Become a Patron of Ask Leo! and go ad-free!
Hi, everyone! Leo Notenboom here for askleo.com. I got an interesting question this week that got me to thinking a little bit and actually has me suggesting that you do something very specific to secure your local network.
The question was this, simply that an individual found out that her internet connection was being used by her neighbor, and in fact, this was apparently confirmed by the ISP, although for reasons that I really don’t get, the ISP wasn’t really willing to help her diagnose it much further than that.
The issue was, of course, that this other individual, a nearby, next door neighbor was using up her bandwidth or basically doing things that she wouldn’t be doing on her internet connection, and she wanted to know how to stop it.
Having someone else use your internet connection puts you at a couple of different kinds of risks. The biggest is liability. What most people don’t realize, and again, I’m not a lawyer here. This is more conceptual than it is legal wrangling, but what it boils down to is that you, as the owner of your internet connection, are responsible for what happens on that connection.
If it’s legitimate stuff, obviously, not a problem, but if it’s things like downloading movies illegally, the biggest example we hear of from time-to-time, then you could get contacted by the authorities, because it’s going down your internet connection even though you’re not the one actually doing it. Maybe it’s the kids, or in a scenario like the question today, maybe it’s the neighbor who’s piggybacking on your internet connection.
Another problem you could have with having somebody else use your internet connection in a way like this is performance. All of a sudden, your internet connection becomes very, very slow as they’re hogging all of your bandwidth. It’s a limited resource.
For example, here at home, I’ve got 20 MB download. If somebody else were to come onto my property and start hogging that bandwidth, all of my internet activity would slow down dramatically. That’s something that people sometimes see.
And of course, another problem that I had to experience for a while was that of data caps. If you’ve got a capped connection, which I did, I was limited to a certain number of gigabytes per month before I had to pay overage charges. If somebody else comes along and without your permission and without your knowledge starts making massive downloads on your connection, you are the one still responsible for paying the bill.
So it can be a problem in a number of different ways. Now, the router is typically the point of vulnerability, and in fact, specifically, it’s usually your wireless internet connection that you may be using yourself to connect your mobile device, your laptop or whatever else to your internet connection.
The problem is usually either that you have an open Wi-Fi hotspot. In other words, there is no password required to connect, or you are using a form of encryption or a password that has not been changed from the manufacturer’s default. Many routers, many wireless access point and wireless routers come with a stock password that, to be honest, you could just Google to find out.
If you’ve got this brand, or this model of router or wireless access point, and you look that up with “default administrative password”, you’ll find that not only can you find out how to log in to the router, but you can also then find out what the default Wi-Fi password is usually set to. The solution, of course, is conceptually really simple – secure your router. Specifically, when it comes to your wireless connection, make certain that you have a WPA2 password on your wireless connection.
Now what that means is twofold: One is you can only connect if you know the password, which basically means that your neighbor who won’t know the password, can’t connect anymore. The other thing, though, of course, much like the scenarios in open Wi-Fi hotspots like a coffee shops and so forth is that by putting a WPA2 password on your wireless connection, that wireless connection becomes encrypted and nobody can “listen in” to whatever is going on that connection.
If you’ve got a neighbor that’s close enough to connect to your router, then they’re also close enough to snoop on your connection if it’s not encrypted. So there’s another reason to make sure you’re using encryption on your wireless connection.
WPA2 is what you want. WPA will do in a pinch, but most routers these days support WPA2, which is a strong and secure encryption of your connection. You won’t notice any performance difference. The only thing you’ll have to do is, the first time you connect your computer or your device to your wireless access point or wireless router, you’ll need to specific the password that you selected.
And as always, make sure it’s a good password. It doesn’t have to be super, duper secure, because it’s very difficult actually to do a brute force approach on these things, but it is a password that should be easy to remember, relatively easy to type in and still relatively secure. I recommend at least 10 or 12 characters worth of something that you can remember and easily type in.
This is one of those cases where you can’t always use copy/paste; you can’t always use a password manager for wireless Wi-Fi passwords so you end up having to make up some kind of a compromise between complexity and type-ability, but that’s actually usually a good enough solution for wireless access points.
A couple of comments I typically get when I bring up the point of using wireless encryption, using encryption on your Wi-Fi connection, people ask is WEP good enough? The answer is very clearly no. WEP which stands for Wired Equivalent Privacy is not private. In fact, it was shown to be very easily crackable not long after it was released.
It is essentially almost as good as having no encryption at all. The only reason you should ever consider using WEP is if you have an older device that cannot do WPA or WPA2. In a case like that, you need to look very carefully at how your network is laid out, because it does put your network connection at risk. Hackers can very easily crack WEP encryption.
People also ask me about MAC filtering. Your MAC address is a unique number assigned to every network connection on your machine. And that includes every wireless network connection. The intent is that by specifying at the router, which MAC addresses are allowed to connect to the router, you, by definition, disallow everybody else.
Now, there are a couple of problems with MAC address filtering. It is good, but it’s not perfect. There are a couple of issues. One is that the MAC address even on an encrypted connection is not encrypted. It’s kind of like the address and the return address that you would put on a letter that you are mailing to someone.
The post office needs to know who to send it to; the contents of that envelope, the letter inside can and should be encrypted in the case of Wi-Fi, but the outside part that says this is where this letter is going can’t be encrypted, and that’s the MAC address.
Why is that important? Well, what it means is that if somebody can listen in on your connection, they can see the MAC addresses that are allowed to connect to your router. Seems like an OK thing? What does it matter?
The issue is that while MAC addresses were originally intended to be specific and unique to every individual network adapter, turns out, they can often set in software, which means that someone who is interested in hacking into your wireless connection can first, take a look at the traffic going by, they can’t see the data in the traffic but they can see the MAC addresses that are allowed.
Then they can set the MAC address on their network adapter to be one of the ones that they saw that was allowed, and “poof” they’ve bypassed your MAC address filtering. So, it’s good; it’s something that you could certainly look into. It’s a bit of a hassle. I much prefer WPA2. Just setting up an encrypted connection and leaving it at that.
It’s less problematic, less hackable and secures the important stuff – the data inside the packets, the data that’s being transferred back and forth on your wireless network connection.
And finally, to be honest, one of the things that I kinda rely on is distance. Now, that’s kind of a false sense of security, and I know that to a certain degree, I’m putting myself at risk.
The issue here is this: Wireless networks only work so far. You’ve probably experienced this. If you get too far away from wireless access point, then all of a sudden the wireless connection doesn’t work any more. Well, by definition then, if you are somewhere where your wireless access point is far away from everybody else, like I’m sitting in the middle of a 5 acre parcel of property.
It’s difficult for somebody to get close enough to actually pick up my Wi-Fi signal. Or is it? Again, if somebody were dedicated, it would not be that difficult to put together an antenna or something where they could, in fact, pick up my wireless signals, and in fact, recently, I picked up my neighbor’s wireless signals as technology gets better, the ability to pick up, send and receive, wireless signals over longer distances is improving, so that concept of distance may not really help you as much as you think.
A very quick rule of thumb is that if you bring up a machine that has a wireless connection, say your laptop or your phone, and you suddenly start seeing other people’s access points, other people’s wireless connections, then they can see yours. It’s that simple, so that distance is not helping you at all.
You do need to take some steps to secure your network, and to be completely transparent; I actually have two networks here. I have an open network for my guests and yes, presumably somebody driving along the street could connect to that and start using my network.
Everything else, literally everything else in my home is connected with WPA2 regardless of whether or not somebody can get close enough to it, they still can’t connect to my network on those connections, because I’m using WPA2.
So, bottom line, please secure your router. Make sure that your wireless connection is secure so that somebody else doesn’t use your internet connection when you’re not expecting it and certainly when you’re not giving them permission.
What do you think? What are you doing to maintain security on your network? Let me know. Leave a comment down below. As always, if you are anywhere but on Ask Leo! go visit this link right here. It will take you to the page on Ask Leo! where I’ve got this video and moderated comments. I’d love to hear your concerns, what you think about wireless security and what you’re doing to keep yourselves secure. As always, I look forward to hearing from you and I look forward to seeing you again next week. Take care, everyone. Bye-bye.