Open WiFi at home or not? I say yes.
January 12, 2008 by Tris Hussey
Filed under Business News
There has been some controversy over Bruce Schneier’s Wired column where he admits that he doesn’t lock down his WiFi at home:
Whenever I talk or write about my own security setup, the one thing that surprises people — and attracts the most criticism — is the fact that I run an open wireless network at home. There’s no password. There’s no encryption. Anyone with wireless capability who can see my network can use it to access the internet.
To me, it’s basic politeness. Providing internet access to guests is kind of like providing heat and electricity, or a hot cup of tea. But to some observers, it’s both wrong and dangerous. Source: Steal This Wi-Fi
Like many commentators (ghacks has good commentary on this), I think for most folks locking down their WiFi is a good idea. I haven’t always, but that was when there was little chance of snooping (like when I lived on Pender Island–people would have to be in my driveway to snoop and I’d notice that). The WiFi here in my apartment is locked down and with my new d-link router using WPA (I had to settle for WEP with the Netgear), but there is a loop hole… I have a Meraki free WiFi node too.
So when people visit, they can just connect to the free node (it’s throttled back btw) or if they need to print something I can let them on the network. People connected to the Meraki device can’t get to my LAN.
I think this is the best of both worlds, yes it took a little extra hardware, but now others in the area can help spread the free WiFi love with other Meraki repeaters.
I think it’s important for people to take computer security seriously, if you’re behind a decent WiFi router you’re well protected from most outside attacks, but if you don’t lock down the wifi node, you are open to attacks from within. I haven’t taken the step to lock it down with hiding my SSID or limiting to certain MAC addresses. That’s a little much. I’ve done it before and it wound up being more of a pain than it was worth. I’ve noticed that around my apartment there a lots of wifi nodes, but only a few are wide open. Which is a good sign to me that device manufacturers have made it easier to lock down your access point.
I haven’t done a war drive for a while (haven’t found software for Vista) but around and about I’m seeing the same thing. Bottom line, lock down your wifi. Even if you’re a cafe and want to offer it for free, lock it down for the safety of patrons. If you want, really want, to offer free access, use something like the Meraki wifi mesh router to offer protected and open access without putting your computers at risk.
Here’s a recent ars article on “wifi flu: viral router attack could hit whole cities” that may be relevant. While a bit out-there, it does recommend using WEP or WPA…so, not open wifi.
http://tinyurl.com/27ya9w
My preference is to turn on security, mainly because our legal system is stupid when it comes to technology and I can just see myself being held accountable for something done by a malicious war-driver.
I saw that article too and I think that’s one reason cafes should use basic security on their APs too. One of my fav Serious Coffee’s (the Sidney location) has a basic password on it, not a huge deal, but a nice step.
Since my Meraki AP has good usage logs I think I’m pretty well covered and I watch for people going on and using a lot of bandwidth. If someone is using too much, I’ll block them.
Almost a year ago, Bruce Schneier asked in his blog if we really need a security industry.
“As I often do, I mused about what it means for the IT industry that there are thousands of dedicated security products on the market: some good, more lousy, many difficult even to describe. Why aren’t IT products and services naturally secure, and what would it mean for the industry if they were?”, Bruce Schneier
http://www.schneier.com/blog/archives/2007/05/do_we_really_ne.html
I think his opinion about making Wifi open consists with what he wrote. He is pushing people to train the warriors instead of relying on untrained warriors with a lot of shields around their bodies.
But the problem is that I have the feeling that he is somehow confused and cannot tell when the warrior’s body ends and when his shields start.
Tarek, I love that last point! Yes it is really hard for even pretty experience computer users to secure their machines to allow for an open WiFi node. Heck that and sw firewalls really, really choke things up.
Just lock it down people. It’s not that hard anymore.