Context: Bruce Schneier recently made a stir when he mentioned that his home wireless access point is open to anyone to use.
No. Secure your home wireless access point using WPA or whatever happens to be current, effective, and available at the time you read this.
Schneier keeps his home network open for one reason: politeness. He feels that providing "internet access to guests is kind of like providing heat and electricity, or a hot cup of tea." I have no argument with this, but it doesn't mean your home network needs to be open. You can provide an open guest network and still keep your home network secured. The rest of this post goes into more detail.
What are the dangers of running an unsecured home wireless access point?
Eavesdropping and attacks on your home network devices are the things you should be most worried about. While some of your network traffic is secure from eavesdropping through use of SSL, much of it is not. For instance, too many people do not use SSL for email, and access to your email can be a serious security issue because password resets are often sent via email.
Even if your laptop is secured to the point where it is reasonably safe to use on a public wireless network, are your other computers, network drives, printers, Apple TVs, TiVos, and other network devices secured and free from vulnerabilities? These don't have to be wireless themselves to be vulnerable to attack from someone on your wireless network. Maintaining the security of these devices is difficult and by securing your wireless access point you've added another layer of defense that will help keep these devices safe.
My nearest neighbor is miles away and the only road near my house is my driveway which is gated. Can I run an open network?
In this case, running an open wireless access point should be fairly safe. The degree of risk you face is directly related to the number of people who are within range of your wireless access point. People sitting in cars and attacking your network is possible, but you should be more worried about your neighbors and their family, friends, and customers. If you live in an apartment building in a city, you will likely have many neighbors within range of your access point.
An attacker sitting in the coffee shop on the ground floor of your building could hack your unsecured mp3 server and add it to his botnet. Now he can further explore and attack your network from his apartment on the other side of town.
But I want to be neighborly.
Check with your ISPs terms and conditions and if it's allowed, then set up a separate open "guest" network that is segmented away from your home network. The guest network is only for guests to use. Put all of your home devices on your secured home network. If a guest needs access to some of your home devices, then add them to the home network.
Comments