Why my home wireless network is wide open to everyone
[I started this as a comment in a friends-only post in someone else's journal, but it got too long. The context is that he just got a wireless network at home, but is slightly anxious about the security implications.]
Don't sweat it! The single most important thing you need to do is change the administrative password to something totally non-obvious. That's the password to log in to the router's web interface and make changes, not the password you need to simply use the wireless (and will thus be giving out to random guests who stop by). I presume you're using very different passwords for both of those things.
Personally, I leave my access point wide open. Further, my SSID is "417 Fulton #1, 510-717-4190", our address & my cell phone number. Anyone who walks by on the street is free to use it. If there's a problem, they know where it is and who to call about it. Why would I do such a crazy thing? A whole bunch of reasons. Go read this:
http://www.schneier.com/blog/archives/2008/01/my_open_wireles.html
Bruce Schneier is a well-respected computer security expert. I pretty much completely share his opinion on this. There are three major reasons why you'd want to restrict access to a WLAN:
1) Security of the computers on the net. They're vulnerable to attacks by things on the local net, so you need to trust every computer on the local net, so you tightly control who can be on it. The problem is that most wireless-using computers are laptops, so you're going to be using them at public wifi points anyway (like Starbucks or airports). Your computer is infinitely more vulnerable here.
2) Theft of service. If I'm paying $50/mo to Comcast/ATT/whoever for my net connection, it's not nice for some jerk to come along and freeload. If someone's just checking their mail now and again, I don't care. If a neighbor's net connection is down for some reason and they're waiting to get it fixed, it's only neighborly to offer them a free cup of wifi. Now this can become abusive at times (and once or twice it has), and someone will start downloading lots of stuff and my own service gets super slow. When that's happened, I'll kick the freeloaders off my net (see: MAC address filtering) for a few hours, and then later lift the restrictions. It's never been a chronic issue.
3) Legal liability. Terrorists or people into kiddie porn or script kiddies might use my net connection, and then the lawyers will attack. I'm so not worried about that. It's a risk, but not a significant one as far as I'm concerned.
Don't sweat it! The single most important thing you need to do is change the administrative password to something totally non-obvious. That's the password to log in to the router's web interface and make changes, not the password you need to simply use the wireless (and will thus be giving out to random guests who stop by). I presume you're using very different passwords for both of those things.
Personally, I leave my access point wide open. Further, my SSID is "417 Fulton #1, 510-717-4190", our address & my cell phone number. Anyone who walks by on the street is free to use it. If there's a problem, they know where it is and who to call about it. Why would I do such a crazy thing? A whole bunch of reasons. Go read this:
http://www.schneier.com/blog/archives/2008/01/my_open_wireles.html
Bruce Schneier is a well-respected computer security expert. I pretty much completely share his opinion on this. There are three major reasons why you'd want to restrict access to a WLAN:
1) Security of the computers on the net. They're vulnerable to attacks by things on the local net, so you need to trust every computer on the local net, so you tightly control who can be on it. The problem is that most wireless-using computers are laptops, so you're going to be using them at public wifi points anyway (like Starbucks or airports). Your computer is infinitely more vulnerable here.
2) Theft of service. If I'm paying $50/mo to Comcast/ATT/whoever for my net connection, it's not nice for some jerk to come along and freeload. If someone's just checking their mail now and again, I don't care. If a neighbor's net connection is down for some reason and they're waiting to get it fixed, it's only neighborly to offer them a free cup of wifi. Now this can become abusive at times (and once or twice it has), and someone will start downloading lots of stuff and my own service gets super slow. When that's happened, I'll kick the freeloaders off my net (see: MAC address filtering) for a few hours, and then later lift the restrictions. It's never been a chronic issue.
3) Legal liability. Terrorists or people into kiddie porn or script kiddies might use my net connection, and then the lawyers will attack. I'm so not worried about that. It's a risk, but not a significant one as far as I'm concerned.