Sunday, March 15, 2009

Secure WiFi?

Let me just throw this question out there - even if I sound like a crazy. Why do you secure your WiFi? I like to fancy myself as someone nerdy enough to understand network security, but I don't necessarily understand the pragmatic reasons behind having a tightly secured wireless network. I suspect that most people secure their wireless network just because that is what they are supposed to do rather than having specific rationalizations.

Reasons secure WiFi is a good idea, and why you should not care

People would steal my bandwidth
How about being nice to your neighbors and paying it forward a little bit. In the days of 20Mb/s Internet connections are you really going to notice when the next door neighbor who can't afford their own connection wants to check the weather or look up a recipe? It would be foolish for someone to hop on your connection and then peg your bandwidth by seeding all their movies on Bittorrent - they would be noticed. If you do notice it is trivial to just cut them off.

People could use my connection for nefarious purposes and I'd be on the hook
Sure, they could use your connection for something bad, but how likely is this in reality. The ice cream man down the street that likes to browse some of the most repulsive pornography known to man is more likely to use TOR or a few select proxy servers then to drive to the front of your house to use your WiFi. If my neighbors had their WiFi open as I do then if my Internet connection were to go down while I was working at home I could pop onto another network and keep working without trouble. I this this use case is far more likely. There is also plausible deniability that goes along with being neighborly and leaving your connection open. Should you find yourself facing a civil suit from motion picture or recording industry it is perfectly reasonable to say that this traffic could have originated outside the walls of your home.

The neighbors could sniff and see where I am browsing
Yup, the neighbors could sniff all your non-secure connections. After setting up a sniffer they will see what sites you frequent and who you are talking to on insecure IM conversations... just like everyone else in the path of the TCP connection can do. Look, if you want to be secure and you're not using end-to-end security like TLS/SSL then you're not really secure anyway. Your ISP can sniff as well. Most people I see use WEP anyhow, which as I understand is completely broken. The type of person that would want to sniff your traffic is the type of person that can go to lengths to crack your WEP... use WPA2 if you have a stalker and insist on using insecure protocols for information you want protected.

My Windows computer could be owned
It already is.

Why your security is annoying

When friends come to your house with their iPhone or laptop, now you need to search around for what your password is - which you have about even odds of having lost. You probably won't remember if you're using WEP, WPA, WPA2 or whether you have a 64 bit or 128 bit ASCII or HEX password. If you're using a password worth a damn then it's going to be near impossible to type that into an iPhone. Maybe you've only set up "don't broadcast ESSID" and implemented MAC address filtering. A tcpdump and a couple minutes later and I could get on your network anyhow.


  1. I completely agree on pretty much all of your points here. I continue to keep my home wifi open and searchable. Every now and then I see odd hosts in my routers list, but now that I live in a blue-collar suburban neighborhood (and not the ghetto), I don't see people trying to abuse the connection.

    The benefits of having it open outweigh the downsides of having it locked up. Its like those people who fence their yards up with 10 ft high walls, security alarms, gates, etc. You give up some freedoms and live in a jail.


  2. I wish I'd read this before last weekend ;)

    The truth of the matter is, I'm in a battle with my neighbor on one side. She's a huge b*tch and although she shared her internet connection with me out of ignorance for years, when she figured out that I was using it she locked it up. So I had to dig out my D-Link and set up my own, which was enough of a pain that I decided that I wasn't going to share back with her, either. I know, it's stupid.

    But as for WPA 127 bit HEX passwords, I agree. Fortunately my easy-to-remember 12 digit key which is also my phone number goes into the key field of my OS X UI and it just works. I don't have to remember what kind of encryption or password i used.