In-Home Wi-Fi: To Secure or Not to Secure?

I recently set up a new Wi-Fi router within my home, and the decision of whether or not to secure it was a no-brainer for me: absolutely, most definitely.

But apparently, that choice is not so obvious to everybody, including security guru Bruce Schneier, who feels that “providing Internet access to guests is kind of like providing heat and electricity, or a hot cup of tea.” (Schneier is a past contributor to CSOonline.com, the website of CIO sister publication CSO.) Mr. Schneier notes that he appreciates it when open networks are available to him in places where he is otherwise unconnected, and suggests that if we’re all “polite” there’s no problem with leaving personal Wi-Fi networks unsecured.

Schneier’s main reasoning behind his decision to leave his home Wi-Fi network unsecured is that he configures his personal computers—and, presumably, whatever other devices he uses to connect to his wireless network—to be secure regardless of the networks they connect to, public or private. So Wi-Fi security is a non-issue for him.

He also points out that spammers and others looking for free Internet access are probably more likely to go sit in a comfy chair at one of the many Starbucks or other corner coffeehouses to perpetrate their misdeeds, as they can be just as anonymous in those locales as they can outside your window, and they wouldn’t need to waste gas keeping their engines running.

I largely agree, but I can think of at least one problem with that theory. According to new research from folks at Indiana University and the Institute for Scientific Exchange in Torino, Italy, criminals looking to exploit wireless routers could create an attack that would piggyback across thousands of Wi-Fi networks in urban areas in cities like New York or Chicago. That means that those very same Starbucks networks that seem so harmless now could be used to distribute attack code and install worm-like firmware on Wi-Fi networks in range–yours, perhaps–that would order them to infect additional networks, creating a sort of Wi-Fi attack domino effect. Networks secured with default passwords could be cracked and infected, taking over as many as 20,000 routers over two weeks, the researchers said. Even Wi-Fi networks protected with the Wireless Equivalent Privacy (WEP) algorithm could be cracked, though networks protected with the WPA protocol are currently considered “impossible to infect” in this way, according to the research.

I also can’t help but think about the “layered approach to security” I’ve read about so frequently in CSO magazine and on other security sites. The goal of such an approach is to set up a number of safeguards so that if the bad guys find a way through one of them, there are two or three more hurdles they must overcome before they can access your systems or facilities.

I appreciate Schneier’s opinion that securing his home Wi-Fi network “isn’t worth it,” but I think I’ll still play it safe. I have securely configured my notebook, but as Schneier points out, there are always flaws in any and every security measure, so I appreciate that extra layer the WPA protocol affords me.

How about you? Do you secure the Wi-Fi network at your home? If so, how? And if not, why not?

AS