Speaker Key: PB Phil Brown, DW David Whelan
PB: Hi it’s Phil Brown and I’m here with David
Whelan and we’re going to talk about wireless security tips. We’re
hearing a lot about wireless and Wi-Fi so maybe we should just talk
about what is it?
DW: The basic technology is wireless networking
and it sometimes becomes confusing because we now call cell phones
wireless phones but they’re not really wireless in the same way that
we’re talking about wireless networking, which is also known as Wi-Fi.
It allows you to have high speed connections from your computer across
your network or to other computers on your network.
PB: And it’s really just a radio signal that’s being broadcast back and forth by a transmitter.
DW: Exactly. The quality of that transmission can
vary so if you’re inside an old-fashioned building with heavy, thick
walls the signal might not actually leave your building, but if you’re
in a modern building or if you have a lot of windows your wireless
signal could actually penetrate out into the open world. Or
conversely, if you’re outside a building that has a lot of open glass
windows or thin walls you might pick up a wireless signal from somebody
else who might not intend to transmit it.
PB: So the term Wi-Fi is really just a trademark name.
DW: Yes, it’s for marketing.
PB: In theory, I suppose for making regulations also so they can certify things as being a certain standard.
DW: Right and that is part of the alphabet soup
that comes with wireless. You have wireless speeds of A, B, G and N.
So when you hear about Wi-Fi N or Wi-Fi B those refer to particular
speeds of the wireless networking technology.
PB: So in other words, how fast or how slowly you could transfer a file.
DW: Yes, and some of those speeds are aspirational.
PB: So let’s talk about some of the potential dangers of a Wi-Fi connection being open.
DW: Open really means there’s no security on it
and this is most commonly discussed in the area of coffee shops where
you go in and you sit down in the coffee shop. Starbucks is a good
example where they have free wireless and you can get it at McDonalds
as well if you’re at the McCafe. You log onto their network and you can
do things on the internet, send files, download files, check your
email, but there’s no real security, it’s just a checkbox saying that
you agree to follow the terms and services and then you’re off and
running and so is everybody who is sitting around you.
PB: Also if you set up a home Wi-Fi network or
even an office Wi-Fi network without setting any security protocols it
would be an open network too.
DW: Yes. A good story I have on that is my sister
went to a coffee shop in Maryland and every morning there would be a
lineup of cars next door and next door was the police department and
all of the people in these cars were connecting to the police
department’s unsecured wireless network.
PB: Now those people who are receiving those
signals or picking up those signals from maybe your computer or anyone
else’s computer. There’s a recent Illinois decision saying that’s not
DW: Yes and I think that should give everyone
pause for concern if they are sending anything related to clients. It
doesn’t even have to be confidential information, it can just be
addresses, any sort of data they’re sending related to their clients
and even more basic they should be worried about their user names and
passwords being picked up by people who are using software that’s
freely available and can watch transmissions that are sent from a
computer to a wireless connection or access point.
PB: So we’ve talked a little bit about the
potential dangers of leaving connections open. Let’s talk a bit about
standard encryption that’s available.
DW: There are two ways of encrypting your
transmissions. The basic one is if you’re using a web browser, make
sure that the web sites that you’re visiting use the https or security
sockets standard. You can tell because if you go to a web site and
there is no s after the http, your connection isn’t encrypted. But if
you go to your bank or if you go to certain online social media sites -
your Facebook account, you’ll notice that in most cases the service
wants to provide you with a secure connection and they convert that.
You can see it by seeing the s in the https location in your web
PB: Right and it’s available for Firefox and for Chrome. I don’t think it’s available for Safari.
DW: In some cases, the web site provides a secure
connection for you and then there are additional add-ons. One of the
great add-ons is called https everywhere and that is a Firefox only
add-on. It will automatically turn on https if the service is
available, whether or not you are aware of the service being
available. Many sites will turn it on for any web browser including
for portable or mobile phones.
PB: And just to be clear on what’s being encrypted
- it’s your information being sent to that web site and from that web
site to you.
DW: Yes, and I think one common misconception is
the information on the other end is anonymous or somehow is protected.
They may still be gathering information about your visit and where you
came from and so on so it’s not really a privacy protection it’s really
a matter of blocking eavesdroppers from seeing the information.
There’s also ability to use virtual private networks or VPNs and that
allow you to encrypt not only what’s going on in your web browser but
if you’re using your email account through Microsoft outlook or
something like that or some other software, you can actually connect to
your office and securely create a tunnel or a pipe directly to your
office over the internet and no one would be able to access your
transmissions at that time.
PB: And that’s an option if you’re on an open
network like a Starbucks or a Timothy’s or a Timmy’s or any of those.
You could use a VPN, this virtual private network or pipeline to
connect to your office. There are a number of different services
available out there to set up a VPN for free.
DW: You may find that if you’ve got an internet
router, which is the piece of hardware that connects your office to the
internet, it has VPN support built in, in which case you could use this
software. Otherwise, there are open standards like Open VPN, which
you can download on the web and use and there are other free services
that allow you to download a piece of software to your phone or to your
computer and then provide you the network to connect to.
PB: One of the things that makes using wireless
devices, phones, computers and wireless routers potentially dangerous is
that every device has a Mac address and a Mac address is just a
physical location address that you can punch into a piece of software
and you can communicate with it.
DW: Right, and another misconception is that it
only applies for Apple computers but every device that connects to the
computer has this device specific piece of information and it can be
spoofed but in many cases it can be used by you to secure your own
network. So if you have your own wireless network in your office you
can set it up so that only certain devices with certain Mac addresses
will be able to connect up to your access point and that can help you
to limit people who are wandering by or people who shouldn’t be
accessing your system from getting access.
PB: Another tip on that is if you do have
employees in a law office who are accessing your wireless network in the
office to de-authorize their Mac addresses from whatever device they
were using when they leave the office.
DW: That’s a great tip. Mac addressees don’t
provide permanent or total security for your access points; it’s just
one of the ways that you can secure an access point. Law firm access
over Wi-Fi should really include passwords so that no one can get onto
your network without having a password and they should have an
encryption as well so that transmissions from the access point are
encrypted, it’s not open to anybody who can see it.
PB: Another tip in terms of passwords is changing
the administrative password on your router when you set up the wireless
DW: Yes, unfortunately if you type in the name of
your router in Google and type in admin password you can probably find
the admin password, which is the default for your system. So make sure
that you have changed that password and maybe change the name of your
router. In many cases, when you are trying to connect to a wireless
network, it will tell you the name of the piece of hardware that you’re
going to connect to and it usually has either the provider’s name or
the company’s name. So if you buy a Linksys router for Wi-Fi it may
say that you’re connecting to the Linksys network. So change that to
something that doesn’t scream the name of the product or the name of
your law firm so that it helps to de-identify or maybe make you less of
an attractive target for people who want to hack your wireless.
PB: I know there were some suggestions in some of
the tech magazines that you call your network the virus generating
network to make it less attractive to join.
DW: That’s right - scary can be good.
PB: What about turning off your Wi-Fi network when you’re not using it? Is this an option or no?
DW: I think it can be an option. It tends to be
more complicated than just flipping a switch. I would definitely
suggest that you turn off Wi-Fi on your phone or on your tablet or
laptop because at least that means you’re not broadcasting without
realizing it or connecting to a network without realizing it and
sharing information from your device and obviously that has battery
benefits as well.
PB: It’s also probably a good idea to maintain all of your usual firewalls and things on your other devices.
DW: Absolutely. Be aware of what your device is
sharing. If you’ve got a Windows computer you may have file sharing
turned on. You may also have Windows Media that are looking for
people to share your music work. To the extent that you can turn those
off and take advantage of the public versus private networking
distinctions in your operating system you can stop broadcasting
information about who you are and what’s available.
PB: Great. Thanks a lot.
PB: Thanks Phil.