How to bolster wireless security away from home

If you travel with a laptop and connect wirelessly, you need to take extra precautions. Most public wireless providers and hot spots use no security at all. Everything you send and receive is sent in the clear with no encryption. If you are using a VPN connection to your office, you will have the protection of an encrypted tunnel. There are several methods of implementing VPN. For more information, see Charlie Russel’s column Connect to Your Corporate Network from Home with Windows XP. You can also use the information in Charlie’s column to connect while you’re on the road. If you can’t use a VPN tunnel to your office, consider using a Remote Desktop connection to a computer you’ve left running at home. You can use Vista Ultimate or Business (32 or 64 bit), Windows XP Professional, Media Center Edition or Tablet PC Edition as a Remote Desktop host machine but not Vista Home Premium or Basic and Windows XP Home. Vista Home Premium, Vista Basic, and Windows XP Home, however, can be used as the remote client. If you are going to do this, you really want to use a router/gateway (and honestly, you don’t ever want to connect a computer directly to a broadband modem). You’ll need to forward port 3389 to this computer (see the router docs). To make this easy to do, get yourself a free domain on www.dyndns.com and get a router that has easy transparent support for DYNDNS. I recommend the D-Link DIR655 (Circuit City is stocking these as of 5/1/07) or the older D-Link DGL4300. For details on using dyndns, see:


http://www.dyndns.com/services/dns/dyndns/howto.html


and


http://www.dyndns.com/services/dns/dyndns/


Take additional security precautions when using public networks outside your home. Follow these additional steps to make your wireless connection more secure. When connecting to a new public network (hotels, municipal, etc.) be sure to specify Public when prompted.


Configure the Vista or Windows XP SP2 Firewall to be on with no exceptions.


To do this in Vista:


a. Right click the wireless icon in the notification area

b. Select Network and Sharing Center

c. Click Firewall on the lower left

d. Select Change Settings

e. Acknowledge the UAC prompt

f. Select Block all incoming connections


To do this in XP:


a. Right click the wireless icon in the notification area

b. Select Change Windows Firewall Settings

c. Click Don’t allow exceptions and then click OK


Vista users should also turn off all file and print sharing in the Network and Sharing Center window. If you are using Windows XP Home edition, turn off file and print sharing on your laptop when you travel. If you are using any other version of Windows XP, turn off Simple File Sharing.


Don’t visit any website or use any program that lets you send passwords, account numbers or other sensitive information in the clear. Use SSL connections for email. If you don’t know how to configure Outlook Express or other email client for SSL or if your ISP does not support this, it is probably your ISP has a secure SSL based webmail application that you can use. If in doubt and there is a choice for secure or encrypted versus normal or non secure, always select the secure version. SSL sites normally have URL’s that begin with https://


Use online banking with care. Most banks offer SSL online access. Read the fine print carefully.


Only use online merchants who provide a secure SSL site. Internet Explorer and most other browsers will display a padlock icon on the bottom status bar when accessing a SSL secured site.