Thinkpads Forum

I usually connect to my local libraries or coffess shop and they never implement WEP\WPA or any security on the access point. My laptops have an antivirus and Norton firewall install. On dialups, grc.com reports all laptop ports are blocked or stealthed but on WIfi some of the ports are opened. I know the packets I'm sending out may be encrypted

What's the best way or better way to secure my laptop \connection in these wifi places whether they are encrypted or not? Security from sniffers, man in the middle, etc..

I don't think I would be overly concerned if your security is operating well and up-to-date. You are not letting anyone in, don't conduct overly sensitive activities, and you should be fine. Wireless security is geared mostly toward not letting someone use your own network. ... JD Hurst

jdhurst wrote:I don't think I would be overly concerned if your security is operating well and up-to-date. You are not letting anyone in, don't conduct overly sensitive activities, and you should be fine. Wireless security is geared mostly toward not letting someone use your own network. ... JD Hurst

I've seen segments on shows like 20/20, 60 Minutes, etc, where a hacker (hired by the show) lurks around Wi-Fi hot spots and hacks into the laptops of unsuspecting users, gaining access to very sensitive personal information such as credit card numbers. One such surprised "victim" was a very embarrassed IT tech.

Sorry Red, I don't remember how they said to protect yourself as it didn't appy to me (I live in a very rural area and use WEP just for the heck of it).

I've seen that as well, but the key is top security on your laptop - anti-virus, firewall, intrusion detection and possibly real-time spyware removal. And, (I usually forget to mention), highly secure passwords on every userid including the built-in administrator id. ... JD Hurst

85% of computer users have no idea if they are protectected from spyware, hackers, virus, etc... Just saw this on NBC tonight. The point being the wide majority of computer users don't know how to protect their computer.

Most laptops can connect to an open wireless network within a minute without any configuration by the user, thanks to Windows. Most routers are defaulted to no security and dhcp. I can sit out in front of offices and print to printers inside very easily and sometimes walk in and tell them how to prevent this.

I would venture to say 85% of the people who connect to the internet at coffee shops, are these real casual users who are shocked when they find out that the McAfee that came bundled with their OS is a year out of date, I have met plenty of people who think that just having Norton on their computer protects them and don't know it's 2 yrs expired.

My point is JD is correct, if your computer is protected, firewall, change default workgroup, spyware, etc, etc, you should be protected. Those that don't have any protection are targets, just like they are no matter what network they are connected to.

WPA is complicated to crack, WPA2 is very complicated and almost guaranteed safe right now, however both are pretty rare on home/small office wireless routers. Someone would have to really want somethin you have to work so hard to get through these. Especially considering there are about 10 64bit WEP networks around for every better secured one and most people who do that stuff are just in it for fun.

Your best bet is to use https and ssh whenever possible, most email and bank sites promote the use of https. Personally, I'm not to concerned when using public networks because I make a point not to transmit any sensitive information at all unless I'm at home on a wires computer I know is secure. If you are on any wireless network using WEP do not trust it for a second.

While I am not an expert in these areas, I would suggest turning off File and Printer Sharing in Windows. I also disabled my IR (infrared) port, since I am not using it anyway, and it is a way some people can gain access to your laptop in a public area.

EDIT: It also can be helpful to run under a 'Limited' user account in Windows, as opposed to an 'Administrator' account - which happens to be the default.

red bioroid wrote:I usually connect to my local libraries or coffess shop and they never implement WEP\WPA or any security on the access point. My laptops have an antivirus and Norton firewall install. On dialups, grc.com reports all laptop ports are blocked or stealthed but on WIfi some of the ports are opened. I know the packets I'm sending out may be encrypted

What's the best way or better way to secure my laptop \connection in these wifi places whether they are encrypted or not? Security from sniffers, man in the middle, etc..

When you run a port scan with wireless you are scanning the ports of the firewall between the internet and the wireless access point, not the ports of your computer.
When you are on dial up you are scanning the ports of your computer.

If you participate in a corporate network with VPN access, if possible use that VPN access with any public hotspot access point. Your traffic across the public facilities will then be well protected. Use the corporate network facilities for Internet access, though the corprorate firewalls.

If you don't have a VPN access, then the advice already given by others above is as good as you'll get.

Cheers,

Bill

T41mbi wrote:www.hotspotvpn.com

Cool!

I didn't know there was a VPN for public use. Too bad it's not free, but the pricing isn't too bad.

At least with it (I assume), you can go to financial sites without any more worry than you would have with a land line hookup.

I believe there're two parts of the problem here.
1. Not letting hackers into your computer
2. Security of the information transmitted between your laptop and WiFi Access Point.

While the issue #1 has been pretty well covered with the recommendations, I didn't see much feedback (except what PrincipalValiant said) on the #2.

I believe it doesn't matter if the WEP/WPA is enabled on the public AP or not -- as long as the WEP/WPA key is available to "bystanders" or there's no encryption at all -- the packets can be intercepted and decrypted.

So at least, make sure that all your sensitive data is sent over secure protocols -- that includes your e-mail account password (the corporate e-mail server should support SSL, I believe gmail.com supports that, not sure about generic ISP/free e-mail services), the web-sites (ONLY submit sensitive information if you see https:// not http:// and the appropriate icon in the browser's statusbar), FTP-accounts (I believe FTP over SSH is your best bet and it's supported by many clients, including freeware FileZilla) and of course the terminal access to other computers (SSH).

Thanks, Stangri, I was about to point that out. When you're using an unecrypted hotspot, the potential (note that I didn't say likelihood) is there that some hacker will try to sniff your packets and get some passwords, &c.

Some pithy discussion over on another site's wireless security forum.

http://www.dslreports.com/forum/remark,14928404
http://www.dslreports.com/forum/remark,14760105