Wireless networking is growing at a massive rate and, as it does, so do the security risks. As wireless networks are transmitted by radio waves there are no physical boundaries. With wired networking an attacker would generally need physical access to your building, but with wireless networks, attackers can sit safely outside while gathering data or breaking into your network. Signals can be easily seen many metres away from your building. This can leave you at risk of at least three serious security breaches: data interception, piggybacking or access to your network.
Remember the Mumbai 26/11 atrocities where gunmen stormed numerous buildings throughout the city? The terrorists had piggybacked onto an unsecured wireless network in the city and sent an email to the press. As soon as the press received the email the police traced the IP to a home address. Imagine 20 armed anti-terror police arriving at your door and finding yourself suddenly being questioned by interrogators. The confused home owner must have been terrified when the police cars and vans turned up. Of course, the household was innocent.
Other piggybacking scenarios are when cyber criminals want to; deface a website, break into military networks, view illegal content or steal credit card details. If this is done from their home then a trace may be possible. However, if they sit in a van and use an unsuspecting unsecured wireless network, changing location nightly, then the police would get a list of different addresses. Thus, the cyber criminals may never be found. Any of these situations leave you vulnerable to suspicion, and you could be implicated in crimes you have no knowledge of - you could even end up in court.
In May 2010, KPMG conducted a wireless security survey jointly with the Mumbai police and found 60% of wireless business networks were unsecure. No doubt, within the UK there are probably also plenty of unsecured home or business wireless networks. Similarly, decoy wireless networks are another growing problem. A cyber criminal can setup a free unsecured wireless network in a public place and log all the traffic that passes through it.
Securing a wireless network doesn’t take long and it’s generally a one off setup. As a bare minimum, be sure to implement encryption (not WEP as it can be cracked in under 10 minutes); use WPA or preferably WPA 2. Once the basic setup has been completed, change the default username and password. If someone can identify the wireless router you are using, then they can look up the default username and password and login. To enhance security do the following: change the default SSID ID, change the default access address, lower the signal strength and enable MAC address filtering.