Verizon’s Dangerous Internet Setup
First off, let me just state that the ordering of DSL from Verizon was a surprisingly painless procedure. The support and sales people I talked to were courteous and helpful. I called up to get a “dry loop” (no phone service) DSL line, and they got me squared away (with one small error in my address, which was quickly remedied). I took their installation kit, followed directions, and had working Internet in about an hour. From first call to them to surfing the Internet took about ten days.
However, I’ve noted that Verizon leaves people in a bit of a precarious situation. Let’s have a tech dissect the procedure:
Windows Firewall is disabled. In order to get things working, they tell you to disable any firewall programs. They don’t force you to do so, but tell you to do so to prevent issues during setup. Fair enough. However, in the beginning they also just mention that you should re-enable the firewall post-setup — and never remind you. Net result: many will probably leave the firewall disabled. Sure, they offer security suites for free, which often come with their own firewall, but it’s still a risky way to leave the customer.
Wireless networking is by default ON. I ordered their wireless DSL modem, on the recommendation of one of the folks at Verizon. However, they shipped it with the wireless networking on. This may be a nitpick, but it seems to me that they should ship this off, and ask if it should be set to on. That, or make sure the next doozy isn’t the case…
Wireless networking uses WEP. This one is unacceptable. Wireless networking is on, with encryption set to WEP. I believe they might have set a WEP key, with the key printed on a sticker on the bottom of the unit, but WEP must die. It’s not secure. It only gives the illusion of security to the less tech-savvy. WPA was available, but not WPA2. (Read why I care.)
No suggestion to change default password on the router. This is another no-no. After running setup, I was able to get straight online with no issues. This was all fine and good, but I knew that there was a password on the router, and that it’d be a good idea to change. Sure enough, there was, AND it was a default user / password that’s available for all wireless routers of the same make and model. I had to dig around in Help on Verizon’s web site for details on this, as they didn’t provide that in the installation kit documentation. In fact, they never mention it.
So, many a new Verizon user may end up having a fairly insecure wireless network, with a default password on the router and no firewall. It would be pretty trivial for someone to come along, wardrive to find my access point, crack the WEP, and start listening in on all my IM and email conversations. Or worse, hack my PC. Plus, once on the network, if I hadn’t changed the password to my router, they could easily pop in there and break my wireless network access altogether. They could theoretically do all of this inside of half an hour — which, incidentally, I might spend in the initial setup. Plus, if they were on the network, they could technically capture plaintext passwords, which include things like IM, message boards, email, and site logins.
I understand Verizon’s challenge: they have to provide rather technically detailed service to people who are unfamiliar with it. In that regard, I think their setup kit does very well. I think most people could take this kit, follow the instructions, and be up and running online in little time. However, the next step is security: getting people to actually secure their network should be of vital importance, both to Verizon and the customer. People like to believe that their Internet surfing is private. With Verizon opting for this sort of setup, people are getting wireless networks online, without realizing how very insecure they might be. What’s more, since Verizon is setting them up in this manner, their customers will just tend to trust that Verizon has set things up acceptably. It’s that validation from a position of authority thing: people will think they know better.
So, I leave off with a dual message: Verizon, focus more on security. Consumers: get better educated. Of course, I think Verizon should also step up the hardware side of things. Where’s the WPA2 support? WPA is so 2003. I think I’m going back to my old wireless gear.
