How to protect your home network

4. Telecommute through a tunnel
The fourth step, the one that will require you to get help from the office, is to use a Virtual Private Network, or VPN. A VPN creates a digital “tunnel” between your backyard laptop and your office. It’s essentially a special piece of software that’s used to log on to the office network. But the tunnel is fortified with better encryption than WEP — so much better, that most experts think it’s nearly foolproof. The good news is the tunnel that protects data as it travels over the phone line and the Internet to your office also protects it as it flies around the airwaves near your home. When you are sending traffic through the tunnel, it’s nearly certain a hacker can’t sniff it.

“The good thing about a VPN is that it will secure the entire communication path — the wireless link and all the hops across the Internet, right up to the network that you’re remoting into,” said Scott Culp, Program Manager for Security Strategies at Microsoft. All versions of WindowsXP include the desktop software required to connect a virtual private network.

But there is a caveat — the tunnel only protects data that’s destined for the office. Even if you are logged on to the VPN, when you send files around your home network, they are not protected by the tunnel. So for example, when you download a secret company merger document off a server, and look at it on your laptop in at the edge of your swimming pool, the data is protected. But if you beam it to your printer in your home office, it’s not — unless you have followed steps one, two and three.

An exclusive list
There is one additional step Ballard suggested, but it’s only available with some wireless devices. Every computer device with networking capabilities has a unique MAC address, a bit like a serial number. Some wireless devices allow users to create an “authorize MAC address table” which means only devices with these specific serial numbers are allowed on the network. Hackers can “spoof” MAC addresses, effectively telling their computer to impersonate one of yours. But to do so, they will have to somehow learn your device’s serial number — another serious hurdle to overcome.

Investment bankers: Don't go wireless
Still, given all those caveats, most experts will concede that there’s no way to promise 100 percent security for a wireless network. Like any security plan, protecting a home wireless network is more about improving the odds that you’ll be safe than it is about slamming the door around Fort Knox. And in fact, many federal government departments don’t allow wireless networks because of the various security concerns.

“If I was an investment banker working on a corporate merger from home, I probably wouldn’t use a wireless home network,” Thompson said. “You take appropriate steps based on what you are doing.” For most home users, following the four steps above will provide a sufficient level of security, he said.

Reasons for hope
But for those who are really worried about snoopers, there is hope.

Wireless products with an updated encryption scheme, called Wi-Fi Protected Access (WPA), are just now trickling into the marketplace, according to Brian Grimm, spokesman for the Wi-Fi Alliance. As of Aug. 31, all new Wi-Fi products must support WPA to be certified by the alliance — and already about 50 products are.

Hackers haven’t cracked the more complex WPA encryption, Grimm said, so wireless networks using it will be much safer. Most wireless products sold in stores today still include the older WEP, but they will be replaced over time with WPA devices, he said.

Consumers can look on the Wi-Fi Alliance Web site or on compatibility labels at retail stores to see which encryption scheme is included in the wireless device they are buying.

This story was originally published Sept. 29, 2003.