On securing (or not) your wireless network

| Comments (2) | Networking
Matthew Yglesias links to Tim Lee's post about wireless networks:
As I argued in an op-ed last year, this is silly. Accessing someone else's wireless network, especially for casual activities like checking your email, is the very definition of a victimless crime. I've done the same thing on numerous occasions, and I deliberately leave my wireless network open in the hopes that it will prove useful to my neighbors.

The only concrete harm opponents of "piggy-backing" can come up with is that the piggy-backer might commit a crime, such as downloading pirated content or child pornography, with your connection. But remember that there are now thousands of coffee shops, hotels, and other commercial locations that offer free WiFi access, and most of them don't make any effort to verify identities or monitor usage. So someone who wants to get untraceable Internet access can go to any one of those establishments just as well as they can park outside your house.

Which isn't to say that there are no reasons people might not want to share their network connections with the world. If sharing your Internet access creeps you out, by all means set a password. And there's almost certainly work to be done educating users so that people are fully informed of the risks and know how to close their network if they want to do so.

So, I certainly agree that piggy-backing isn't much to worry about [*], but that doesn't mean that it's a great idea to run your wireless network completely open. Most home access points are some kind of NAT, which provides a substantial amount of security againt attacks from the Internet, at least primitive port-scanning type attacks. If your machines are properly secured, this isn't necessary, but if they're not—as is reasonably common—then it provides a useful backup.

On the other hand, if someone is on your wireless network, then they will get a private address on the same network block as you and be able to talk directly to your machines, which is a substantially inferior security situation. So, as a belt and suspenders move, it's certainly understandable why one would want to keep people off one's wireless network. This becomes even more true as people start moving hardware that would usually be physically wired onto wireless networks as an alternative to running Cat5 through the entire house.

2 Comments

I actually know someone who runs two networks, for this reason. One is open and connects to the cable modem. The other is secured and wires into the open one. All his computers use the secured one, and are thus behind a NAT box/firewall relative to the open network.

With the price of wireless routers these days (the last one I got cost $10 after rebates), it's a reasonable thing to do if one is a little altruistic.

I leave my network wide open. If you happen to be in my neighborhood, look for the SSID HONEYPOT.

Having other people use your network also leaves various opportunities for mischief.

On the less amusing side, if you discover other people are using your connection on a regular basis, you could employ some DNS trickery to see if you can get their Internet banking credentials.

Leave a comment