Being Secure on Public Wi-Fi: VPN, Firewalls, File Sharing: Page 2
The goal here is that the network you are connected to in Boston, be it a public Wi-Fi network or perhaps a wired network in a hotel, only sees encrypted data. No one in Boston has any idea what you are doing on the Internet. (Thats a good thing if you're a fan of the Los Angeles Angels of Anaheim.)
The consumer VPN company that I have used and feel comfortable recommending is Witopia. They offer both SSL and PPTP based VPNs and do a reasonably good job of explaining the difference between the two. Each is offered on a yearly basis and they stand behind their products with a 30-day money-back guarantee.
The VPN service that Leo Laporte and security expert Steve Gibson like is HotSpotVPN. They also offer a PPTP based VPN (HotSpotVPN-1) and an SSL based one (HotSpotVPN-2). Both services are sold by the day, week, month or year.
Another issue when sharing a computer network with strangers is keeping them out of your computer.
The first line of defense here is a firewall program running on your computer. For an introduction to firewalls, see my previous article here an Introduction to Firewalls.
A firewall program is basically a bunch of rules about what type of data is allowed in, and with better firewalls, what type of data is allowed out.
In this case, the issue is incoming data. A good firewall should block all incoming unsolicited data.
Does your firewall program do this?
Unfortunately, this can be a very hard question to answer. Configuring a firewall, even for someone familiar with the basic concepts, can be maddening.
Perhaps the best user interface I've seen for configuring the firewall rules is the firewall in Windows XP. As a firewall, it's lightweight but it's good enough for many people. Older versions of ZoneAlarm also had an easy to understand user interface.
Rather than try to fight this fight, I suggest running a test. At his grc.com website, Steve Gibson offers a firewall testing service he calls ShieldsUP!.
To understand the test, you need to know that he is testing "ports," which can be thought of as logical lines of communication. That is, they are not physical things. Open ports are bad, they represent a potential security hole through which bad guys may be able to access your computer.
Closed ports are good. Stealthed ports are the best.
For ShieldsUP! to be a valid test however, the computer being tested needs to be directly connected to the Internet. If the computer is connected to a router, then ShieldsUP! is testing the firewall in the router rather than the firewall program on your computer.
One of the bad things that can happen as a result of a hole in the firewall is that bad guys on the shared Wi-Fi network can see and copy files on your computer.
As a second line of defense, consider disabling the file sharing feature in your operating system. For example, Windows XP users can bring up the properties of their wireless network connection from the Network Connections icon in the Control Panel. There is a checkbox for "File and Printer Sharing for Microsoft Networks." Turning this off provides another hurdle for the bad guys to get through.
If you never share files or printers on a network, then you can disable the underlying services in Windows. However, this prevents file sharing on wired networks and may be a pain to debug when a year or two down the road you want to start sharing files or printers.
Who Are You? (The Fake Name)
My last piece of advice concerns the names of wireless networks.
Anyone setting up a wireless network can name it anything they like. Thus, if you find yourself in a Barnes and Noble store and want to use their free Wi-Fi, is their network called "bnwifi," "bnwireless," "barnesnoble" or "free public wifi"?
The only way to know is ask someone who works for the store. Don't make any assumption about a wireless network based on its name. The last choice, "free public wifi" is infamous for not being what the name implies.
It takes work, but it is possible to be safe and secure on a public Wi-Fi network.