Mobile Computing: Are Hot Spots Safe?

Feature: Are Hot Spots Safe?

You and your notebook are at a corner café, wirelessly surfing the Internet. You buy a book from Amazon.com using your credit card and check your savings account balance at your bank's Web site. It's all very cool, in a new-millennium sort of way.

But is it secure?

Wireless networks broadcast data over radio waves, and anything transmitted over the airwaves can be intercepted. That's why wireless networks are inherently less secure than wired networks.

By definition, public wireless networks are designed to be accessed by anyone within the Wi-Fi hot spot's broadcast range, usually up to 150 feet from an antenna. Because these wireless networks are open to all (either for free or for a fee), it's possible that sophisticated hackers could grab your data out of the air, decode it, and use it, according to C. Brian Grimm, marketing director of the Wi-Fi Alliance, a nonprofit association.

This doesn't mean, however, that you have essentially recited your credit card and bank account numbers aloud for everyone in the café to jot down. While no security system is infallible, there are strong security precautions in place to protect wireless network users.

Look for the Lock

When you bank or shop online, your transactions are usually handled on secure servers that use Secure Sockets Layer, an encryption protocol that creates a secure Internet connection between the client (you) and the e-commerce site's server.

Web retailers that support SSL--and the vast majority do--direct your transactions to areas of their site that have URLs beginning with https instead of the standard http. This indicates that the area of the site you're in is secured by the SSL protocol. Also, you'll notice a lock icon displayed in the lower right corner of the Web browser window, which indicates the area of the Web site you're in is secure.

For example, let's say you're going to shop for a book at Amazon.com. You won't notice the https or the lock icon in your Web browser while you're browsing for books, because that activity doesn't need to be secure.

But once you begin the checkout process, in which you're required to enter your credit card information, you're directed to a secure Amazon.com server. At this point, you'll notice that the Amazon.com URL in the address line of your browser now starts with https instead of http, and there is a lock icon visible in the bottom right corner of your browser window.

Virtual Private Networks

Other security precautions are also available to protect wireless network users.

Many companies, particularly large enterprises, offer their employees Virtual Private Network connections to the company's network and the Internet. VPNs use encryption and other security methods to give wireless network users the same kind of privacy that wired networks typically have.

Some wireless network service providers also offer VPN security. For example, EarthLink Wireless High Speed, which the Internet service provider EarthLink offers in conjunction with Wi-Fi hot spot provider Boingo, includes built-in VPN security, according to EarthLink. The service is offered at some 2500 locations such as airports, hotels, and coffee shops at rates beginning at $5 per month.

Is Your Notebook Secure?

Wireless networking has its own security protocols. The Wireless Equivalent Privacy protocol has been around for years, but has fallen out of favor because its security is far from airtight.

A newer wireless network security protocol, Wi-Fi Protected Access, started showing up in new products in early 2003. WPA provides encryption and other privacy protections that are far stronger than previous Wi-Fi protocols, says Grimm.

Some notebooks have built-in wireless networking capabilities. So how can you tell if your notebook's wireless networking chip supports WPA? The Wi-Fi Alliance site maintains a list of WPA-certified products, including internal wireless networking cards found in notebooks and desktops. Go to the site's Certified Product Listing to browse by vendor and product type.

If your chip doesn't appear on that list, one option is to buy a new, external WPA-compatible wireless network adapter (about $50 or more). To find an adapter, go to the Filter by Company drop-down menu on the Certified Product Listing page, select (Show All); in the Filter Products By menu, choose External Card; under Capabilities, click to check Wi-Fi Protected Access; and then click the Submit button. The products listed include links to vendor Web sites.

Keep in mind that Microsoft Windows XP doesn't support WPA, so you'll need to go to the company's support site to download an update. The Microsoft site includes lots of helpful information about WPA as well.

But you may not need to buy an adapter, even if your notebook's internal wireless networking card doesn't support WPA. You may be able to upgrade the card's firmware to add WPA support; check the online support section of your notebook vendor's Web site or the manufacturer of your notebook's wireless network card for updated drivers that support WPA.

External wireless network adapters, such as PC Cards and USB devices, may also have updated drivers that add WPA support. Check the adapter manufacturer's online support for the latest drivers.

Extra Protection

Though Windows XP has a built-in firewall that helps prevent unauthorized access to your computer files, you might consider more robust programs such as ZoneAlarm Plus 4 ($40) or ZoneAlarm Pro 4 ($50). Both programs include a feature called Mobile PC Protection, which automatically detects and protects you on the wired or wireless network that you're connecting to. Read Sean Captain's review of ZoneAlarm Pro 4 for details. Go to the Zone Labs site to download ZoneAlarm Plus or Pro.

More About Wi-Fi

For more information about wireless networking, see my earlier articles on the subject: "All About Wi-Fi," "Ultimate Guide to the Wireless Web" and "Guide to Wi-Fi Hot Spots." And don't forget PC World's Hot Spot Finder.

Your Feedback

Have you ever experienced a security problem while using a wireless network connection? Do you have any other advice for keeping your computer files as secure as possible while working on a wireless network? Tell me about it.

Subscribe to the Business Brief Newsletter

Comments