mine is 16 characters long, and includes both letters and numbers. The only difficulty this causes is that when you want to give someone access, the need to “manually” setup an internet connection, in order to be able to type in the SSID. But just like a secure WPA2 password, once a device has been set up, you never need to deal with it again (unless you frequently change your WiFi password).
“Hiding the SSID is a simple added layer.” As Microsoft’s Steve Riley once said, “This is a myth that needs to be forcibly dragged out behind the woodshed, strangled until it wheezes its last labored breath, then shot several times for good measure.” Disabling the SSID does absolutely nothing to increase security; on the contrary, it decreases it. Some reading: http://blogs.technet.com/b/steriley/archive/2007/10/16/myth-vs-reality-wireless-ssids.aspx. The post is almost a decade old, but as applicable now as it was then. See too the article linked to near the end of the post entitled, “Why Non-broadcast Networks are not a Security Feature.”
Good article, but I did not see the part where it is argued that disabling the SSID *decreases* security. The argument made is that this step is not itself sufficient to secure a wireless network. The same is stated regarding MAC filtering.
See the other article I mentioned – in particular, the section entitled “Why Non-broadcast Networks are not a Security Feature.” https://technet.microsoft.com/en-us/library/bb726942.aspx#EDAA
“Disabling the SSID does absolutely nothing to increase security; on the contrary, it decreases it.”
Right. And if a hacker hears my computer shouting, “Here I am!” that’s obviously more secure. Note that no one has said turning off broadcasting is the only defense needed; it’s just an added step. It takes about 15 seconds to log in and do it.
“Right. And if a hacker hears my computer shouting, “Here I am!” that’s obviously more secure.” – You’re totally missing the point. From the Microsoft article to which I linked:
“A non-broadcast network is not undetectable. Non-broadcast networks are advertised in the probe requests sent out by wireless clients and in the responses to the probe requests sent by wireless APs. Unlike broadcast networks, wireless clients running Windows XP with Service Pack 2 or Windows Server® 2003 with Service Pack 1 that are configured to connect to non-broadcast networks are constantly disclosing the SSID of those networks, even when those networks are not in range. Therefore, using non-broadcast networks compromises the privacy of the wireless network configuration.”
And:
“For these reasons, it is highly recommended that you do not use non-broadcast wireless networks. Instead, configure your wireless networks as broadcast and use the authentication and encryption security features of your wireless network hardware and Windows to protect your wireless network, rather than relying on non-broadcast behavior.”
It’s an old article, but the information is just as relevant to current operating systems.
I do think that the “probe requests sent out by wireless clients” issue is more of a problem for a corporate/enterprise entity than it is for a homeowner.
Corporate espionage risks mean that someone already knows that your network exists and is looking for a way to get in which would include sitting in a coffee shop across from the offices, scanning the laptops of people who sit down with their latte. Whereas the home-owner’s bigger risk (the one we’re speaking of) is someone driving down the street with their laptop open, looking for easy pickings.
So… again… for the average homeowner it is probably a better tactic to eliminate the SSID broadcasts, yes?
As has been mentioned… you have to weigh the various risks and everyone has a different distribution of risks.
As usual, another great video. I always learn something new.
Toward the end of the video, you mentioned that you have an unsecured connection available for guests. I think it’s worth mentioning – correct me if I’m wrong here- that such a connection is just as vulnerable as any public WiFi hotspot, and should be used with the same caution.
Indeed. It’s an open wifi hotspot, with all the risks associated with that.
I was kind of shocked to read that too, but being in the middle of a 5 acre lot provides an excellent false sense of security
As I see it, everything being suggested in the comments comes down to how much risk you are willing to accept. Everything in life (not just Wi-Fi) is about how much risk you are willing to accept (do I get $1M or $2M liability insurance on my car?).
If the risk is just to keep people out who are too lazy or too cheap to get their own internet, then a good long WPA2 password is probably sufficient. If you think there’s a greater risk of someone being determined to use your internet/hack your computers, then maybe you need to take more steps such as hide your SSID to make you a more difficult target than your neighbour. If you’re extremely paranoid, then maybe a wireless router is not for you. Run network cables all through your house and turn off the Wi-Fi.
I certainly think Leo is someone who understands the risks, and sees little risk of someone sitting outside his 5 acre yard and using his guest network. I think the car in the street would be obvious and it would be inconvenient for the person who has to keep driving to Leo’s house to use his open network.
Also well put. (And quite accurate, w.r.t. my property. Though I am considering throwing WPA2 on the guest network, just because I’ve come to realize that neighbors with better networking equipment could, theoretically, connect. It’s not a huge concern, however, so I’ve still not done it.)
“As I see it, everything being suggested in the comments comes down to how much risk you are willing to accept.” Yup, it’s all about understanding and balancing the risks. – and to do that, you need to understand that the security mechanisms you put in place to mitigate those risks can themselves introduce a whole new set of risks. For example, having a locked door will help keep a burglar out, but it may also keep you out if you lose your key. Adding a second lock will make your house more secure, but you’ve then got more keys to manage and an increased risk of losing one. And, of course, the more locks you have, the more time it takes to open your door – and the greater the risk that one of them will break and refuse to open. The same applies to computer security. For example, encrypting your data will prevent other people from accessing it, but it’ll also keep you from accessing it if you forget your password (as an aside, I’ve encountered far more people who’ve permanently lost access to their encrypted data because of a forgotten password than I have people who’ve had their data compromised because it wasn’t encrypted).
At least I recognize that. :-)
Good Passwords and encryption works well and additionally setting the router to not broadcasting will deter drive-by surfing. Another site to help with your security is grc.com. Gibson Research Corporation.
Thanks Leo. I have a foreign exchange student renting out my extra bedroom for his school year. He needed to get on my WiFi network. Fortunately I had written down when I got my new router the password to gain entry into the WiFi. My question is simple: If he needs to use a password to get in, does that mean that anyone out there would also need that password? And any simple suggestions as to how I can check as to what I am using? I’m new to the wireless router scenario and always used cable connections before. I watched your video above twice and I believe I’m secure though. Thanks again for being here.
That’s right. If he needs a password, then anyone wanting to access your network would need the password.
If he couldn’t connect without the password, then yes that means the password is required. You’d have to look at the documentation for your router or access point to determine how it’s configured, I’m afraid.
One more step that I didn’t hear or see is to turn off broadcasting. If your router doesn’t tell anyone it’s there, it’s harder to find it. You have to give the name to others who want to use your router, but that’s not a big deal, and it’s one more way to keep people off unless you’ve given them permission.
Except that the router can still be identified by those trying to look for it. (They can simply monitor for WiFi transmissions, and notice … “hey, there’s a router over here” and then start trying to connect.)
Isn’t that like trying every key for your front door just because they know it’s there? There are a lot of names possible to replace the default one.
No, it’s more like watching for the key as it travels from your hands to the lock, taking a picture of it, and making a duplicate.
By that I mean they don’t have to try the SSID, they can just monitor nearby Wi-Fi transmissions and SEE the SSID that’s being connected to. (Even when it’s not broadcast “I’m here and this is my name”, it’s still used in the initial handshake “I’d like to connect to SSID, are you there?”)
Exactly. Disabling SSID broadcasting is an attempt at security by obscurity but fails miserably because it doesn’t actually create any obscurity. In fact, the contrary is true: disabling broadcasting makes a network more visible, not less visible.
In the real world, wireless hacking is actually quite rare. If you protect your network in even the most rudimentary way – WEP and a very weak password – it’ll likely not be hacked. And if you protect it with WPA2 and a strong password, the chance of it being hacked is so close to zero that other measures – such as MAC filtering or disabling SSID broadcasting (which is a snake oil fix anyway) – are completely redundant.
I beg to differ with you on WEP and the rarity of wireless hacking. Wireless hacking is pretty common in apartment blocks. People first look for unprotected connections, then they might look for WEP protected connections and possible default wireless network keys.
The issue of wireless hacking/hijacking was discussed during a session at an IT conference a couple of years ago and, out of the 50 or so people present, only one had actually encountered it. The majority of people – myself included – did not even know of anybody who’d been a victim of hacking. I have no doubt that it does happen – and sometimes without ever being discovered – but I don’t believe it’s a common problem.
To be absolutely clear, I’m not suggesting that WEP be used – it very clearly should not. WPA2 + a strong password + (possibly) disabling WPS is the best way to go.
Another interesting problem is all the open Comcast/Xfinity hotspot wireless sites. While Comcast offers that as a service to their subscribers, it is actually done by piggybacking on subscribers’ routers unless they specifically turn it off. See http://www.tomsguide.com/us/how-to-disable-xfinity-wifi,news-19036.html for example. Or http://www.fastcompany.com/3039682/comcast-was-sued-for-quietly-making-your-homes-internet-part-of-the-sharing-economy
Comcast accomplishes this by using a separate internet connection built into the router. It’s like having two routers and internet connections built into one box. Those hotspot connections are isolated from your home network.
“Another interesting problem …” – It’s not a problem; it’s a good thing. User-based hotspots have been offered by European ISPs for quite some time, and very handy they are too. It’s nice to see the US finally catching up!
What about Verizon’s use of personal routers and WIFI for hotspots? This could cause a band width problem. How about legal issues? Is there a way to turn it off?
See my answer to Robert R. As for bandwidth issues, I don’t know. I would imagine they have it covered somehow. As for turning it off, you should be able to check that on their website.
I’ve never heard of this from Verizon, only Comcast. On Comcast I was under the impression it could not be turned off, or required a call to customer support. I’m on Verizon right now, and I can control my router completely.
A Guest access is provided on most routers now (mine does), BUT they still need a password. This is done through the web browser access page.
It limits the access to the internet only, not the network (peace of mind there). I still change the password after every guest has left though otherwise they can connect anytime.
Colin
Not all routers require a password for the guest connection. Mine, for example, does not. Though I may elect to change that so as to enable WPA2 security.
Please explain how would I change my 13 alphanumeric WEP password to a WAP-2
Also can I use special characters like # $ @ * & etc
I used a password like Name#2@7Again for WEP and it has been secure for years.
Now I am looking for changing it to a WAP-2 How?
Thanks.
This depends entirely on exactly what router/access point you have. Check the documentation that came with it.
One big point which I would like to make is that if you are in a terrorist prone area then an unsecured wifi hotspot could land you in a big mess if some terrorist used your connection to conduct any illegal activity.
I know that this is being overly protective but the possibilities cannot be ruled out.
Hey Leo,
I had a question about the router password. I’ve always left my router password as the default (i.e. username: admin and password: password). After watching your video I’ve changed my router password. Is this an important security measure in addition to having a secure wifi password? Please explain.
Thanks,
Sean
Yes it is. Please see the related link article on how to secure your router.
“Is this an important security measure in addition to having a secure wifi password?” – Important? It really depends. If the password is left at the default, then it’s extremely easy for anybody who has access to your wireless network (in other words, somebody you’ve shared your password with) to log in to the router and alter it’s settings. In a business environment, this would obviously be a problem. It could also be a problem in a home environment if, say, you’d enabled parental controls on the router and didn’t want your kids to be able to easily override them. In other scenarios, however, changing the default password may not be particularly important.
That said, even though it may not be important, it’s likely a good idea to change it. Doing so provides an additional layer of security – albeit a very thin one – and is super-simple to do.
All good info. Possibly not related, but an indirect attack might be a phone-clone. Someone with skills to gain access to your phone likely can push through to your network. Mobile devices should turn off WiFi when out in public or not in use. But, as Leo has pointed out from time to time, most of us simply aren’t that interesting.
They do it on the TV all the time, right?
Somebody’s been watching too much Mr. Robot :P
“Is this an important security measure in addition to having a secure wifi password?” – Important? It really depends. If the password is left at the default, then it’s extremely easy for anybody who has access to your wireless network (in other words, somebody you’ve shared your password with) to log in to the router and alter it’s settings. In a business environment, this would obviously be a problem. It could also be a problem in a home environment if, say, you’d enabled parental controls on the router and didn’t want your kids to be able to easily override them. In other scenarios, however, changing the default password may not be particularly important.
That said, even though it may not be important, it’s likely a good idea to change it. Doing so provides an additional layer of security – albeit a very thin one – and is super-simple to do.
You can use WPA2 for your guest: Just have a “This day password is:…” note posted. You set an easy to enter password that you change after they are gone. Several cyber cafés use that approach.
If you have two routers, one for you and one for the guest, turn that second one off when not needed.
I still hear about peoples “securing” their wi-fi access by disabling the beacon. For all I know, this effectively make tour network LESS secure. It’s just that every devices wanting to connect to it must call out their credentials, including the password, in an un-encrypted form that looks similar to an e-mail address. That call need to be renewed every few minutes.
Easy to intersept, allows a “man in the middle” and “evil twin” attacks. It can also allow someone to harvest your credentials and use the password to actualy connect to your network.
I am on the old Embarq [now Century link] and I connect to the router by cables for my two laptops and desktop. I think they are secure, I hope. However I use the wireless feature of the modem/router for my 2 tablets, 2 cell phones and a netbook. Since I am far from a pc geek, most of the chatter on this article is FAR over my head. I’m 73 yr old and cant remember all the puter junk I used to know back in the 80’s. We live out in the country and there are NO Geeks around to help us.
Please tell me if you can: I use ALL numbers/pass phrases and other info printed on the wireless router to connect my wireless gadgets and a long weird passwords on the wireless devices, plus a finger print access on a tablet.
What else do I need besides password and using “startpage” for my browser in Win10 and Win7
I also use Firefox and Chrome browsers for sites like facebook and other junk sites.
Hi Leo,
I have an ASUS RT-N66U router with settings as follows as well as WPS enabled and SSID broadcasting.
Most options were selected automatically during the intial setup, I’m not sure what the “auto” setting does
but further to your discussion should I change my settings to WPA2-Personal or WPA2-Enterprise?
Current Settings:
Authentication method = WPA-Auto-Personal
WPA Encription = TKIP+AES
WPA-PSK key = 26 digit password
Authentication method options =
open systen
shared key
WPA-personal
WPA2-personal
WPA-Auto-Personal
WPA-Enterprise
WPA2-Enterprise
WPA-Auto-Enterprise
Radius with 802.1x
Thanks for all your info,
Randy
WPA2-Personal is what I recommend.
I’ve always known WEP as the abbreviation for Wireless Encryption Protocol. I’ve never seen or heard of the term Wired Equivalent Privacy.
Hmmm.
Nope, it’s Wired Equivalent Privacy (even Wikipedia agrees https://en.wikipedia.org/wiki/Wired_Equivalent_Privacy :-) ). Sadly, it proved to be quite inaccurate as a name.
i didn’t see any mention of an even better, more simple form of security, though it might not work for everyone . . .
turn off the wi-fi and use a cable!
also – i didn’t notice mention of turning off the router when not in use
I have a DSL connection with wireless at WPA-2 and a somewhat lengthy password. I don’t mind sharing that password to guests, because I doubt they’ll do something illegal with it. I also don’t change the password after each one leaves, because then I’d have to change the password for all the devices that access it.
I don’t use cable for two reasons: price is too high, and the connection is far from the computer. I don’t really need a super fast connection. I’m a little sad my ISP can’t increase the speed, but it just means I don’t have to pay more.
I don’t worry about access to our router. It’s got a good password that people wouldn’t be able to guess.
I have AT&T DSL service. Nowhere does the documentation for my Motorola NVG510 router use the term “password.” The “wireless network key” is used to log on to the network. The “device access code,” which must be entered to make configuration changes, is the only password I have been able to change. Both the wireless network key and the device access code are printed on the side of the router. Is that wireless network key unique to this router, or should I be worried? A neighbor apparently has the same AT&T service as I because from time-to-time his network shows up on my list of available networks. Out of curiosity, I have tried logging on to his network by entering my wireless network key–but to no avail.
“Is that wireless network key unique to this router, or should I be worried?” – I don’t know whether it’s unique, but it’s certainly not the same on all NVG510s (part of the device’s serial # is used in the SSID/network key). You’ll be able to change the SSID via the device’s web interface.
“wireless network key” is essentially the name network routers use instead of password. Some routers use a unique key for their default. Others don’t. To be sure, you can contact AT&T and ask them, or you can change the wireless network key. The fact that your neighbor’s SSID shows up on your available network list, is no indication that he’s on AT&T.
His network is named ATTxx. There is another network that shows up that is not (obviously) AT&T.
Your wireless network key is your wireless password.
I think my neighbor is using my internet connection. 6 mo ago she admitted it, I went out and bought a new router and the company helped me set it up. During this time I also got an Apple Smart phone, a TV with ROKU built in. I am using up my 15gigs of bandwidth within 2 or 3 days, then I go to “landline speed”. (Apologies, I’m no computer guru). I don’t know if it’s my neighbor again, my phone or TV that’s the problem. My ISP won’t help because they say it’s the router…the router company said its an ISP issue but for $40/mo was th a one year contract, they “might be able to help”.
I would appreciate some advice on how to get yo the bottom of this. I never used to run out of data before, and the slow speed is extremely frustrating!
High Definition (HD) video streaming uses about 3GB per hour and about 7GB per hour for Ultra HD. Standard Definition uses about 0.7 GB per hour. Your 15GB would be used up in about 5 hours of HD viewing or 20 hours of SD viewing.
I don’t stream any movies or shows….ever. That’s why I don’t know why my data is being used so quickly.
It’d be next to impossible for anybody to access your network if you were to: 1) Use WPA2; 2) Change your Wi-Fi password to one that does not use dictionary words and is 12 or more characters long; and 3) Disable Wi-Fi Protected Setup (WPS). #1 and 2 should be done for both the primary and guest networks (or the guest network can simply be disabled if not used).
In relation to tracking down what’s actually using your bandwidth, this can be somewhat tricky. Your router’s web interface will provide you with a list of devices that are/have connected to your network and may even tell you how much bandwidth each of those devices have used. Your devices will also be able to tell you how much bandwidth they’ve used which may help your narrow things down. For example, if you see that your Windows PC is using 5+ GBs/day and you’re not streaming video, then that’s where the problem lies.
It depends on how much TV you’re streaming. If you watch a lot, then 15GB isn’t very much.
Leo Perhaps the problem I encountered is not valid anymore, but previously when trying to set up a network security protocol using WPA or WPA2. I had network devices with differing wireless speeds B / G// N// AB. I was using D-Link routers and I discovered that I could only use WEP. I contacted tech support and they were unable to help me get WPA to work. I still have devices that use G and N speeds, so I haven’t tried to upgrade to WPA2. Have you ever encountered this problem, and if so has it been corrected?
The only time WEP is required, to my knowledge, is if the computer – not the router – doesn’t support anything better. So you’d have to check the devices you’re using to see if any can’t handle better than WEP, and the decide what to do about that device.
As Leo stated, the wireless standard – G, N or whatever – is irrelevant. What matters is which encryption protocols a particular device supports- and most bought within the last decade or so should support WPA2.