I was watching a segment on the news in Denver tonight, during which they attempted to give travelers "tips" on keeping their computers safe while using public (unencrypted) wireless (WiFi) connection. The news did a good job of really muddying the issues and even went so far as to state several things that were wrong, so I thought I'd write my own advice on the subject, most of which has been gathered from the school of hard knocks (as well as research that I have conducted over the years).
First, the source of the problem: virtually all "public" WiFi connections rely on unencrypted connections. In other words, when a laptop or other device connects to the public WiFi access point, the signal between the computing device and the access point is not encrypted or secured in any way. This means that a hacker with a device that is capable of "sniffing" the network packets flying through the air can pick up the signal, possibly gathering valuable data.
Keep in mind that although the packets flowing across the wireless network are not encrypted, it is still possible for the computer and the device on the other end of the internet that it is communicating with to encrypt the communication from end-to-end. For example, a web browser that uses a secure (https, also known as SSL) connection encrypts data from the browser all the way to the web server on other end of the connection--and that encryption also applies to the wireless data connection. Hackers will not be able to make anything out of the encrypted data flowing across the wireless connection.
The problem with this approach is that this only applies to data that is flowing from the web browser (or other SSL application), and it only works for the duration of the SSL connection--and only for the application using SSL. Other application data is still vulnerable.
There are a couple of general tips that you can follow to help protect your machine from being "hacked" while in public areas:
1. Only enable your wireless card when you actually use it (many laptops have hardware or software switches that allow you to easily enable/disable the WiFi signal).
2. Make sure your computer has a software firewall installed on it. Windows XP and Vista come with one--make sure it is enabled. You can also install even better firewall software on your machine (providing your corporate policy allows it)--I prefer ZoneAlarm, which is owned by CheckPoint software (one of the leading firewall vendors). There is a version of ZoneAlarm which is free for some types of users.
3. Set up your computer so that it does not automatically connect to "non-preferred" networks. This will prevent your computer from latching on to the first available signal. Some computers will also allow you to specify that it will connect only to access point networks. Some hackers will set up their computers to look like a WiFi access point, and an unprotected computer that connects to one could be vulnerable to hacking.
4. When do you decide to connect to a public WiFi network, use common sense before you connect to a network. Computers will allow you to see the name of all of the available networks in the area, and never pick one that looks too good to be true (like "Free Public WiFi", for example). Most public WiFi networks have intuitive names (like "panerabread", "concourse", etc). Also pay attention to the icon that shows the type of wireless connection--if it looks like another computer (or says "ad-hoc"), don't connect to it. Only connect to actual access points--the icon generally looks like, well, an access point--a box with an antenna on it.
5. It's not a bad idea to disable file- and printer-sharing on your computer, although a good firewall will prevent outside connections unless you specifically authorize them.
6. If you connect to a public network that requires payment, be very careful and judicious when entering your credit card information. Make sure that the connection is encrypted (remember the padlock icon on your web browser?), and make double-sure that you have connected to a legit wireless network.
Once you're connected to the Internet, one way to make sure that all of your communications are secure is to connect to a Virtual Private Network, or VPN. VPNs are generally provided to corporate users as a way to connect from any Internet-enabled location securely--and the way they accomplish this is by establishing an encrypted "tunnel" betwen your computer and the corporate network, across which all network traffic flows.
If you aren't lucky enough to have access to a corporate VPN, there is still an option. There are a number of companies that have launched VPN services to virtually anyone, so that non-corporate users can also benefit from the advantages of VPN security across an unsecure WiFi network. One company that I have used in the past is HotSpotVPN, which charges $8.88 a month for unlimited VPN access (their service even works from an iPhone).
I hope this helps you to make sure that your computer and data stay safe in the wild world of public WiFi networks. WiFi is an amazing technology that has opened up Internet connectivity from virtually any airport, hotel, or coffee shop--and it's a powerful tool, so long as you take care and use it properly.
Wednesday, January 30, 2008
Subscribe to:
Posts (Atom)