Recently, I found myself in the parking lot of a church with time on my hands. Booting up a laptop, I was surprised to find an unencrypted WiFi signal available.
Wireless access points (wireless routers) pose a wide range of potential security risks.
Was it a nearby home?
I climbed out of my vehicle, laptop in hand, and started walking around the neighborhood. I found several wireless access points, and all were configured to protect access using Wired Equivalent Privacy (WEP) or WiFi Protected Access (WPA). (You should no longer use WEP because it is too easily cracked.)
All access points were encrypted, that is, except one. One access point was configured to allow anyone to use the wireless connection. The signal became stronger the closer I walked to the administration office of the church.
Not uncommon
Since then, I’ve visited other churches. Several had wireless access points active, and a few were, like my first discovery, not protected.
To folks who engage in wardriving, this is not news.
Neighboring homes and businesses could also be using your internet connection, from surprisingly far away. It’s easy, just pick up a Cantenna online or build one.
What’s the big deal?
So what’s the big deal about having an unprotected wireless access point? In a word, your reputation. Once lost, trust is very difficult to regain.
The opportunity to engage in less than savory activities over a church (or school, or small business, or home) wireless connection might prove irrestible to some. Whether it is browsing web content you wouldn’t want your family to see, or intercepting credit card information passed during online purchases, the potential risk to your organization is significant.
Knock, knock
If law enforcement officers come knocking on a door, it will most likely be the door of the entity owning and operating that wireless access point, not the person who was using your connection.
Substantial public embarassment and damage to your reputation can occur if you are accused of illegal or inappropriate activities. In the eyes of the law, you are innocent until proven guilty, but in the eyes of your community, you may be considered guilty until proven innocent. It takes only one incident to ruin your reputation.
You can find guidance on securing your wireless network online.
Source: PugetPro.com, by permission.
PDF 
Timely post. Been thinking of hooking up a wireless network but I’ve been worried about security. Especially since we know there is at least one unsecured network nearby, and can see how easy it is to hop aboard.
@Sandy, it’s not the wireless nature of the connection that creates vulnerabilities, it is the lack of configuration and active management of the device. Transactions over wired connections can also be intercepted. Don’t let my article scare you away from setting up a wireless connection at home, but do take some time to configure it, enable the firewall in the router, use a strong password/passphrase, and use WPA (preferably WPA2) to secure the wireless connection.
Tom,
What do you think of using a MAC address list to deny any station access but the ones you own? Do you feel this is more or less secure than using WPA encryption keys?
@Angie, I do limit access by MAC address, but this alone won’t keep unauthorized folks out of your network. I think of it as one more lock on the door, but not a particularly strong lock. Why? Because in most implementations, MAC addresses are passed in the clear, i.e., not encrypted. That means they can be harvested and then used to impersonate an authorized node on your network. Note that I use WPA encryption *and* MAC address filtering. Multiple layers are better than a single layer.