It’s rare to find an internet connected household that doesn’t have a wireless router these days. They’re just too convenient.
But one thing that folks often overlook is setting up some type of security on the wireless router so that strangers don’t come along and connect to your home network. Setting up security on your wireless router is not just about keeping weirdos from using your internet connection – it’s also keeping them off your home network where they can access your printer(s), shared folders and other resources on the PCs in your house.
The “normal” way to secure your wireless network is to set up WPA or WPA2 security on it – this “encrypts” all of the communication between your wireless router and the PCs/laptops in your house and only allows PCs that have the “secret code” to connect to your wireless network.
The Problem
But there’s yet another way that many “tech-oriented” and even “enterprise level” folks have set up their wireless network to keep people from trying to connect to it – they opt to “hide” their network’s name (aka SSID) from being transmitted. Then in order to connect to it, you need to know what the name of the network is first. That way when a stranger comes along with his laptop and “scans” the air for any wireless networks, his laptop won’t be able to see your network because its been set up not to transmit its name. Sounds pretty secure, right?
Logically, it does. But in reality it’s not that secure at all.
Here’s why. Let’s say you’ve set up a hidden wireless network and given it the name “SPY.” Let’s also say that you’ve set up your laptop to connect to your hidden network, and the network’s name (SPY) is saved on the laptop for easy connection. Since your wireless router isn’t broadcasting its network name (SPY) all the time, the laptop has no idea when it’s within range of your hidden network. So what your laptop does is it repeatedly sends out broadcast messages asking “is the SPY network out there?” until it finally gets a response from the SPY network and then connects.
Can you see the security risk here? As long as your laptop is turned on (and its wireless card is turned on), your laptop is repeatedly broadcasting the message “is the SPY network out there?” until the SPY network responds.
So along comes a “boy-hacker” with his laptop and few specialized wireless sniffing programs (all of which can be freely downloaded from the internet). He boots up and can see that someone’s laptop is asking to connect to a network named SPY. So he takes a chance and sets up his laptop to connect to a network named “SPY” and – boom – he connects to your hidden network. And the worst part of all is that since he’s a “boy-hacker” he’s doing to try to do some damage while he’s connected.
The Solution
For years, the situation I’ve outlined above was reality.
Some security experts debated whether it was really a security risk since the average computer user wasn’t savvy enough to use wireless sniffers to find these broadcast messages that laptops sent out, so hiding your network still keeps the honest people honest. Other experts also rightly pointed out that while a laptop was connected to a hidden network, it wasn’t sending out these broadcasts; so since laptops spend most of their “turned on” life connected to a wireless network, what’s the big fuss? Still other experts mentioned that most home networks really don’t have a lot of cool data to steal, so the motivation to hack them wasn’t really great.
Nonetheless, along came Windows 7.
In Windows 7 when you set up a new wireless network connection you get a box like the one below. Take a look at the option that I’ve highlighted inside the red rectangle near the bottom.
If you’re connecting to a hidden wireless network, leaving that option unchecked actually prevents your laptop from repeatedly broadcasting those “is the SPY network there?” messages! Best of all, by default, Windows 7 leaves this checkbox unchecked, so unless you actually did check it when setting up your wireless network on your laptop, it’s all good; now your laptop won’t be broadcasting those messages when it’s not connected to your hidden wireless network.
So problem solved right? Yes! – if you’re lucky enough to be using Windows 7. Of course, if you’re running Windows XP or Vista you still have that security problem. So XP and Vista users beware.
Conclusion
So the security risk with a laptop that is pre-configured to connect to a hidden wireless network is fixed. Great. Technology (and security) marches on.
Here’s a little something for those who are running Windows 7 while connected to a hidden wireless network – do you want to make doubly sure that the checkbox I mentioned above is actually unchecked? Here’s what you can do:
- Click once on the little wireless signal bar in the lower right corner of your screen (by the clock). This brings up the list of wireless networks that you are connected to (or can connect to).
- Assuming you are already connected to a hidden wireless network, find the hidden wireless network that you are connected to and right-click on its name. Then in the menu that pops up, choose Properties.
- You’ll get a box showing the properties of the wireless network you’re connected to. Click on the Connection tab near the top of the box and it will look like this:
- Notice the checkbox that says Connect even if the network is not broadcasting its name (SSID) (I highlighted it in red for you above). Make sure that checkbox is unchecked, then hit OK. You’re all set.
One final note: simply hiding your wireless network and using Windows 7 to connect to it is not enough to secure it. You also need to set up WPA or WPA2 security (do not use WEP security – it can be easily hacked) on your wireless router to keep all the data traveling through the air from being spied on by the “boy-hacker.”
Stay safe! 🙂
KobyWeb 