Wi-Fi security precautions that don't work
(MoneyWatch) Security myths are pervasive. What once worked in the early days of computing, for example, might still be cited as a best practice even though it hasn't been effective in a decade or more.
That's especially true when it comes to wireless security. I frequently encounter advice for securing networks that simply doesn't work anymore -- and in some cases, never worked at all. Tech writer Eric Geier recently noticed the same thing, and documented the top Wi-Fi myths in PC World.
- Why you should never join "free public Wi-Fi"
- Small password improvements equal big security
- Apple iOS 7 users face security risks
Myth #1: Block prying eyes from seeing your router's ID (SSID)
Wireless routers broadcast out their SSIDs (Service Set Identifiers) to let potential users know they are available (even if they are locked). You see them when you look on your phone or computer to see what Wi-Fi options are in range. Popular wisdom holds that you should hide your network's SSID, so your network name isn't broadcast to every hacker who walks past your home or office. Well, most modern computers see networks even if the SSID itself is hidden -- the network will simply be unnamed. The lack of an SSID has never stopped a single hacker, ever. But what's the harm in blocking it anyway, you ask? Well, it might make your network more enticing -- after all, if you're trying to hide it, you must have something good in there.
Myth #2: Pick and choose who can connect by enabling MAC Address Filtering
A really geeky way to protect your network is to use your router's settings to meticulously enter the Media Access Control (MAC) address of every device and computer connecting to your network. The MAC address is a series of numbers and letters unique to each device. Entering the numbers will allow only people with these addresses to access your router. If you only allow those MAC addresses, hackers are locked out, right? Nope. It's easy for hackers to analyze your network, identify an allowable MAC address, and spoof your system. All this does is make life less convenient for you.
Myth #3: Restrict how many devices can connect by limiting the IP Address pool
Like the previous tip, this one has been recommended to me by cable company technicians setting up new service. The theory is that if you limit the range of allowable IP (Internet Protocol) addresses, then hackers can't easily connect. Unfortunately this is also baloney, since hackers can determine which IP addresses are available -- regardless of the size of the pool -- and use one that's open.
So what does work?
In a word, encryption. Be sure that you're using the best available encryption for your router (which right now is WPA2) and use a strong password - at least a dozen characters that combines upper case, lowercase, numbers, and special symbols. If your router doesn't support WPA2, it's time for new hardware.
Photo courtesy of Wi-Fi Alliance
