OK, so my favorite local coffeeshop now has Wi-Fi, I’ve ordered a PC card for my laptop, and I’m ready to start surfing in public. But I’m a little unclear on the security aspects . . . Please help!
(1) The laptop in question is running Win 2K Pro; I’m planning to install the Comodo firewall. I still need to read up on how I’ll need to configure that, but obviously I’ll want to set the security level as high as possible for both inbound and outbound traffic, right?
(2) The articles I’m reading seem to agree that ideally a public network should have either WEP or WPA/WPA2; I have a question in to the coffeeshop people about that.
(3) E-mail: Primarily I would be logging in to my Web mail, and that would be the only security issue I would have. My host says they don’t have an SSL version of the Webmail interface. Great. Will the firewall (properly configured) be enough?
(4) The laptop is usually connected to my wired home network. I have a few folders set for sharing on that network. Do I need to disable the sharing when I’m using Wi-Fi, or is that network-specific?
Have I forgotten anything? If you can recommend any good sites for Wi-Fi dummies, that would be great; I’ve done some Googling, but there’s just so much info out there and a lot of it seems to conflict.
Set it high for inbound traffic. The setting for outbound traffic is less important, unless for some reason you anticipate your laptop sending malicious or sensitive traffic without your knowledge.
WPA and WPA2 are reasonably good in securing an WLAN you’re running (in combination with other measures), but can be a hassle for networks like the public WLAN in a coffee shop. WPA/WPA2 usually requires extra configuration on the client (laptop) end (basically, telling the laptop about the key used, and possibly the type of encryption), and are less convenient than simply using an unencrypted connection. At any rate, even with WPA/WPA2, that doesn’t guarantee security, as other computers on the WPA/WPA2-protected WLAN could still be malicious toward your laptop.
No. The firewall protects your laptop from malicious traffic from other computers. It does nothing to protect or encrypt the data you send to other computers. If you’re not using SSL encryption, at some point, your username, password, and any other data you send or receive will be passed, in cear text, across the networks between you and your ISP. SSL or other encryption is very important unless both the client and server are contained within a network (or networks) you trust completely.
You should disable file sharing. This is where your firewall could help. I’m not familiar with your product specifically, but you may be able to configure it to allow and deny file sharing depending on which network you’re connected to. It would be good to disable file sharing manually as well, if it’s not too much of a pain.
Sputnik Agent Standard is now included in DD-WRT firmware. Advanced DD-WRT firmware features include:
Client Isolation
Enables each user in a hotspot to have a private, hence “isolated” session, improving security on public Wi-Fi networks without adding complexity.
Ah, that must be why my user’s group was having trouble at Panera Bread. We were trying to do screen sharing using VNC so we could follow a presentation. But, we were never able to establish a connection to each other.
You could use Mail2Web - it’s a universal webmail app that can connect via SSL to POP3 or IMAP mailboxes and displays the results in a secure web page.
-You’d be running the risk of entrusting your login details to Mail2Web as an intermediary, but they’ve been around a long time and I have not heard any horror stories.
Ugh. You’re conducting business at a public restaurant? Do you have permission from the owners?
Sorry, this is a hotspot of mine since I’ve been table-less at Panera twice because (both times) more than one large table was being hogged by a single laptop user using it as their personal office. This during the dinner hours, mind you.
My apologies if your group actually dines there and does this during the not-so-busy hours.
It’s impolite during the dinner hour, for sure. It’s also impolite to treat free Wi-Fi as a business resource, unless the owners accept it. Some places do, some don’t. You could see if you could do meetings without network access. I know some people find this hard to believe, but computers existed before the public access Internet! (strange but true!) OK, so we did spreadsheets on stone tablets by candlelight…
Hm, well it turns out that the original tech I talked to (via live chat) was talking through his ass, and they do actually have shared SSL available. A different tech (who answered when I e-mailed to ask if they had any plans to ever offer what appears to be a Security 101 service) gave me the alternate URL for shared SSL Webmail. Turns out (and I kind of stumbled on this when I was goofing around trying to figure things out) that I can also just stick the “s” in my regular Webmail URL (httpS:// mail.mydomain.com) and be encrypted. (I get a certificate error because the SSL server name – or whatever it’s called – is different, but it belongs to my host and the tech confirmed that this is OK.)
I was also considering just forwarding all my mail to my Gmail account for the day. Glad I don’t have to deal with that mess.
Uncommon Sense: I had a bit of guilt the other day because I was taking up a 4-top in this very tiny coffeeshop (one of only a few tables near an outlet). But I assured the owner that if it got busy I would move. He said I was fine (he knows me well and we’re good customers), and because it was a nice day there was plenty of room for people on the back deck. And I lent out my extra chairs to people at other tables a few times. So all was good. Usually if I’m planning to loiter all day at an unfamiliar place, I ask at the counter if I’m OK to plug in and suck chais all day, and so far no one has objected. But this isn’t very often.
Thanks very much to each of you for weighing in! Especially One Day Fish Sale for your translation of networking jargon. My card arrives on Thursday, so I hope to go down there on Friday and set it up.
No problem, I understand how a hotspot can be such a “hotspot”.
Our group is a PHP Users Group…not part of a business function. We meet once a month from 7pm - 9pm. Sorta close to dinner hours, but, since we all are eating dinner there, it’s never been an issue. This Panera Bread also has a reserveable meeting room, which we try to get whenever possible. Not only do the owners approve of our meeting there, the last 2 meetings they’ve brought us a very large number of free cookies to share.