How to Secure Your Wireless Network

Almost all of us have jumped onto someone else's unsecured Wi-Fi network. There's little harm in that if you're just an honest soul looking for an Internet connection.

But if you're the owner of an unsecured network, you should be aware that the world's not made up entirely of honest souls--and it's not hard for the dishonest ones to see exactly what you're doing on your network. Sound scary? Here's how to fix the problem.

Q. What are WEP and WPA encryption, and which should I use?

A. The first line of defense for your Wi-Fi network is encryption, which encodes the data transmitted between your PC and your wireless router. Unfortunately, most routers ship with encryption turned off, and many users don't turn it on, leaving themselves completely exposed. If you haven't already, enable your router's encryption, and use the strongest form supported by your network. The Wireless Protected Access (WPA) protocol and more recent WPA2 have supplanted the older and less-secure Wireless Encryption Protocol (WEP).

Go with WPA or WPA2 if at all possible, since WEP is relatively easy to crack. (You have to use the same form on all devices on your network; you can't mix WEP and WPA.) The keys used by WPA and WPA2 change dynamically, which make them nearly impossible to hack. Use a strong password for your encryption key, such as a combination of letters and numbers of 14 characters or more.

If you have an older router that supports WEP only, you'll be safest if you use 128-bit WEP keys--but also check the manufacturer's Web site for a firmware update that will add WPA support. If it doesn't look like an update is likely, consider replacing old adapters and routers with newer models that support WPA. Look for a router that supports the hybrid WPA + WPA2 mode, which lets you use the stronger WPA2 encryption with adapters that support it, while still maintaining compatibility with WPA adapters.

Make sure you change the default network name and password on your router. Doing so will make it much more difficult for hackers to break into your router and commandeer its settings.

Q. If my router has a firewall, why do I need these added security measures?

A. The firewall built into your router prevents hackers on the Internet from getting access to your PC. But it does nothing to stop people in range of your Wi-Fi signal from getting onto your network--and with the latest high-performance equipment, your Wi-Fi signal could reach clear down the block. Without encryption and other protective measures, anyone can use readily available tools to see all your Wi-Fi traffic.

For extra protection, you should run software firewalls on the individual PCs on your network. Some good options are Zone Labs' ZoneAlarm, available as a free download or in the ZoneAlarm Internet Security Suite 2006, and Agnitum's Outpost Firewall Free.

Q. How can I secure my notebook at public Wi-Fi hotspots?

A. Since public hotspots generally don't use encryption, you should assume that anyone can see your Internet traffic unless you take precautions.

• Make sure it's a legitimate hotspot: Nefarious types have been known to set up pirate routers with familiar SSID names like "wayport" or "t-mobile," and then use them to capture unsuspecting users' log-on information and other private data.
• Verify that your PC's software firewall is turned on, and that Windows' file-sharing feature is off; it's off by default in Windows XP with Service Pack 2. To check this setting, open Control Panel and choose Windows Firewall (you may have to click Security Center first in XP or Security in Vista). In XP, select the Exceptions tab, and look in the Programs and Services to make sure "File and Printer Sharing" is unchecked. In Vista, click Change settings, then select the Exceptions tab and follow the instructions for XP.
• Never send bank passwords, credit card numbers, confidential e-mail, or other sensitive data unless you're sure you're on a secure site: Look for the lock icon in the bottom-right corner of your browser, as well as a URL in the address bar that begins with https. Such sites build in their own encryption.
• Always turn your Wi-Fi radio off when you're not at a hotspot: Hackers can use it to create peer-to-peer Wi-Fi connections with your computer and access it directly.
• For better security, consider signing up for a paid subscription to a hotspot network such as Boingo or T-Mobile. Both companies provide connection software that encrypts your sessions automatically.

Q. What's a VPN, and how do I get one?

A. The best way to protect a public wireless link is by using a virtual private network, or VPN. VPNs keep your communications safe by creating secure "tunnels" through which your encrypted data travels. Many companies provide VPN service to their mobile and offsite workers, so check with your IT department for connection instructions.

You can also use a paid service such as Boingo's Personal VPN (free trial with Boingo subscription, $30 to keep), JiWire Hotspot Helper (10-day free trial, $25 per year) or Witopia personalVPN ($40 per year). All three of the services are simple to install and use.

You have one more security option: If you don't mind connecting through your home or office PC, you can log in to a public hotspot securely by using such remote-access programs as LogMeIn or GoToMyPC.