Secure Wireless (Wi-Fi) Surfing

Do you know how to secure your laptop, PDA or handphone before using them to surf wirelessly?
Are you aware of the security issues in setting up and using a “Wi-Fi” network in your home or in public locations when you use Wireless@SG? Read on to find out more...

What is a Wireless (Wi-Fi) Network?

A wireless network is a network that enables users to access the network and provide mobility without the need for physical cables.


Typical wireless network set-up

A typical Wireless Network consists of Access Points (AP1) and Mobile Devices(MD2).

There are generally 2 types of wireless networks:

(a) Wireless network that includes Access Points and Mobile Devices. This wireless network set-up is commonly found in most homes and offices. Most free wireless services like Wireless@SG are also set up in this manner. (For information on how to get connected to Wireless@SG, click here); or


(b) Direct connections between 2 or more Mobile Devices in the absence of an Access Point. This sort of wireless network is also known as an ad-hoc wireless network and is usually set up for a short period of time.

Click image for larger view

Major Wireless (Wi-Fi) network security issues

A wireless network is not confined within physical boundaries. Spillage occurs when information from your wireless network goes beyond its intended coverage. Due to spillage, the following security issues can occur if you not secure your wireless network:

Unauthorised Access: Known as “piggy-backing” or “mooching”, a weakly protected wireless network can be used for unauthorised or even illegal purposes. Hackers or users with malicious intent may use your wireless network to steal your information or attack other computers on the Internet.

Sniffing/Eavesdropping: As information between the wireless network and your mobile devices is sent through the air, anyone can potentially read or capture important information such as usernames and passwords if this information is not protected.

Rogue Access Point: A rogue access point is an unauthorised access point that could be set up by someone with malicious intent. Information such as usernames and passwords can be stolen when users unknowingly connect to the Internet via the rogue access point.

War-driving: War-driving is an activity where hackers drive around the neighbourhood to record the availability of insecure wireless networks. This is usually done so that other hackers can use the insecure wireless networks for malicious purposes.

These security issues can be avoided by securing your wireless network and protecting your mobile devices as you surf.

Protect Yourself As You Surf

The following security measures are recommended to protect your mobile devices such as laptops, PDAs and handphones:

  		• Check that you connect only to authorised wireless networks (e.g. Wireless@SG) and disable the auto-connect feature in your wireless setting. Learn how to do so here.
  		• Protect your information from people who are spying on the wireless network by using password-protected files and encrypting your information before sending them.

    Securing Your Wireless Network

    The access point (AP) is the entrance to your wireless network and it is a good practice to lock the “door” to your network by securing your AP. The procedures for securing your AP can be found in the manual that comes with your AP. The following security controls are recommended to minimise unauthorised access to your wireless network :

  		• Change the default name or Server Set ID (SSID3) of your wireless network and disable the broadcasting of the SSID. The SSID allows users to connect to the correct network via the AP. It is advisable to avoid broadcasting of the SSID so that only authorised users will know the name of your wireless network.
  		• Change the default administrator username & password on your AP. The username and password on your AP are needed in order to modify the settings of your wireless network. Change the default username and use a strong password to make it more difficult for unauthorised users to undo the security measures you put in place.
  		• Enable network encryption. Prevent unauthorised users from reading the information sent between your mobile device and the AP by setting up either Wi-Fi Protected Access (WPA5) or Wired Equivalent Privacy (WEP4) on your wireless network. WPA provides much better protection and is also easier to use, since your password characters are not limited to 0-9 and A-F as they are with WEP. If your AP only supports WEP encryption, use a Virtual Private Network or other encryption solutions when accessing or sending confidential data over the wireless network.
  		• Allow only authorised users to access your wireless network. Restrict access to your wireless AP to only authorised users. Each mobile device has a unique ID called the Media Access Control (MAC6) address. Set your wireless AP to only accept connections from mobile devices legitimate MAC addresses.
  		• Turn off the AP when it is not in-use. If you are not using your wireless network, turn it off to prevent others from using your wireless network for unauthorised purposes.
  		• Turn off Remote Administration of your AP. Network settings for most wireless AP can be changed (remote administered) via the Internet. This feature should be turned off to prevent others from changing the setting to your AP to make it less secure. If you need this feature to be turned on, restrict the machines that can change the settings for your AP via the Internet.

    Steps to check which wireless network you are connected to

    Make sure that you only connect authorised wireless networks. Use the following steps to check which wireless network you have connected to. If you have connected to a wireless network with authorisation, disconnect immediately and reconnect to the correct network.

    1) If the wireless network icon is visible in your system tray in the task bar, hold your mouse over the icon and the name of the wireless network to which you are connected will be pop up in a balloon.
     
     
    2) An alternative method is to double-click on the icon named 'Wireless Network Connections' in the ‘Network Connections’ menu to check the identity of the wireless network that you are currently using.
     

    Steps to disable the auto-connect feature in your wireless settings

    Disable the auto-connect feature in your wireless settings so that you will always know which wireless network you are connected to. This allows you to control which wireless network you are using and protects you from sending information through rouge APs. The steps to disable the auto-connect feature are as follows:

    1) Double click on ‘Network Connections’ icon in the Control Panel, right-click on your wireless connection and select Properties. Click on the Wireless Networks tab.
     
     
    2) Click on the ‘Advanced’ button to open the Advanced properties menu.
     
     
    3) Select the ‘Access point (infrastructure) networks only’ and uncheck ‘Automatically connect to non-preferred networks before closing the menu.
     

    Steps to connect to your secure wireless network

    To connect to your newly secured wireless network, you will have to spend some time setting up your mobile device. This initial set-up will allow your mobile devices to detect and connect to your secure wireless network in the future.

    1) In order to connect to a wireless network that does not broadcast its name, you will have to find out the settings for the wireless network from the person who secured your wireless network. You would need information such as the name of the wireless network, mode of authentication, type of encryption and the encryption key used.
    2) Double click on ‘Network Connections’ icon in the Control Panel, right-click on your wireless connection and select Properties. Click on the Wireless Networks tab.
     
     
    3) In the Preferred networks window, click the “Add” button to add your own wireless network. Enter the SSID (network name) of your wireless network.
     
     
    4) Under Network Authentication, select the appropriate authentication and encryption that is used by the wireless network AP. If you don’t select the correct authentication mode, you will not be allowed to select the correct encryption mode. If you leave network authentication set to Open, the options available for Data encryption are WEP or Disabled.
     
     
    5) Under Data Encryption, select the type of encryption that is used by the wireless network AP.
     
     
    6) Enter the encryption key which the network is using into the boxes next to ‘Network Key’ ‘Confirm network key’. Then Click on OK.
     
     
    7) Windows XP will show its progress as it connects to your network. If the Wireless Network Connection window continues to show Acquiring Network Address, you may have entered the network (encryption) key wrongly.

    Glossary
     (Source: Webopedia http://www.webopedia.com)


    1AP
    In short for Access Point. AP is a hardware device or a computer's software that acts as a communication hub for users of a wireless device to connect to a wired LAN. APs are important for providing heightened wireless security and for extending the physical range of service a wireless user has access to
    2MD
    In short for Mobile Device. It may also be known as mobile terminal and comprise of laptop, notebook, PDAs, etc.
    3SSID
    Service Set ID (SSID) is a configurable identification that allows clients to communicate to the appropriate base station. With proper configuration, only clients that are configured with the same SSID can communicate with base stations having the same SSID. SSID from a security point of view acts as a simple single shared password between base stations and clients.
    4WEP
    In short for Wired Equivalent Privacy. WEP is a security protocol for WLANs defined in the 802.11b standard. WEP aims to provide security by encrypting data over radio waves so that it is protected as it is transmitted from one end point to another. WEP can be typically configured in 3 possible modes: no encryption mode, 40-bit encryption, or 128-bit encryption.
    5WPA
    In short for Wi-Fi Protected Access. WPA aims to provide security by encrypting data over radio waves so that it is protected as it is transmitted from one end point to another. WPA is a Wi-Fi standard that was designed to improve upon the security features of WEP with improved data encryption and stronger user authentication to ensure that only authorised network users can access the network.
    6MAC
    In short for Media Access Control (MAC) address. It is a hardware address that uniquely identifies each device on a network. The MAC layer interfaces directly with the network media. Consequently, each different type of network media requires a different MAC layer.
    About Us | Terms & Conditions of Use
    Best viewed in 1024x768 resolution with Internet Explorer version 4.5 (and above) or Netscape 6.0 (and above).