A friend said this to me one day while we were talking about encryption and wireless networks. I thought he was kidding.

He wasn’t, and he’s a technically savy guy, although I wouldn’t call him a geek (well I might, just to mess with him). That’s why I thought he was pulling my leg when he said it. He’s like that. He has an interesting sense of humor.

He went on to say, “I leave my [wireless] internet connection open [unencrypted]. My neighbors can use it, I don’t care. It’s unlimited access, and I’m just not an interesting target to a hacker. Leo LaPorte (of Tech TV) leaves his access point open, I do too.”

This is the reality; People become targets when they are unaware of their environment, and don’t take precautions to avoid being a victim. Never underestimate the potential of being senselessly harmed by a stranger.

This isn’t paranoia, it’s the world we live in. It’s why we have policemen.

Listen to this podcast with Leo and Steve Gibson to hear what they say on the subject in Security Now! Episode 10 “Open Wireless Access Points”.

Wireless routers or “gateways” provide an internet connection to a computer with a wireless network card, such as a laptop. This is convenient because you aren’t tethered to one location and can use your computer from any part of the house you want without running Ethernet cable. In addition, wireless networking can be used to set up a LAN with multiple computers in any areas of the home or office, and the wireless internet connection can provide the network with internet service.

It’s a great idea, but probably the single greatest security risk you can have. That’s because even aunt Martha knows what a computer virus is, and probably has at least heard of spyware. And she probably has software that came with her computer that’s already set up and there to help her. The number of consumers that have this level of basic understanding of wireless is much smaller. It’s just more technical than most folks are interested in, but it’s not that hard to understand. It’s not rocket science. There are a few important things to be aware of.

Lets start with why security matters.

We have doors on our house to keep people from entering at will without so much as a knock. We have locks on our doors to keep them from breaking in and using our home for their own purposes, which may include harming us. People understand this, and it’s not questioned. There are communities where doors can still be left unlocked, but even there, we know that people from outside that trusted community can show up on our doorstep. We understand that there are evil people in this world who will attack us for a reason or no reason at all.

As for our wireless connection to the internet; It’s not just about people you don’t know connecting to your all-you-can eat high speed internet connection, it’s a risk that has the potential to significantly impact your entire life. That’s because we live in a computerized world, and people can do great damage to us if they find a vulnerability in the way our lives are connected to that world.

It has nothing to do with whether or not we are a juicy target for an online attacker. Attackers will electronically “mug” weak targets that have little or no protection in place. Some people do it for fun, others for profit. Identity theft has become a buzz phrase, so I will break it down to the serious components. If someone can collect information, even a small amount of information, such as an email address, they have the beginnings of a weapon to use against you. Email addresses, for example, are used for financial transactions over the internet. I kid you not. Check out Paypal sometime. In fact one of the most common attack methods is to pretend to be a financial organization that needs to verify your online account information. They give you a link to click on that takes you to a fraudulent web site. You “log in” and enter you private information such as credit card numbers or passwords. These web sites can be quite convincing because they look like the real McCoy.

This is a cautionary tale about why you should always consider yourself a potential target of attack from unknown individuals, especially when you are online….. or using a wireless connection.

When you want to make a connection to another computer with your computer wirelessly, you simply look for a computer that’s broadcasting an SSID. This is simply the name of the network connection and it can be anything. For instance, I used to have a wireless internet connection with an SSID of “worldvms” and that’s what showed up when someone went into their wireless connection screen looking for their own gateway. That, and theirs, and everyone elses within a radius of a couple of houses. You have to be able to see all of them to know which one to connect to. If one of my neighbors dosen’t encrypt their connection, I could accidentally ….. or purposefully, connect to their gate way, and use their internet connection.

Why is this a bad thing? After all, I have good neighbors, and I’m not worried about it. Why not keep my gateway open for them to use my internet connection if they want to. It’s just paranoid to think it’s risky.

No it’s not.

Why? For a variety of reasons. How well do you know your neighbors? Most criminals have neighbors. But lets assume that you do have fine upstanding citizens, and really nice folks for neighbors. Why not share your internet connection?

This one is so simple, many people haven’t ever thought about it before. Sometimes the obvious is hidden right in front of you.

Legal responsibility.

If you don’t take responsibility for securing your wireless internet connection, and it’s hijacked and used for illegal activity, you could find yourself in court facing charges. That’s because if a stranger connects to the internet wirelessly through your gateway and say, illegally downloads pirated material such as movies and music, the source of the illegal activity is going to be your computer, not the guy who wirelessly connected to your internet connection. A trace back won’t reveal his computer. He will sit back in comfort while the RIAA and FBI show up on your door step.

That’s just one of many really unhappy things that can happen. But the good news is that there is a way to protect yourself. Encrypt your wireless connection.

The eight commandments of wireless security:

1. ALWAYS encrypt your wireless connection(s).
2. Never, ever, ever, ever, ever - don’t leave your network open for anonymous connections. Just don’t. ALWAYS ENCRYPT YOUR CONNECTIONS! (did I say that already?)
3. Use the strongest encryption method supported by your hardware.
4. Repeat after me: “Any encryption is better than none at all.”
5. Use a completely random password made up of letters,symbols and numbers or if required Hexadecimal numbers. Make it as long as possible. Each character increases the number of combinations exponentially. That’s a good thing.
6. Never use a password that includes real words, even if they have non word symbols and numbers in them. You might as well publish them in the want ads if you do. The bad guys always start with a dictionary attack, because most people use real words in one form or another.
7. Don’t worry about not being able to remember the passwords. If you can’t remember them, and they don’t appear in a dictionary, they will be really hard to crack. Use a flash drive and store all your passwords in a file on it. Then lock it up in your safe or other secure area. If you have a blackberry or similar device, put them in the password safe.
8. Two common methods of encryption are WEP and WPA-PSK . WEP has well known, easily exploited weaknesses. Use WPA-PSK if you can (info on setting up) , and use a long random password. WPA-PSK can use a password from 8 to 63 characters long. Generate a random one here.

Unencrypted wireless networks expose you to intrusion, hijacking of your internet connection, viruses, spyware, stolen personal data, and other bad, bad, stuff.

The bad guys are going to look for the easiest targets and move past the ones with even the bare minimum security. Any encryption is better than none. At the very least, use WEP.

The bad guys can pull up in front of your house with a laptop from Circuit City, and connect to your unencrypted connection. don’t make it as easy as shifting into park.

Compute safely,

Denigris