Making sure you reach the right wireless network

By Lisa Phifer

Print Story | Email Story
Add to My Digital Landing

Related Articles

• Top 5 laptops
• How to sync files across the Internet with Live Mesh
• Double your workspace with a dual monitor setup
• How to determine if you need a new hard drive
• Understanding Net Neutrality

Wi-Fi makes it very easy to connect to the Internet at home, at work, or on the road. But sometimes Wi-Fi can be a bit too friendly, accidentally connecting your laptop to another wireless user or a nearby neighbor’s network. In this article, we offer a few quick tips on how to keep your laptop safely connected to your very own wireless network.

Finding a wireless network

Imagine that you're picking up a rental car; the agent hands you keys to a Mazda3. You drag your bags to the parking lot only to discover half a dozen Mazda3's parked there. Now what? You look at your key fob to determine your car’s license number and check out each Mazda3 until you find a matching tag.

When your laptop connects to a wireless network, it goes through a similar process. First, it scans the airwaves, looking for all Wi-Fi networks within earshot. Every wireless access point (AP) advertises itself by repeatedly broadcasting a message containing its Service Set Identifier (SSID): a case-sensitive network name such as "linksys" or "tmobile." The SSID helps your laptop find one or more wireless APs that could be used to reach the named network, just as knowing your rental car's make and model helped you narrow your parking lot search down to just a few vehicles. (Watch Digital Landing's video explaining how to set up a wireless network.)

In Figure 1, our Windows XP laptop has overheard three nearby wireless networks, named GuestNet, CompanyNet, and linksys. Over half of wireless home networks are named "linksys" because that factory default SSID is configured into Linksys APs, and many owners don’t overwrite that default SSID with their own chosen value.

Selecting an access point

If your laptop finds just one wireless AP with the desired SSID, its search is over. But what if your neighbor has the same brand of AP and both use the same default SSID? Well, every Wi-Fi device has its own Media Access Control (MAC) address: an eight-digit identifier, such as "00:80:C8:09:BF:DF," used to direct wireless traffic. That MAC address lets your laptop choose and connect to an individual AP when several APs share the same SSID, just as knowing your rental car’s license number helped you determine which Mazda3 had actually been assigned to you.

In Figure 2 (below), our Dell laptop has discovered the same three wireless networks. Upon closer inspection, the Dell TrueMobile Site Monitor reveals that there are two wireless APs using the "linksys" SSID. One AP has the address 00:C1:41:FC:36:59, while the other has the address 00:18:01:E1L2A:CB. When our laptop joins the "linksys" network, Link Status shows that we have connected to the second AP.

Accidents happen

Most wireless connection managers -- including those shown in Figures 1 and 2 -- don't let users select individual APs. Instead, your laptop tries to establish the best possible connection by automatically selecting the AP that advertises the SSID you requested and currently exhibits the strongest signal and/or the fewest errors.

This approach is perfect for laptops in large offices where many APs are used to reach to the same corporate network. By connecting to a single company SSID, laptops can be carried from meeting room to cubicle to cafeteria, while automatically finding, selecting, and reconnecting to the nearest AP without your help.

Unfortunately, this automated approach can lead to accidental connections outside the office. For example, when you connect to "linksys" from the den where your wireless AP is located, chances are excellent that you’ll reach your own network. But when you try to connect to "linksys" from your back bedroom, your laptop could mistakenly connect to your neighbor’s wireless AP. This can happen if your own AP is turned off, or your neighbor’s AP is closer than your own, uses a higher transmit power, or simply encounters fewer physical barriers. The probability of accidental connection increases dramatically if your laptop is configured to connect to "any available wireless network" instead of connecting only to specified network names.

Basic safety

Taking a few simple steps can discourage most accidental connections. First, customize the SSID used by your wireless AP. Like the make of your rental car, SSIDs are no secret – everyone nearby can see them and multiple APs can use them. Just choose a network name that is meaningful to you and likely to be different from your neighbors, like a favorite song title or a friend’s phone number.

Second, configure your laptop to connect to known "infrastructure" networks only, blocking both "ad hoc" connections and automatic connections to any other network. Windows XP laptops can be configured in this fashion using the Wi-Fi connection’s Properties panel Wireless Networks tab as shown in Figure 3 (below). Your laptop will still inform you about all nearby networks it discovers, but it will no longer try to connect to strangers without first obtaining your explicit permission.

Locking your network

Suppose those rental cars had been covered with snow, obscuring their license plates. After grumbling a bit, you would probably have tried your car key in each Mazda3 until you managed to unlock the specific vehicle assigned to you. You can accomplish the same thing with your wireless network, without being able to view or choose an individual AP, by using a Wi-Fi key.

Wi-Fi networks can be locked down in many ways, but we recommend that home APs use Wi-Fi Protected Access (WPA or WPA2) Personal. Whenever your laptop tries to connect to an AP which uses WPA/WPA2-Personal, you will be prompted to enter a PreShared Key (PSK): a case-sensitive alphanumeric password. If the PSK you enter matches the PSK configured into your AP, your connection will succeed. If not, the connection will fail and your laptop may try another AP with the same SSID.

Like your rental car key, your PSK permits authorized use while deterring break-ins and theft. Unlike your network's SSID, your PSK must remain a secret. It is never sent over the air and should only be given to people with permission to use your network. If you ever want to rescind permission, you’ll need to change your PSK. To learn more about choosing a good PSK, refer to "Making your wireless network secure."

Conclusion

In this article, you have learned how to control wireless network access using:

• Your network's name (SSID), to narrow the search;
• Your AP's MAC address, to identify the connection endpoint; and
• Your AP's secret password (WPA-PSK), to restrict access to your network.

Taking simple measures can help you get connected to your own home network and avoid accidentally connecting to neighboring networks. When used properly, they can also prevent your neighbors from using your home network, accidentally or intentionally.

Finally, the steps outlined here can prevent accidents, but they do not offer foolproof protection against attackers bent on tricking your laptop into connecting to a phony AP. Therefore, it is always good practice to disable your laptop's wireless connection when not in use – especially when traveling or working near a public Wi-Fi hotspot.

For more on wireless security, please refer to "Wireless security and the home PC"