By now, everyone has probably read the news of the man who was arrested for “stealing” an unsecured WiFi signal. As I have read the news stories, several thoughts have come to mind:
- How can someone be guilty of theft when he was not on the land of the property owner? Indeed, the signal was being broadcast onto public property.
- On the other hand, mail messages move through public space. The mere transit of public property does not vacate the right to have security of transit for paper-based mail. And what about phone lines? They sit on public property. [Actually the phone companies have been granted easements by public landholders – i.e., the government.] So standing on public property shouldn’t “permit” you to exploit a wireless signal.
- How can someone be gulty of theft when the signal was not encrypted and the router was completely unsecured?
- On the other hand, if I leave my unlocked briefcase in an airport restroom, this does not give anyone the right to open the unsecured briefcase. Of course, shame on me for not locking my briefcase. And shame on me for leaving my valuable documents in an unsecured container on public property. But the fact that a lock has not been enabled does not give someone the right to open the briefcase.
- How can anyone own a wireless router and not take even the most basic of precautions? People don’t seem to realize that sensitve data is being broadcast beyond their property line.
- In the past, I’ve done some “war walking” to demonstrate (in)security. Should I turn myself in?
But let’s put aside the ethical discussion for a moment. What should we do?
As individuals, we should secure the wireless infrastructure that we have installed. Here are a few basic steps you should follow:
- Locate the Router or Access Point Appropriately
- Change Default Administrator Passwords
- Change the Default SSID
- Disable SSID Broadcast
- Turn on Encryption
- Enable MAC Address Filtering
- Assign Static IP Addresses to Devices
In addition to these simple steps, you should also check out good security sources on the Internet. Tony Bradley has an excellent series of tips on the About.com network. Tony also has some great links to books and other articles.
Once you’ve secured your own systems, start thinking about those around you. As wireless consumers, we should urge the many wireless device manufacturers to simplify the process of enabling security. Linksys (a wireless hardware manufacturer) and Broadcom have created the SecureEasySetup program. Buffalo has endorsed the AOSS program. These two technologies were recently compared over at Tom’s Networking. I won’t recommend one program over another. But both programs do one simple thing: they make the process of enabling secuirty far simpler.
If you aren’t secured, what are you waiting for? Highly publicized arrests ought to alert you to the fact that some folks will use your wireless infrastructure – if you let them. After all, you have locks on your front door, don’t you?
-CyclingRoo-
*Update 7/8/05* – Declan McCullagh has a pretty good article about this subject at C|Net’s News.Com site.