The Take Control people at TidBITS Electronic Publishing have scored another winner with their recent ebook, Take Control of Your Wi-Fi Security. If you use a Wi-Fi equipped laptop, even a Windows PC, you absolutely need to read this book. If you use a Wi-Fi network at home, especially in an urban or suburban neighborhood, you absolutely need to read this book. If you run a business Wi-Fi network, you absolutely POSITIVELY need to read this book.
So WHY do you need to read Take Control of Your Wi-Fi Security? If you never read the papers, or browse web sites, you may be one of the few computer owners who don’t know about identity theft, or stolen credit card numbers. While online shopping has burgeoned in the past few years (do the names Amazon.com or eBay ring a bell?), so have problems with computer security.
The exploding popularity of public wireless connections, both pay and free, has exposed unprotected mobile computers to password and credit theft, as well other nasty forms of hacking. Most average Joes and Janes who use a free wireless hookup have no idea how vulnerable they may be to theft or invasion.
Teaching people about computer security is a complex subject, rife with geekiness, technospeak and acronyms. It’s tough to find a balance between technical explanations and simple “do this and don’t do that” is tough.
Fleischman and Engst walk this tightrope well, generally speaking.
Take Control of Your Wi-Fi Security (TCoWiFi for short) is excellently organized, beginning with a Wi-Fi Quick Start, and a Determine Your Security Risk section. I like this presentation, as it allows the average reader to immediately find out how much of a problem he/she has. Wireless home users who live on large lots in rural areas will learn they really have little security risk, whereas home wireless users in densely populated area will find out just how exposed they really are.
TCoWiFi will lead you through an analysis of your setup. If you never purchase anything online, and your email and surfing don’t contain any valuable personal data, then it may not be worth the trouble to take the time and possible expense to lock down your Wi-Fi setup. Conversely, if you run a small office wireless network, or do lots of important commercial email and web browsing, you are in serious danger if you don’t protect both your wireless network and your authorized users.
A critical part of WiFi security is encryption. TCoWiFi discusses various types of encryption, from simple password encryption, to public key encryption, secure SSH sessions and Virtual Private Networks. After reading numerous explanations of public key encryption theory, even those supposedly targeted at laypersons, I’ve come to the conclusion there is no easy way to explain encryption. Having said that, Engst and Fleischmann come the closest to a quick and easy description of how public key encryption works. But, if you don’t care about the theory, and just want to know how to use it, TCoWiFi will get you running in short order.
WiFi has become cheap and simple enough to operate, so that small business owners can install and run Wi-Fi networks instead of spending the money for an expensive consultant and wired setup. The drawback is that an insecure network puts not only the business at risk; it jeopardizes the customer data as well. TCoWiFi goes into enough detail to help a small business with some reasonable amount of computer savvy to take basic precautions to protect both the business and the customers. You don’t want your customers to read in the papers about your business being hacked, with the theft of thousands of credit card numbers.
Personally, if I were installing my own business Wi-Fi network, I’d use TCoWiFi to educate myself, and then be able to ask the right questions when I choose a consultant for the actual installation and setup.
Performing A Security Audit is a fascinating chapter. You learn how to don the “black hat” temporarily, and try to break into your own network. If you can break into your own setup, without being an expert, then you know you’re dead meat when a real hacker tries to penetrate your network or computer.
The TidBITS folks have evolved a near-perfect format for their publications. Like any good Mac application, the user interface adheres to the Take Control guidelines. The layout is always logical and you can navigate easily from section to section.
I had few complaints about TCoWiFi. My main complaint stemmed more from learning that my email ISP is not security friendly. After performing the test outlined on page 39 to see if GoDaddy.com, my email ISP, supports SSL connection for my POP email client (Entourage 2004), I was annoyed to find that the ISP does not. A call to Tech Support produced the reply “Oh no, only the military encrypts email passwords. We don’t do SSL with our POP/SMTP email accounts.” That answer raised the BS flag immediately.
I would have loved a summary of commercial email providers who do provide security-friendly email accounts. Also, details on how to use Google’s free secure POP/SMTP email accounts would have been wonderful.
Conclusion. If you use Wi-Fi, either at home or on the road, this could be the best $10 you spend. Password and identity theft is serious. Learning how to take basic precautions is not hard; you don’t have to learn the security theory, just the practice. If you want to learn the theory from a layperson’s point of view, Take Control of Your Wi-Fi Security will get you started.