Wifi, short for “Wireless Fidelity”, is the generic name applied to common wireless networking devices. It comes in two common flavors and two not-quite-as-common, all based on the IEEE 802.11 standards. 802.11b and 802.11g are very common, at 11mbps and 54mbps, respectively. 802.11a was an early update of the base 802.11 standard offering 54mbps, but at a much higher frequency than the later 802.11g systems.
Most wireless installations you’re likely to encounter are based on 802.11g, but 802.11n is coming on strong even though it’s a draft standard, because it offers speeds up to 300mbps, faster than the common wired networks in most homes. If you decide to go with 802.11n, you should verify the interoperability between your Access Point and your systems, as draft standards tend to be more variable in implementation from one manufacturer to another.
Chances are if you’ve purchased a laptop in the past year, it has wireless capabilities built in, as do many current desktop systems. Before you install a wireless network in your home - or allow someone else to do so - you should understand a few important things about wireless security and risk assessment. You also need to decide what information and access you need to protect. For instance, if you have a console game system that connects to the internet, your risk exposure is fairly low; you might lose stored high scores if the system was compromised, or someone might cheat during a game, but it doesn’t expose things like medical records or financial records. If you have a computer attached to the network, chances are it has more important information - financial information, medical information, information that would make identity theft simple. Other types of information represent a different kind of value, such as digital pictures stored on your computer that would be painful to lose, although not financially damaging.
Another asset you want to protect is your network bandwidth, for several reasons. You don’t want the Department of Homeland Security showing up at your door because someone compromised your wireless connection and was surfing Al Qaeda’s web site using your IP address. You also don’t want the FBI showing up at your door because your next door neighbor connected to your AP and started downloading and uploading copyrighted content.
So how do you protect your network? How do you make sure that “bad guys” aren’t using your assets for their purposes? Well, you can make it difficult, but it’s very difficult to make it impossible. The first step is encryption. Your wireless network is broadcast into the air just like a radio station, although with a much more limited range. Anyone can capture that signal and read your traffic if you don’t act to stop them. The simplest form of encryption is called WEP (Wireless Encryption Protocol). It’s already been compromised - it will only keep honest people honest, or non-techies from casually abusing your connection. If you have someone next door who’s serious about it, they’ll get through WEP in no time. The next step up is WPA (Wireless Protected Access). WPA is much more secure than WEP, and comes in several flavors. For most home installations, you’ll need to use WPA-PSK (the PSK is “pre-shared-key”) or WPA2-PSK. “Pre-Shared-Key” means that you must already have the password before you can join the wireless network. In most cases it will be a passphrase. WPA-PSK is a good choice for a home network if you select an appropriately difficult passphrase. Don’t use words or birthdays or social security numbers or addresses. Try and think of phrases that are mangled the way you see things written on license plates. That makes them easy to remember but hard to guess.
The next step in making sure that no one is hijacking your network is “MAC address access control”. The AP is configured so that it will only allow computers with known and pre-selected MAC addresses to connect. MAC stands for “Media Access Control”; it’s the numbers that the local wireless uses to differentiate between different machines at the very lowest networking level. MAC addresses are (theoretically) unique, so when you put your computer’s MAC address in the AP, you can be reasonably sure that you’re safe, although a very perceptive hacker might “spoof” your MAC address - by causing his machine to pretend to be your own. That’s why this must be combined with WPA or other wireless encryption protocol. Most APs show the connected MAC addresses and allow you to select yours from that list before you enable MAC address control. If you lock yourself out, don’t despair - you can usually connect to the wired interface and fix the problem.
Even though you’ve secured your home wireless network fairly well, it’s not impossible to hack it. This means that certain data must be protected even though the base wireless protocol is encrypted. So when you connect to your bank, make certain that your connection is protected by SSL - most browsers give visual feedback in the case of a lock or a green address bar to let you know you’ve connected to a secure (the URL will begin with ‘https’) site. The same thing applies to any site that you might send information to that you wouldn’t want someone you don’t know to have. Your Insurance company’s web site, your mortgage site, your fitness club membership site… anything that might have sensitive information on it.
Wireless networking can be a risky proposition. If you follow the general guidelines provided here, though, you will have a network as safe as you can make it, and you will be able to carry on your online business with confidence.
