Using Wi-Fi safely: encryption and other tips
Yes, the Internet can be a dangerous place, with viruses, worms and spyware lurking behind every URL and waiting to pounce on your PC every time you check e-mail.
But that's nothing compared to what can happen with a wireless hookup. Connecting to the Web through Wi-Fi can make your laptop even more vulnerable to hackers and pernicious code.
Just ask Peter Shankman, who recently returned from a business trip to Europe. On a stopover at the KLM lounge in Amsterdam, he opened his laptop and tapped into the wireless connection. Big mistake. "By the time I got to Berlin, the machine was totally and completely dead," says the New York communications consultant. "My computer had gotten infected. My file trees were completely shredded."
When it comes to wireless networks, safety is a top concern among business owners. Nine out of 10 executives in a 2003 Jupiter Research survey cited security as the biggest factor influencing their decisions about the deployment of wireless networks. However, more than half of all businesses take only basic precautions — or none at all — to protect their wireless networks.
How do you make your Wi-Fi experience safer? Here are four new and existing security protocols and the level of security they offer.
-
Wired Equivalent Privacy (WEP): like taking candy from a baby. WEP is an encryption methodology used in most access points (802.11a and 802.11b). It's considered flawed and hack-able, and if you're using such a network, you have to take extensive precautions. Breaking into a WEP network is about as easy as taking candy from a baby.
-
802.1x: like picking pockets on a subway. 802.1x uses a protocol called Extensible Authentication Protocol (EAP) to make a wireless network safer. You won't find a lot of 802.1x used at access points in airports, hotels and conference centers, so this doesn't really apply to a vast majority of wireless users on the go. Getting into a network protected by EAP takes some effort and expertise, but it can be done.
-
Wi-Fi Protected Access (WPA): like burglarizing a house with a good alarm system. WPA offers a more robust encryption scheme that uses a system called Temporal Key Integrity Protocol, or TKIP, to protect data. WPA is the security protocol used in 802.11g, which I wrote a column about recently. It could be a factor soon if you're connecting on the road — but not enough to let your guard down. It's about as secure as a home with a really good alarm system. Safe, but not impenetrable.
-
802.11i: like trying to clean out Fort Knox at high noon. 802.11i is the latest and greatest encryption standard. Ratified in mid-2004, it combines the Advanced Encryption System (AES) and TKIP to offer an almost unbreakable algorithm. But since it's so secure, it may not be used at public access points. Penetrating it is about as easy as driving away with all the gold in Fort Knox in broad daylight.
Adam Wong, an IBM engineer who is helping ratify standards like 802.11i, says that regardless of how airtight the security on your airborne data is, you need to take your own steps to ensure the safety of your data and equipment. "No matter how secure you are, or think you are," he says, "you're still dealing with the Internet."
Still, there are other ways to protect your laptop when you're away. Here are some.
Crank up your settings. On applications such as Microsoft Outlook and Internet Explorer, consider ratcheting up the security settings by a few notches to keep the bad elements of the Internet at bay. That's the advice of Seth Goldhammer, the co-founder of the wireless networking software company Roving Planet. (He keeps his on "high" all the time.) He also turns on the encryption feature in Microsoft Outlook Web Access for Exchange 2003. "When I'm on a public access point, I know there are other people out there," he says. "You can't be too safe."
Buy better equipment. Remember, 802.11a and 802.11b are widely considered to be hacker heaven. But 802.11g has a much more reliable security protocol. Consider upgrading your hardware to a "g" card, which is more likely to protect your data and hardware. Don't forget that 802.11g is backward compatible with the other standards — meaning that it works with older Wi-Fi version — so you won't be protected on the older networks. Jeff Parker, chief executive officer of Jacksonville, Fla., wireless company ParkerVision, also recommends a personal firewall, such as ZoneAlarm or BlackICE. "It's something that can add a significant level of security for users who are frequently on public networks," he says.
Practice safe surfing when you're on an iffy network. You wouldn't type your credit-card number and expiration date into a common-use PC in a hotel lobby. So why would you do the same thing when you're on a Wi-Fi network that isn't secure? I learned that lesson recently when my password was compromised on a visit to a hotel (I'm not quite sure how, but I suspect it happened wirelessly). Much to my horror, someone nearly succeeded in broadcasting an obscene message to the 21,000 subscribers of my weekly e-mail travel newsletter. It's the last time I'll send any sensitive data over a Wi-Fi hotspot.
Stay offline if you must — at least for now. It's a radical suggestion, but if your company is security conscious, the only certain way of making sure none of their data gets pilfered — and none of their applications get corrupted — is to order them off the wireless connections. That was the surprising advice from the tech research firm Gartner. "If you deem the risks are too high for the benefits that can be accrued for more mobile-connected employees, hold off any public hotspot usage, at least until the 802.11i standard is implemented," says Gartner's spokesman Chaim Haas.
For mobile computer users, wireless security means much more than making sure your security settings are at the right level and having the right hardware.
A lot of it is just common sense. I've already mentioned typing in passwords and credit-card numbers — a mistake you could forgive a novice for, but no self-respecting wireless devotee would make. (I am ashamed to admit that I did.) Consider, also, the eyes behind you at the airport terminal or in the hotel lobby. Do they see you typing in your login? Are they watching you as you key your data into your personal digital assistant?
My point is that a security breach can happen even when the wireless access point is encoded with the latest 802.11i hardware. Or, put differently, the most secure network is only as strong as its weakest link.