Tip of the Day Blog
    The Web
« My Pictures folder as a screensaver | Main | Meebo »

How to protect yourself at wireless hot spots


Preston Gralla

January 04, 2007 (Computerworld) Wi-Fi hot spots in airports, restaurants, cafes and even downtown locations have turned Internet access into an always-on, ubiquitous experience. Unfortunately, it also means ubiquitous, always-on security risks.

Connecting to a hot spot can be an open invitation to danger. Hot spots are public, open networks that practically invite hacking and snooping. They use unencrypted, insecure connections, but most people treat them as if they are secure, private networks.

This could allow anyone nearby to capture your packets, and snoop on everything you do when online, including stealing passwords and private information. In addition, it could also allow an intruder to break into your PC without your knowledge.

But there’s plenty you can do to keep yourself safe — and I’ll show you how to do that in this article. If you follow these tips, you’ll be able to make secure connections at any hot spot.

Disable ad-hoc mode

Little-known fact: You don’t need a hot spot or wireless router in order to create or connect to a wireless network. You can also create one using ad hoc mode, in which you directly connect wirelessly to another nearby PC. If your PC is set to run in ad hoc mode, someone nearby could establish an ad-hoc connection to your PC without your knowing about it. They could then possibly wreak havoc on your system and steal files and personal information.

The fix is simple: Turn off ad hoc mode. Normally it’s not enabled, but it’s possible that it’s turned on without your knowledge. To turn it off in Windows XP:

  1. Right-click the wireless icon in the System Tray.
  2. Choose Status.
  3. Click Properties
  4. Select the Wireless Networks tab.
  5. Select your current network connection.
  6. Click Properties, then click the Association tab.
  7. Uncheck the box next to “This is a computer-to-computer (ad hoc) network”.
  8. Click OK, and keep clicking OK until the dialog boxes disappear.

In Windows Vista, there’s no need to do this, because you have to take manual steps in order to connect to an ad hoc network; there’s no setting to leave it turned on by default.

Turn off file sharing

Depending on the network you use at work or at home, you may use file sharing, to make it easier to share files, folders and resources. That’s great for when you’re at a secure network —- but when you’re at a hot spot, it’s like hanging out a sign saying “Come on in; take whatever you want.”

So make sure that you turn off file sharing before you connect to a hot spot. To turn it off in Windows XP, run Windows Explorer, right-click on the drives or folders you share, choose the Sharing and Security tab, and uncheck the box next to “Share this folder on the network.”

Figure 1
Protect yourself by turning off file sharing (Click image to see larger view)

If you’re a Windows Vista user, it’s even easier. When you connect to a hot spot, designate it as Public. When you do that, Windows Vista automatically turns off file sharing. You can also turn off file sharing manually. Choose Control Panel—>Set up file sharing, click “File sharing” select “Turn off file sharing” and click Apply. Then click “Password protected sharing,” select “Turn off password protected file sharing” and click Apply.

Turn off network discovery

If you’re a Vista user, a feature called network discovery makes your PC visible on a network, so that other users can see it and try to connect to it. On a private network, this is useful; at a public hot spot, it’s a security risk. When you connect to a hot spot and designate the network as Public, network discovery is turned off, so again, make sure to designate any hot spot as public.

However, you can also make sure that Network Discovery is turned off for your hot spot connection. When you’re connected, choose ControlPanel—>View network status and tasks. Then in the Sharing and Discover section, click the Network discovery button, choose “Turn off network discovery” and click Apply.

Figure 2
Vista users should turn off Network Discovery for maximum safety (Click image to see larger view)

Encrypt your e-mail

When you send an e-mail at a hot spot, it goes out “in the clear,” in other words, unencrypted, so that anyone can read it. A lot of e-mail software allows you to encrypt outgoing messages and attachments. Check how to use yours, and then use it at a hot spot. In Outlook 2003, select Options from the Tools menu, click the Security tab, and then check the box next to “Encrypt contents and attachments for outgoing messages.” Then click OK.

Figure 3
Encrypting outgoing e-mail in Outlook 2003 (Click image to see larger view)

Carry an encrypted USB flash drive

USB flash drives are cheap, and getting cheaper by the day. For about $50, you can buy a 2 GB flash drive, which is more than enough space to carry Windows, the applications you use, and the data you need. Make sure to get a drive that can use encryption. Then install Windows, your applications, and your data on it.

On your laptop, keep no private data on your hard drive. When you connect at a hot spot, boot from your USB drive. That way, even if someone somehow gets into your PC, they won’t be able to read or alter any of your data, because the data is encrypted on the USB drive.

Protect yourself with a virtual private network

Most hot spots are not secure and don’t use encryption. That means anyone with a software sniffer can see all of the packets you send and receive.

But you don’t need to rely on the hot spot for encryption. You can use a for-pay virtual private wireless network that encrypts your connection. There are several available, but the one I’ve been using for years is hotspotVPN and it hasn’t failed me yet.

No special VPN software is needed; you can use XP’s or Vista’s built-in VPN capabilities. The service costs $8.88 per month, or in one-, three- and seven-day increments for $3.88, $5.88 and $6.88. You can also pay for more secure VPN encryption from the service for between $10.88 and $13.88 per month.

Once you subscribe, you’ll get a user name, password and IP address of a wireless VPN server. At that point, you run a Windows network connection wizard, fill in the user name, password and IP address information, and you’ll be ready to go. In Windows XP, chooseControl Panel—>Network and InternetConnections—>Create a connection to the network at your workplace. From the screen that appears, choose Virtual Private Network connection, and follow the wizard.

In Windows Vista, choose ControlPanel—>View network status and tasks. Then click “Set up a connection or network” and then choose “Connect to a workplace” and then “Use my Internet connection (VPN). Follow the wizard after that.

Figure 4
Setting up a wireless VPN using Windows Vista (Click image to see larger view)

Disable your wireless adapter

There may be times when you’re at a hot spot when you actually don’t want to connect to the Internet. In that case, you can guarantee absolute safety —- disable your wireless adapter so you can’t connect.

If you have a wireless PC card, you can simply remove it, of course. If you have a wireless adapter built in to your PC, you can disable it. In XP, right-click the wireless icon, and choose Disable. If you’re using the adapter’s software to manage your connection, check the documentation to find out how to disable it.

If you’re using Windows Vista, choose ControlPanel—>Network and Sharing Center. Then in the Connection area, click “View status,” and from the screen that appears, click Disable.

Figure 5
Disabling a wireless adapter in Windows XP

Watch out for shoulder surfers

Think all hacking is high-tech programming? Think again. “Shoulder surfers” don’t need to know how to write a line of code to steal your password —- all they need to do is peer over your shoulder as you type. So make sure no one seems to be paying too close attention when they’re directly behind you.

In addition, if nature calls because you’ve had too many double lattes, don’t leave your laptop unattended when you go to the rest room. Laptop theft has become common in some places, most notably San Francisco, which was subject to a laptop crime wave. Consider bringing along a laptop lock, and locking your laptop to a table. Some cafes even include ports to which you can lock your laptop.

Beware phony hot spots

Watch out for this latest hot spot scam —- someone surreptitiously sets up a hot spot near a cafe, created for the sole purpose of stealing personal information. You’re asked to type in sensitive information in order to log in, and the thief makes off with your passwords and financial information. Ask a staffer at the cafe if there is, in fact, a hot spot available, and what it’s name is. Only connect to that network. And if you see two hot spots with the same name, don’t connect to either —- one might be a so-called “evil twin” set up by a snooper to trick you into connecting to the phony hot spot.

Turn on your firewall

Windows XP and Windows Vista both have personal firewalls built in, so turn them on. In Windows XP, choose ControlPanel—>Security Center, then click the Windows Firewall icon at the bottom of the screen. From the page that appears, select On, and click OK.
In Windows Vista, chooseControlPanel—>Security—>Windows Firewall. The screen that appears will tell you if the firewall is turned on. If it’s not, click Change Settings, select On, and click OK.

Figure 6
Turning on the firewall in Windows Vista (Click image to see larger view)

Windows XP’s personal firewall is underprotected because it doesn’t include outbound protection. (Windows Vista’s firewall includes two-way protection.) If you’re a Windows XP user, consider getting the free version of ZoneAlarm, which has both inbound and outbound protection.

Preston Gralla: Preston Gralla is a contributing editor for Computerworld Online, and the author of more than 35 books, including How the Internet Wo

Link to How to protect yourself at wireless hot spots

EmailEmail Article to Friend