Do you have a wireless router? Is it appropriately configured to be secure? Why bother? I've three reasons.
- War Driving - The revelation by Google of its inadvertent collection of publicly broadcasted SSID (the Wi-Fi network name) and MAC addresses (device identifier) while conducting their Street View data collection should serve as a reminder to tighten up our router security. Remember, anyone driving or sitting in proximity to your business, home or office may be within the exploitable footprint of Wi-Fi signal. Once within your router's footprint they too can collect your SSID and MAC addresses, and if your network is not secured, their odds of being able to collect the information traversing from one end of the connection to the next just increase exponentially.
- Liability -- A German court recently fined an owner of a wireless router for not appropriately securing a device and thus allowing the device to be used by a third party to connect to the internet via the router and engage in illegal download activity. The court in Karlsruhe, Germany noted "Private users are obligated to check whether their wireless connection is adequately secured to the danger of unauthorized third parties abusing it to commit copyright violation." The court noted that owner could be fined up to 100 Euros. Regardless of the laws in your area, legal problems are only one of many reasons to ensure your router is secure.
- Mistaken Identity -- As noted in the prior point, a third party used the connectivity provided by the unencumbered access to an individual's router to perpetrate a crime. Think of how crime-solvers walk their data back. They trace the Internet Protocol address. If that IP address ends at your router, then it is not an inappropriate conclusion to assume the perpetrator of the crime is someone within your home/office/business. Think about the physical inconvenience of being taken down to the local precinct to sort things out; the property seizures and recovery prospects and while you will no doubt be able to explain your way out of a situation, as did the owner of the router in Germany - why put yourself in this position?
If you see your neighbor's Wi-Fi in an unsecure state (e.g., open access) let them know. Don't assume the owner configured the device, perhaps it was a more technically savvy neighborhood high school student or a for hire network installer -- who in both cases failed to put a WPA2 password in place.
In Queensland, Australia the police are identifying unprotected Wi-Fi during their routine patrols and notifying their owners in an effort to protect unwary citizens from their own unprotected routers. This is something suitable for neighborhood watch organizations.
Use a strong password (8-14 characters which aren't a word and include non-predictable symbols [ e.g. (B$@iJH91$(~(K ]. If your router is using WEP encryption and not WPA2 then think about upgrading that router of yours.
You may also consider limiting access to your network to MAC addresses you own or know. Don't forget to set up separate guest connectivity to leave a clear audit trail distinguishing between your use and guest users whom you have no control over.
This could be especially important for the small business owner whose network may be used by an unscrupulous individual.
Christopher Burgess is a senior security advisor to the chief security officer of Cisco®, where he focuses on intellectual property strategies.
Cross-posted from Christopher Burgess, Huffington Post