10.0.0.1

Best Ways to Safeguard Your Data at a Public Wireless Hotspot

Wi-Fi hotspots present a special set of security issues, notably unknown computers sharing the same local network with you. Unlike home or office networks, most public hotspots in hotels and cafes broadcast their SSIDs, lack WEP or WPA encryption, and don't bother with MAC address filtering. After all, turning on any of these functions would negate the "public" aspect of hotspots.

That said, even if they used closed networks and encryption, making customers go through hoops to get connected, there would still be no way to tell a "legitimate" client from a "malicious" one out to hack other customers' data. Anyone with a credit card can sign up for hotspot service. So what can you do to protect yourself at a public hotspot? Plenty...

1. Make sure you're connected to a legitimate access point! This first step is probably the least obvious, but one of the most important. Rogue access points in public areas have been springing up that have the same SSID as what you'd expect (such as "Wayport" or "tmobile"), but really connect directly to hijackers' databases to collect the passwords and usernames you use to sign in. Even worse, they can collect credit card data from people who sign up for new accounts.

So don't connect in places where there is no sign for a legitimate provider, and check the list of available SSIDs to make sure you are connected to the right one. Don't set your wireless card to connect automatically to any available network. Turn off the ad-hoc mode (which lets other clients connect directly to you!). And turn off your Wi-Fi card entirely as soon as you are done.

2. Encrypt sensitive data. As you beam emails from your laptop to the wireless access point and back, or as you enter your username and password to check your bank account balances someone nearby can be intercepting those packets of data as they fly by. Much of the information -- even information that you might think should be encrypted -- is sent in clear text. That means that the person intercepting those packets may be able to read your emails or learn your passwords.

While data sent to and from secure Web sites (those starting with https:) is generally protected, you can also use encryption in other contexts. If you are sending a sensitive file via email, for example, encrypt it first with a password. Most file compression programs, such as Allume's StuffIt Deluxe, offer encryption, and there are numerous freeware and shareware encryption programs as well.

3. Use a Virtual Private Network. One of the best ways to protect your data when using a public wireless network or hotspot is to use a virtual private network (VPN), such as JiWire SpotLock. A VPN establishes a private network across the public network by creating a tunnel between the two endpoints so that nobody in between can intercept the data. Many companies allow remote users to connect to corporate networks as long as they use VPN. This keeps the users' communications just as secure as if they were sitting at a desk in the building.

If you don't have a corporate VPN, you can be secure at any hotspot using JiWire SpotLock. SpotLock's IPSec VPN is supported by almost all wireless routers, both public and private, and SpotLock also includes full Wi-Fi connection management.

Top 10 Security Tips for Public Hotspots Make sure you're connected to a legitimate access point. Encrypt files before transferring or emailing them. Use a virtual private network (VPN). Use a personal firewall. Use anti-virus software. Update your operating system regularly. Be aware of people around you. Use Web-based email that employs secure http (https). Turn off file sharing. Password-protect your computer and important files. 4. Use a personal firewall. When you connect to a public wireless network you are joining a local network with other unknown computers. Having these computers on the same IP subnet makes them more dangerous than machines elsewhere on the Internet. Machines in your network and subnet range are able to more easily capture traffic between your computer and the wireless access point or attempt to connect with your computer and access your files and folders.

To protect your computer you should run a personal firewall program. There are many excellent choices. Some, such as Zone Labs ZoneAlarm, Kerio's Personal Firewall, and the built-in Windows XP Firewall are available for free for home or personal use. You should not install them on your corporate laptop, however, without purchasing the proper licensing or consulting your IT manager. Security software vendors such as Symantec and McAfee also make commercial personal firewall products.

A personal firewall will help you restrict the traffic allowed in and out of your computer. This protects you not only from attacks that originate outside of your network, but also those from other computers on the same network. Personal firewall software generally monitors both incoming and outgoing traffic, as well as applications trying to interact with other system processes or with the operating system. Should your computer somehow become compromised with a Trojan horse or backdoor program, a personal firewall application should flag the unusual communication attempts and alert you. Make sure you take the time to familiarize yourself with the product you choose and configure it properly to get the maximum protection without getting in the way of legitimate traffic and applications.

5. Use anti-virus software. When you are on your home network or even on your company network you can operate with a fair assurance that the other machines on the network with you are at least as protected as yours is against viruses and other malicious code. When you connect to a public network you have no such assurance. Suddenly it is more important than ever to have antivirus software installed.

Of course, antivirus software is only as good as its last update. If you updated your antivirus software a month ago there are probably at least 10 and maybe 50 or more new viruses, worms and other malware that you aren't protected against. Make a special effort to go to the vendor's Web site and download the latest update any time you hear about a new high-risk or fast-spreading threat, and take advantage of the auto-update features now found in most such programs.