Almost everywhere you go there’s free Wi-Fi. From hotels to airports, free Wi-Fi can be found at your favorite fast food restaurant, public parks and even entire communities. The big question however, is how safe is it? Without the proper precautions, it’s not very safe at all.
Part of the problem is that the staff of your favorite fast food joint may be able to make a great burger, but they do not have the expertise or time to be a computer support person. Wi-Fi is a free service that they offer, but their business is to prepare and serve food. So inherently the Wi-Fi must be easy to connect to and not involve the staff’s time. In general this means you are connecting to an unsecured, unmonitored network, where all of your data is going through the air in plain text. If you use an email program like Eudora, or Outlook it means that anyone can see your email and capture your user name and password. If you use your credit card on an unsecured web site, one that does not start with https://, they can see that as well. If you log into an unsecured website, they now have your user name, password and access to your account. Worse yet, there are rogue access points that mimic ("evil twin" networks) or appear to be legitimate access points. When you connect to one of those, everything that you do passes through and can be captured by their computer. I read an article from USA today which stated “At airports like O'Hare, there are literally dozens of rogue networks just waiting to entrap unsuspecting travelers”. What’s really scary is that the software to accomplish this is freely distributed on the internet, bundled with lots of hacker goodies and touted to be “security software”.
This doesn’t mean that you should never use public Wi-Fi; it does mean you need to be aware of the dangers, use caution and common sense. With a little help and the eleven security tips I’m going to give you; you’ll be able to surf with confidence.

1. Turn off ad hoc mode, by default Microsoft Windows has this option set to “any available network”. Under the network properties of your wireless card, pick the advanced tab and change this setting to infrastructure. Ad hoc is a mode that is used for wireless devices to communicate directly with one another. Operating in ad hoc mode allows for peer to peer networking with any device in range of your computer.

2. Make sure that you have a firewall installed and operating on your wireless card. There are lots of inexpensive commercial firewalls out there and one is also included with Windows XP and above. Make sure it’s turned on.

3. Use virus protection, again lots of them to choose from, Symantec and MacAfee are very popular. There are also some very good free ones; if you have limited resources on your computer Clamware is very good. The one I use is called Avast, Avast does an initial scan of your computer. After the scan, all traffic in and out of your computer is scanned automatically.

4. Make sure you password protect your computer. This may sound silly, but many people are not aware of the dangers and do not have a password on their laptops. Without a password, if your computer is physically stolen, all data is fair game. For anyone that knows computers, without a
password, on a public Wi-Fi – trust me I don’t need the physical computer to have access to everything that is on it.

5. Make sure you update your computer on a regular base. Microsoft comes out with patches regularly to fix security issues. The second Tuesday of every month is called patch Tuesday, this is when Microsoft releases all the new updates.

6. Turn off file sharing; by default Windows XP has this turned on. Go to your network properties and uncheck the box that says “File and Printer Sharing for Microsoft Networks”. This does exactly what it sounds like, if this is checked it allows other users to share your files.

7. Be vigilant and aware of the people around you. Anyone who is going to hack your computer will need to be close by; generally within 100’. Remember that this could include someone sitting in a car parked outside.

8. Whenever possible use web-based mail. Most email programs pass data in plain text, including your username and password. Web-based email like Yahoo and Gmail use HTTP Secure (HTTPS). HTTPS adds SSL/TLS encryption protocol and keeps data safe from prying eyes.

9. Make sure that you encrypt files before transferring them. If you need to transfer files either by email or FTP you can encrypt them so that if they are intercepted along the way all the cyber-criminal gets is useless garbage. There are many utilities that not only compress the file, but have the option to encrypt the file as well.

10. Probably the least obvious of the security tips is to make sure you’re connected to a legitimate access point. If you don’t see the sign that offers Wi-Fi, use caution. Check the list of available access points on your computer and make sure you’re connected to the correct one. Make sure your laptop is not setup to automatically connect to any available network.

11. Use a VPN (Virtual Private Network). If you’re a corporate user you probably have heard this term before and may even use a VPN to connect to your office. A VPN creates an encrypted tunnel between you and the terminating device. The beauty of this is that once connected your internet access is now behind your corporate firewall or behind your home router. You can think of a VPN as a cable that runs from your laptop to your office or home. If you don’t have a VPN there are companies that will provide this service on a subscription bases. I would shy away from the free services; many of them reserve the right to alter the web page you are viewing. Nothing is free and these are usually advertising based services. The subscription based services usually run from $10 - $15 a month.
In summary be cautious, be observant; follow the security tips outlined above. There is no reason that you can’t use public Wi-Fi, but think before you click.

D. Baker Senior Wireless Engineer