back to article Consumers urged to step up wireless security

Consumers are once again being urged to use the latest (WPA2) encryption technology and apply strong passwords to protect home networks from snooping and other attacks. The call comes in a survey by industry trade body the Wi-Fi Alliance, which warned on Wednesday that "borrowing" access to unprotected Wi-Fi access is still …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    FAIL

    Great idea but...

    As the DS's only do WEP this really isn't a option. If I could step up the security I would but it won't happen as the silicon won't support it.

    1. Colin Miller

      Second WiFi unit

      You can get single ethernet port WiFi routers, just turn it off when not in use.

      I have done it with Netgear and D-Link ADSL/Ethernet/WiFi routers (I'd imagine it will work with most other brands as well). It is done by -

      1) Setting the slave unit's web interface IP to near the end of its subnet.

      2) Turn of the DHCP server on the slave. If this is not possible, set the main unit to serve x.y.z.3 to x.y.z.127 and the slave to serve x.y.z.128 to x.y.z.254

      3) Turn of the DNS server on the slave, or set it to relay to the main unit's DNS server.

      4) Connect them together via ethernet (Doh) - most will autonegotiate so you don't need a cross cable.

      5) Give them a different access point name (Doh)

      6) Clear the slave unit's ADSL settings, and don't connect it to the phone line.

      You can now have the main WiFi working with WPA2 and a password only known to yourself. The slave WiFi can be turned on for the DS or when you have guests. It will forward DHCP broadcast requests to the main WiFi unit.

      1. Anonymous Coward
        Boffin

        RF interference

        Don't forget to set them on different channels so that they won't interfere with each other.

      2. TeeCee Gold badge

        Re: Second WiFi unit.

        There's an even simpler way, get a Draytek router.

        Some of their products support up to 6 (OTT or what?) SSIDs, each with their own security settings.

        You can even enable / disable them individually on a scheduled basis if that floats your boat.

        Rather handily, as it's one unit supporting all the individual SSIDs, the whole shebang's on one channel. This is essential if, like me, you live somewhere that's a bit heavy on the use of the jolly old 2.4Ghz spectrum.

        I tried going to a seperate 5Ghz setup for the "n" stuff, but something round here knocks the whole band out intermittantly and frequently. I reckon it's something at the airport up the road meself.

    2. Anonymous Coward
      Anonymous Coward

      Cisco Aironet WEP

      I have a Cisco Aironet card that also only allows WEP security too.

      It is the only means of getting my Windows 3.1 laptop (Toshiba T2130) onto the wireless network......

      The WiFi alliance must assume that none of us partake in retro computing, that we are all on wireless 'n' on brand new Vaiaiaiaiaiaos and MacBooks.

  2. Reality Dysfunction
    Black Helicopters

    but but

    but if I secure my wireless I won't be able to use it as a defence...... against the black helicopters and their lawyers

  3. probedb
    Unhappy

    Sky routers

    Someone should maybe tell Sky to let users change from the crappy 8 character password they supply you with.

    Letting users have the admin username/password for their routers would help.

    1. Anonymous Coward
      Go

      Re: Sky Routers

      You CAN change the password to your sky router.

      The Sky router username is "admin" password is "sky", or vice versa. I forget.

    2. GeorgeTuk

      Not being funny but...

      ...its great that they now come preconfigured with a password, otherwise most would still be open.

      8 is not great but better than nothing.

  4. Anonymous Coward
    Anonymous Coward

    Seatbelts = bad analogy

    If seatbelts were proven to be easily broken, thus offering a false sense of security, then it might be a good analogy.

  5. Craig Chambers
    WTF?

    Really?

    "Sky router admin"

    http://lmgtfy.com/?q=sky+router+admin

    Top result...

    Sky Router Setup/Configuration

    10 posts - 6 authors - Last post: 26 Sep 2006

    You will be prompted for a username and password (they are admin - sky) : Once you login the default page is the Router Status page, ...

    www.skyuser.co.uk › ... › Sky Broadband help › Sky Router - Cached - Similar

  6. Anonymous Coward
    Anonymous Coward

    "leaving their Wi-Fi network open is not a good thing"

    Why not?

    Vistiors don't have to faff around with passwords, my neighbours can hop on if they're having problems and there is still no-one who has been prosecuted based on originating address evidence alone.

    1. Anonymous Coward
      Alert

      Why not?

      ... because you don't want to discover that your neighbour is a kiddie fiddler, terrorist, drug dealer, or fraudster when it is YOUR door that gets smashed in by the cops, and YOUR PC that gets taken by police for analysis, and YOUR 36 hours spent in police custody explaining it wasn't you?

      Sadly, not being guilty and having a legitimate alibi doesn't necessarily mean the same thing as not being suspected and inconvenienced by the cops.

      And then there's the personal security too... all of your passwords, all of your communications broadcast to your neighbours for their delictation.

      1. Anonymous Coward
        Alert

        THANK GAWD

        IT'S ABOUT TIME SOMEONE THOUGHT OF THE CHILDREN! WE MUST REMAIN VIGILANT (terrified) IF WE ARE TO DEFEAT THE [kiddie fiddlers, terrorists, drug dealers]. KEEP FEAR ALIVE OR ELSE WE'RE DOOOOOMED!

    2. Just Thinking

      Why not?

      Well if someone does use your connection to do bad stuff, you have basically helped them get away with a crime.

      You might not get prosecuted for it but you will probably have your computers taken away, and possibly not see them again for a long time.

      And, given the current laws in this country, they are probably going to find something, however ridiculous, to do you for.

    3. Anonymous Coward
      Anonymous Coward

      why not?

      forgetting all the usual kiddy fiddler stuff already listed, it not only gives someone access to your net connection, it also gives them LAN access to all the pc's/devices on your network.

      That 200GB of music in your itunes folder, carefully organised & shared so your networked media player can see it - deleted for a laugh, or replaced with something else. All those once in a lifetime holiday photos - I'll grab a copy and then... Deleted! Your university thesis, in a shared my documents folder, due to be submitted next week - Deleted!

      ooh, you have a networked printer, i'll have 500 a4, full colour, copies of some hardcore porn printed please!

      What, you also forgot to change the default password on your router/networked printer, well i can use google to get those (as you haven't changed the default ssid), you'll not be using either of those again yourself in a hurry!

      Now i realise that this is a little excessive, but as a kid i'd have thought doing some of that unbelievably funny with no thought to the consequences!

    4. GeorgeTuk
      WTF?

      You, my friend, are mad.

      See above for reasons to turn it on. Now.

  7. Anonymous Coward
    Anonymous Coward

    Treat Wi-Fi like toothbrushes

    Like this? Drop it in the toilet, give it a quick rinse, and hope nobody notices?

  8. Charles 9

    Problem with Home Routers.

    Some are old, others can't seem to handle both high traffic and WPA2 without gasping for Hertz. I have to keep mine off because it otherwise slows ALL net traffic to a crawl. And on the last router, turning on deprecated WEP tended to cause it to fall flat and reboot itself every 5 minutes. And I'm not currently in the market for a replacement router (besides, none of the affordable ones I've seen can do IPv6 yet--just in case).

    1. GeorgeTuk

      Really?

      You must be doing something wrong. Unless you are streaming having a 54MBPS connection is much, much faster than almost all broadband so even losing a little hertz won't hurt. But having someone else suck your internet dry will.

      Never had a problem with Netgear DG834 range, installed over 50 and only one died so far over a period of about 4 years.

      All our 30 branches have WPA2 on Netgear WAPs and I have never noticed a dip in quality, we tested it pretty hard too. Only complaints are when their personal kit can't do WPA2 which is always good!

  9. Wommit
    FAIL

    Err...

    "Consumers can usually activate Wi-Fi security protections in a few simple steps, but much like the seatbelts [sic] in your car, it won't protect you unless you use it."

    No, seat belts used to be quite easy _for some people_ to fit to cars. Quite difficult to very hard for others to accomplish the same task. And it's the same for router security. Some people just _don't_ understand the concepts that they're expected to deal with. This isn't their _fault_, I don't understand much about sewing and I'm assured that that skill is easy to learn.

    So, if you want more people to set the security on this kind of kit, then make it easier for them. Nice usable front ends, cheap easy to access helplines. etc.

    Just moaning that 'they' don't do it isn't going to change things.

    1. copsewood
      Flame

      default configurations and cost cutting

      Unfortunately default configs tend to be set in order to minimise the number of calls needed to the helldesk and this is often an open and just works out of the box configuration.

      Better for each WiFi router to have a random WPA2 password written on a label on the back of the machine. I have recently setup such systems for relatives which have been setup this way by the manufacturer. However, this also should have a device specific admin login/password accessible from LAN side only rather than a well known or searchable pair (e.g. admin and admin ). But that would be in a more ideal world, as opposed to the cost cutting world we inhabit.

      The cost cutting works both ways - end lusers who can't be bothered to learn how to configure a password into their client software and manufacturers who want to minimise helldesk support calls.

  10. The Unexpected Bill
    Alert

    In a way, I'd have to disagree...

    An open wireless network can be a godsend. Before giving up on my former ISP, the only way that I could accomplish reliable outbound connectivity was to borrow someone else's, hoping that it was connected to a different ISP.

    Now, granted, I did meter my activities and I made sure to move around regularly so as not to impact any one person too much. I would certainly admit that there are people out there who would abuse an open connection. So it's a double-edged sword--useful but dangerous.

    It seems that the wireless router manufacturers have made some great strides toward compelling people to use some kind of security when configuring their wireless network. This is, generally, a good thing.

    Yet if you use provider supplied equipment, you may not have any good wireless security options--what springs to mind immediately are the Westell DSL/router devices being passed out by Frontier (a provider of telephone and broadband Internet services in the US) only support WEP at best.

    1. Chad H.
      Stop

      So...

      What you're trying to say is, you're a theif; but not a bad one.

      1. durandal
        Coat

        Yes.

        But only if you can somehow prove that he's squirreled his neighbour's datagrams away and refused to give them back.

        /mines the one with the packet shovel in the pocket

  11. xenny

    Surely everyone thought of this.

    When ubuntu does this:

    http://xkcd.com/416/

    I'd argue it's actually better to not use strong security.

    Literally, think of the children.

  12. kennsmi
    Black Helicopters

    i can't express in words the sound i'm making

    two comments in a day....honestly, i don't usually get this enraged...maybe something to do with the copious amounts of wine I've enjoyed this evening...

    <rant mode on>

    holy cow batman wtf is this big ape that stares at me but doesn't listen even when i shout gtf away ape like man bear pig. What?

    The problem is Egypt...and then there's these mesh things.

    I've been doing what all (by all I mean very few) good citizens do - locking down my wifi as best I can. The problem? That's what 'THEY' want. Divide and conquer etc. If my connection is used for something bad it's MY fault, only I can possibly have done something 'BAD' and they lock ME up.

    In the same way all good civil rights movements grew, we need to grow some effing balls (ball-esses for the ladies?) and say 'fuck you man' as one. It's not just me. If we're strong we can all face this shit-storm together,and they can do absolutely nothing about it. I piss in their cornflakes.

    <rant mode off>

    Right, off to have my Horlicks and then to bed for me. ta ta x

  13. NRT

    A problem I came accross.

    A few months ago my neighbors bought their children a new (second hand) laptop and an internet connection. They found it impossible to set up themselves.

    They spent many hours on the helpline which did not resolve the problem. When I got home that day they asked me to help.

    After a quick look the 'problem' turned out to be that the router defaulted to WPA2 & that their PC could only use WEP. It was easy to go back to my machine, armed with the relevant passwords, and drop the wireless encryption back to WEP. Problem solved.

    The problem is, I now know their passwords and the ISP spent a lot of time (failing) to help.

    What is the ISP to do? Push the default security settings as high as possible and accept that this will increase their call centre costs or keep default security low and get crucified for that?

    Nick.

  14. Anonymous Coward
    Anonymous Coward

    Funny Opposite Problem

    Funny I bought a netbook to have flexibility to get on to our home LAN for file-sharing, working off of the server drive, etc. and eagerly anticipated that. As it turns out I still have to drag a lan cable around as there are at least 3 neighbors running open access points that it always kept sucking my machine to as well as the wife's laptop as well. After trying WPA2, WPA, WEP and nothing at all, even trying channels 1 and 11 (away from the 6 EVERYONE uses) my AP lost out every time (I think it's strongest open signal wins) the those of "Linksys", "TheOpenHole" and of course "Network King", the first and last of whom are probably running a boost amplifier over the FCC 100mW limit. The all have much faster connections than our own slow DSL line, but it defeats the whole idea of working over a LAN as your see their machines as opposed the ones you need on your machines. Oh well, ethernet cable these days is cheap enough....

  15. Mike Flugennock
    WTF?

    like a... toothbrush?

    Shit, man. I paid too goddamn' much for this router for me to be smearing it with Pepsodent and rinsing it off under a faucet.

    But, seriously, folks...

    After a couple of recent prolonged broadband outages, I've arranged with some friends who live across the street from us to exchange passwords so if our broadband goes out again, we can borrow the wifi from them to do important stuff like getting our email -- and vice versa (we and our neighbors get our broadband from two different providers). We're also considering talking to a couple of other friends -- one who also lives across the street, and another who lives a couple of doors down (fairly close, actually, as we all live in row houses) -- to all exchange wifi passwords just among ourselves for just such a contingency... similar to what many Egyptians were doing in Cairo: removing the passwords from their wifi routers so pro-democracy activists and protesters could connect and get their news and fotos out -- before Egypt's internet access was entirely cut off, of course.

This topic is closed for new posts.

Other stories you might like