The more precautions you take, the better off you'll be.
There are a number of steps that even non-technical users can take to make a wireless network more secure. Some general instructions follow, but you will need to refer to the owner’s manual for your wireless equipment for more specific instructions.
- Use personal firewalls. One of the easiest ways to guard a network from attack is to set up a personal firewall. Top firewall software products include ZoneAlarm Pro, Norton Personal Firewall and McAfee Personal Firewall Plus. If you are running Windows XP, Microsoft’s built-in firewall may already be turned on. Check also with your computer manufacturer to learn if firewall software has already been installed and enabled on your machine.
- Change your name. Most systems use a default SSID (network name) such as “wireless” or “default.” Hackers know that the popular LINKSYS product uses the name “linksys” as its SSID. Be sure to change default names to something unique that will not attract unwanted attention.
- Disable SSID broadcasting. Doing this hides the presence of your wireless network or at least obscures the SSID itself which is critical for a device to connect to your network. By turning off the broadcast SSID function, a hacker will have to guess your network’s name to get in.
- Scramble your data. In order to protect your data from prying eyes, you should scramble or “encrypt” it so that nobody else can read it. Most recent wireless equipment comes with both WEP (wired equivalent privacy) and WPA (Wi-Fi protected access) encryption tools that you can enable. WPA is more robust and should be used if supported by your equipment.
- Block casual intruders. Each network device has a unique identifier called a Media Access Control (MAC) address, similar to a serial number. Some wireless devices allow users to create an “authorize MAC address table” which means only devices with serial numbers you’ve approved are allowed on the network.
Remember that even with all these steps, there’s no way to guarantee 100 percent security for a wireless network. Since protecting your wireless network is all about improving the odds that you’ll be safe, the more steps you decide to take the better off you’ll be.
For further ways to protect your wireless network consult a qualified network specialist. Listings of local consulting firms are found online or through the yellow pages.
You may also visit your computer manufacturer’s Web site or call the consumer technical support line for assistance setting up a firewall and other security measures. Wireless service providers also offer helpful information on their Web sites on how wireless works and additional ways to secure your computer.
The Federal Trade Commission created the Web site Fighting Back Against Identity Theft, a one-stop resource to learn more about the crime of identity theft and the many resources available to consumers and businesses.
Board of Legislators
Section 1. A new Article XXV shall be added to Chapter 863 on the Laws of Westchester County to read as follows:
ARTICLE XXV. Public Internet Protection Act
Sec. 863.1201. Definitions
1. “Public Internet access” shall mean any commercial business that offers Internet access to the general public whether for a fee or free of charge.
2. “Commercial business” shall mean any entity physically located in Westchester County that: (a) for profit, offers goods or services for sale, (b) stores personal information electronically; and (c) has wireless networks.
3. “Personal information” shall mean information in combination with any one or more of the following data elements, when either the personal information or the data element is not encrypted (translated into private code) or encrypted with an encryption key that has also been acquired:
(a) social security number;
(b) bank account number, credit card or debit card number, in combination with any required security code, access code, or password which would permit access to an individual’s financial account.
4. “Minimum security measures” shall include, but not be limited to: (a) installing a network firewall; (b) changing the system’s default SSID (network name); or (c) disabling SSID broadcasting.
5. “Wireless network” shall mean a connection with the Internet without needing to attach cables to one’s computer.
6. “Network firewall” shall mean a hardware device, software program or a combination of the two that protects a computer network from unauthorized access.
Sec. 863.1202. Security of Personal Information
1. Any commercial business that stores, utilizes or otherwise maintains personal information electronically shall be required to take minimum security measures as defined herein to secure and prevent unauthorized access to all such information.
2. Commercial businesses that additionally provide or offer public Internet access shall conspicuously post a sign in the area where such Internet access is located stating:
For your own protection and privacy, you are advised to install a firewall or other computer security measure when accessing the internet.
Such sign shall be designed, produced and distributed by the department of weights and measures at no cost and shall, at a minimum, be printed in 14 point bold type on a placard measuring 8.5 inches in height by 11 inches in width.
Sec. 863.1203. Public education effort
The Westchester County Department of Weights and Measures, in conjunction with the Westchester County Department of Information Technology shall institute a public education program which shall inform and educate both the general public and the providers of public Internet access regarding the implications of this Local Law, including the need for network security measures in places of public accommodations. This public education program shall also include information to assist the general public in protecting themselves from the potential of identity theft through the use of wireless network connections regardless of where such connections originate. Such information shall also be made available through the official Westchester County government Web site.
Sec. 863.1204. Enforcement and Penalties
1. The provisions of this article shall be enforced by the Westchester County Department of Weights and Measures.
2. A first violation of any provision of this Article shall result in a warning by the Westchester County Department of Weights and Measures which shall state that the offender has thirty (30) days to address the violation. Failure to address the violation within the thirty day period shall constitute a second violation.
3. For a second violation of this Article, a civil penalty of two hundred and fifty hundred dollars ($250.00) shall be imposed. For the third and succeeding violations, a civil penalty of five hundred dollars ($500.00) shall be imposed for each single violation. No civil penalty shall be imposed as provided for herein unless the alleged violator has received notice of the charge against him or her and has had an opportunity to be heard.
Sec. 863.1205. Severability
If any section, subsection, sentence, clause, phrase or other portion of this local law is, for any reason, declared unconstitutional or invalid, in whole or in part, by any court of competent jurisdiction such portion shall be deemed severable, and such unconstitutionality or invalidity shall not affect the validity of the remaining portions of this law, which remaining portions shall continue in full force and effect.
Section 2. This Local Law shall take effect one hundred and eighty (180) days following its enactment.
Because of the very nature of wireless communications – that they occur in the open air and can be easily intercepted – Wi-Fi networks are more vulnerable to security problems than wired forms of networking. Hackers or intruders don’t need physical access to your hardware to disrupt operations. Anyone within radio range can theoretically tap into your wireless network and steal confidential data. This means that intruders may be sitting in your parking lot or in the apartment complex across the street.
Anyone who uses a wireless network should understand the potential risks:
- Freely available tools allow anyone to pinpoint insecure networks. Intruders inside your network may corrupt your data, consume network bandwidth, reduce network performance, launch viruses and attacks that prevent authorized users from accessing the network, or even attack other networks.
- Exploiting wireless networks is one of the many ways hackers can gain access to your personal information and commit identity theft. In 2004, 9.3 million Americans — or one in every 23 adults — were victims of the crime, according to the Better Business Bureau and Javelin Strategy and Research. A survey by the Federal Trade Commission estimates that identity theft crimes tallied $52.6 billion in costs in 2004.
- While there are security features built into wireless networking products, most manufacturers turn them off by default because it makes the networks easier to set up. This effort to make wireless networking more user-friendly has rendered most equipment completely insecure from the moment it comes out of the box.
- Part of the problem is that most software and service providers responsible for installing wireless equipment have no incentive to advise users of the risks. That is why Westchester County is encouraging both residents and businesses to take a proactive stance in safeguarding their networks from possible intruders.
Use these additional resources to learn more about how to prevent becoming a victim of identity theft -- or to help you if you're experiencing it's devastating affects.
American Bankers Association
Useful tips from the ABA Education Foundation on how to protect your financial information, including a concrete list of practical steps you can take.
AnnualCreditReport.com
This central site allows you to request a free credit file disclosure, commonly called a credit report, once every 12 months from each of the nationwide consumer credit reporting companies: Equifax, Experian, and TransUnion.
Call For Action
Call For Action, Inc. (CFA) is an international, nonprofit network of consumer hotlines affiliated with local broadcast partners. Services are free, confidential and available to individuals as well as small businesses.
Federal Trade Commission
This site provides a primer on identity theft as well as helpful advice on how to protect your personal information.
FTC Info on Free Credit Reports
The Fair Credit Reporting Act (FCRA) requires each of the nationwide consumer reporting companies — Equifax, Experian, and TransUnion — to provide you with a free copy of your credit report, at your request, once every 12 months.