As Declan's article mentioned, I've been running an wireless access point with an SSID of "public" for the last few years, since I bought it along with a pair of wireless PCMCIA cards while living in Charles Village back in 2000. It's an old WET11 which required a USB connection to a Windows machine and some special software to run. I have had neither for a few years, so rather than try changing any of the settings, it's easier to just leave it the way it is. It's kept me from impulsively adding WEP at random intervals during its history.

I believe that wireless routers keep people safer from the vastly more common random attacks and infections on the Internet than the risk that they assume by opening up 300 feet of the space around them to their local area network.

When doing a general risk assessment, the following questions are key to determining the amount of effort you should put in:

• Who is my attacker?
• What do I have that they want?
• What resources do they have?
• What are they willing to spend to get what they want?

Obviously the risks are different for different situations. Say you've got an unsecured Windows PC sitting behind a firewall and an obsessive stalker ex with a wireless card in his or her laptop, you are probably at risk to a very specific attack on your network because of who you are and what a person could do with access to the same Internet connection as you.

In that case, your attacker is someone who wishes to use your network to leverage harm against you, either to deny you something or to find information to use against you. In this situation you might even consider disabling the wireless network altogether, as this attacker might even have the tenacity to deconstruct 2GB of your traffic over a long period of time to gain access to your WEP key and in turn to your system.

For the typical owner of a wireless access point in the suburbs, however, the "attacker" is not likely to have any malice against them or any evil intent at all. The typical person to come into range of the access point will want to check their e-mail or surf the web for a few minutes. So what has the owner of an unmetered broadband connection lost? If they are home and using the computer at the same time, perhaps their Internet access is marginally slower. If they're not, then they may never know that someone has been around to use their access point.

Weigh the risks of the maybe dozen neighbors in range of your access point against the billion potential attackers throughout the Internet that could be trying to gain access to your machine at any minute. Being forced to tuck all your machines behind the NAT of the router/firewall in the first place decreases your potential for being the victim of a random exploit attack.

No Comments | #5654

Unless noted, all content on epistolary.org is © Copyright 1999-2008 to Rob Carlson with all rights reserved. All information is verified when possible, cited as appropriate and applied in the real world at your own risk. Send all feedback to rob@vees.net.