views:

710

answers:

17

Obviously there are security reasons to close a wireless network and it's not fun if someone is stealing your bandwidth. But how much of a problem is this?

To address the first concern: Does a device on the same wireless network have any special privileges or access that an other device on the internet has? (Assume the wireless network is connected to the internet.)

The second seems like a community issue. If your neighbor is stealing bandwidth, you'd act just as if he were "borrowing" water or electricity. First, talk to him about the problem and if that doesn't work, go to the authorities or lock stuff up. Am I missing something?

+4  A: 

I don't think the biggest problem is just someone stealing your bandwidth, but what they do with it. It's one thing if someone uses my wireless network to browse the Internet. It's another thing if they use it for torrenting (I find that slows down the network) or any illegal activities (kiddy porn? not on my network you don't).

Thomas Owens
+11  A: 

Bruce Schneier is famous for running an open wireless network at home (see here). He does it for two reasons:

  1. To be neighborly (you'd let your neighbor borrow a cup of sugar, wouldn't you? Why not a few megabits?)
  2. To keep away from the false sense of security that a firewall gives you. In other words, it forces him to make sure his hosts are secure.

Personally, I would never run an open wireless network for one reason: accountability. If someone does something illegal on my network, I don't want to be held accountable.

Josh Hinman
I'm not sure you would be held accountable. You certainly wouldn't if your system was protected with a password and someone hacked into it. Now, if you also open up your remote drives for people to download onto - well, that's another matter.
Dmitri Nesteruk
In sweden there are a new law "IPRED" that will make you accountable for whats happens on your system. So I know my mother and grand mother will be in prison soon. They will have no clue what happends.
Stefan
Until your post.
JoshJordan
+2  A: 

Yes you are, your wireless router also doubles as a firewall preventing harmful data from the Internet, by letting one of your virus-infected neighbors in on your wlan you're essentially letting him bypass that.

Now, this shouldn't be a problem in an ideal world since you'd have a well-configured system with a firewall but that's certainly not always the case. What about when you have your less security minded friends over?

Not to mention the legal hassle you could get yourself into if one of your neighbors or someone sitting with a laptop in a car close enough starts browsing kiddieporn.

Markus Olsson
A: 

Why would you not want to use WEP or WPA?

Alasdair
+1  A: 

For most people, the wireless access point is a router that is acting as a hardware firewall to external traffic. If someone's not on your wireless network, the only way they'll get to a service running on your machine is if the router is configured to forward requests. Once a device is behind the router, you're relying on your computer's firewall for security. From a "paranoid" layered security standpoint, I'd consider an open wireless network in this scenario to be a reduction in security.

I've met a lot of people that leave their networks open on purpose, because they feel it's a kind of community service. I don't subscribe to that theory, but I can understand the logic. They don't see it as their neighbor stealing bandwidth because they feel like they aren't using that bandwidth anyway.

OwenP
+2  A: 

I feel it all has to due with population density. My parents own a big plot of land nearest neighbor is .5 mile away. To me it doesn't make sense to lock a wireless router down. But if I lived in a apartment complex that thing will be locked down and not broadcasting it's ID.

Now at my house I just don't broadcast my ID and keep it open. The signal doesn't travel further then my property line so I am not to worried about people hijacking it.

RedWolves
I have a Linux equipped laptop that I fondly refer to as my "Hacktop" that I use for (white hat) network penetration testing. It takes less than a second to find non SSID broadcasting networks, 10 seconds to bypass mac filtering, less than 45 seconds to break 64-bit WEP networks, less than 70 seconds to break 128-bit WEP networks and if the password is any basic/intermediate level permutation of a dictionary word regardless of language a WPA/WPA2 network can be had in under 40 seconds if I know the name before hand, 15 minutes tops otherwise. The homemade antenna can reach up to a mile.
Peter Hanneman
The point is secure your network - with freely available tools anyone computer savvy or not can build an antenna that can peer far beyond the normal bounds and infiltrate your network executing any number of devastating attacks. Better safe than sorry.
Peter Hanneman
+2  A: 

I would actually disagree with Thomas in the sense that I think bandwidth is the biggest problem, as it's unlikely there are many dodgy people in your area who just so happen to connect to your network to misbehave. It's more likely I think that you'll have chancers, or even users who don't fully understand wireless, connecting and slowing down your connection.

I've experienced horribly laggy connections due to bandwidth stealing, a lot of the problem is with ADSL - it just can't handle big upstream traffic; if a user is using torrents and not restricting the upstream bandwidth it can basically stall everything.

kronoz
A: 

@kronoz: I guess it depends on where you live. Only two houses are within reach of my wireless network, excluding my own. So I doubt that small number of people can affect my bandwidth. But if you live in a major metro area, and many people are able to see and get on the network, yeah, it might become a problem.

Thomas Owens
+1  A: 

Following joshhinman comment, this is a link to an article where he explains why he has chosen to leave his wireless network setup open.Schneier on Open Wireless

This guy is probably the most famous security expert at the moment, so it worths having a look at what he has to say.

Iker Jimenez
+1  A: 

As far as the security aspect goes it is a non issue. An open network can allow a determined person to 'listen' to all your unencrypted communication. This will include emails - probably forum posts - things like this. These things should never EVER be considered secure in the first place unless you are applying your own encryption. Passwords / Secure log in to servers will be encrypted already so there is no benefit to the encryption while the packets are in the air. The advantage comes when, as others have mentioned, users perform illegal actions on your access point. IANAL but it seems some corrolations can be drawn to having your car stolen and someone commits a crime with it. You will be investigated and can be determined innocent if you have some alibi or logs showing your machines were not responsible for that traffic.

The best solution to the hassle of using a key for the home user is to restrict the MAC addresses of the computers that can connect. This solves the problem of having un-authorized users (for all but the most advanced at which point your PW likely won't help you either) and it keeps you from having to input a long key every time you need to access something.

Thomas
See my comment above on RedWolves' post - MAC filtering is a joke.
Peter Hanneman
+1  A: 

Personally, I would never run an open wireless network for one reason: accountability. If someone does something illegal on my network, I don't want to be held accountable.

The flip side of this is deniability. If the government or RIAA come knocking on your door about something done from your IP address you can always point to your insecure wireless connection and blame someone else.

Chris Upchurch
A: 

It is so easy to lock a wireless router down now, that I think a better question is why not lock it down?

The only reason I can think of is if you had a yard large enough so that your neighbors can't get a signal and you frequently have visitors bringing devices into your home (since setting them up can be a chore).

Note that I'm saying both of those things would need to be true for me to leave one open.

JosephStyons
A: 

Personally, I would never run an open wireless network for one reason: accountability. If someone does something illegal on my network, I don't want to be held accountable.

The flip side of this is deniability. If the government or RIAA come knocking on your door about something done from your IP address you can always point to your insecure wireless connection and blame someone else.

I would argue that anyone who is running a network is responsible for the actions of all people who use it. If you aren't controlling use, then you are failing as a network administrator. But then again, I'm not a lawyer, so...

Thomas Owens
pretty much every commercial wifi hotspot in the world works this way. so why should someone be liable for doing the same thing merely because they don't charge?
frankodwyer
A: 

As it turns out, when I switched DSL service, the wireless router the company provided is secured out of the box. So unless I add the old router to my network, it will be secured.

On the other hand, it was very convenient to "borrow" a few hours of network time from neighbors while I was waiting for the technician to stop by and install the service. Looks like this might not be an option soon, however.

Jon Ericson
+1  A: 

I wish people would stop referring to an open network as 'insecure'. A network is only insecure if it doesn't meet your security requirements - people need to understand that not everyone has the same security requirements. Some people actually want to share their network.

An open network is open. As long as you meant that to be the case, that's all it is. If your security policy doesn't include preventing your neighbors from sharing your bandwidth, then it's not a security fault if it allows them to do that, it's faulty if it doesn't.

Are you liable for other's use of your 'insecure' network? No. No more so than your ISP is liable for your use of the Internet. Why would you want it to be otherwise? Note, by the way, that pretty much every commercial WiFi hotspot in the world is set up in exactly such an open mode. So, why should a private individual be held liable for doing exactly the same thing, merely because they don't charge for it?

Having said that, you do have to lock down your hosts, or firewall off an 'internal' portion of your network, if you want to run fileshares etc internally with such a setup.

Also, another way to deal with 'bandwidth stealing' is to run a proxy that intercepts others traffic and replaces all images with upside down images or pictures of the Hof. :-)

frankodwyer
A: 

My biggest concern is there there is never too much bandwidth so a decision to share it is only acceptable if I can somehow guarantee that other people do not use more than, say, 5% of my total bandwidth. Which may or may not render my connection useless to other people, depending on what they mean to do with it.

Dmitri Nesteruk
A: 

As most wireless standards are very hackable I can understand the logic behind not securing it, as it removes the false sense of security that wireless security provides.

However, in NZ bandwidth is expensive; I cannot afford for randoms to leech that off me. As the vast majority of people don't have a clue regarding hacking wireless connections having this admitedly pitiful defense wards of most of the lazy.

If anyone cares enough they can hack my crappy WEP encryption and get themselves some free Internet and free leech until I care enough to stop them. Then I'll upgrade to something better (white-listed MAC addresses, say) which will be harder for them to hack, and the cycle will begin anew.

SCdF