You probably like to sit down in a coffee shop with a steaming low-fat-cinna-mocha-frappa-maxi-latte-cino with a shot, crack open your laptop and do a little web surfing. Who doesn't like to have a hot, refreshing beverage and surf the Web for sports scores or music or soap opera news? It's easy to forget you're not at home, though.
Trouble is, along with the free Wi-Fi that you're lapping up with your libation, there's a chance you're being scrutinized by a ne'er-do-well who wants to steal your secrets. Why? To sell them in Malaysia, Russia or New Jersey. "What secrets, Frank? I have none of my financial info there." Ah, were it only that easy.
Maybe you have company data there, or letters written to creditors, or records from your club meetings complete with names, times and so on. What you might consider a no-problem situation has more peril than you think. In addition, no matter where you go, you pick up the flotsam and jetsam of websites: Cookies, cached URLs and other tell-tale info. A clever hacker can mine that data on your machine and perhaps recreate your work. A clever hacker (of which there are many) can monitor what you're doing while you're doing it. They can, in a manner of speaking, sit in the stream of data you're sending and capture it.
To make their work easier they have "sniffer" programs that watch the data stream for logins, passwords and account information. As you type, their machine merrily captures every bit and byte from your machine, or from every machine in the room if they have the tools to do so. One benign example is at the Bunnie Studios website blog where the author took a Chumby (a small Internet appliance with a screen, and a very cool one at that) and, with a little modification, created a Wi-Fi sniffer. He can see what web addresses folks around him are going to. With only a little more effort, capturing your data is assured. He's a nice guy so he doesn't but, if he can do it, many others can with more criminal intent.
"But, hey, I paid (your favorite cafÈ) for a card to get Internet access. That's secure, right?" Ummm, not so much. Unless you can access what's called a Virtual Private Network, or VPN, which is (metaphorically speaking) a tunnel that only you and a remote router you're "talking" with can go through, you're a sitting duck. A VPN handles security by encrypting the data that goes between your machine and a router or wireless access point (WAP). You have to have special software and/or hardware to do that and finding VPN service in a public cafÈ is almost unheard of.
So, what to do? One answer is to get a wireless access card that ties you directly into a major carrier's network (AT&T, Verizon, Sprint, etc.) and lets you avoid using Wi-Fi hotspots. The upside is that you'll have fairly fast wireless broadband everywhere in their coverage area in many urban zones (like Lexington). The downsides: It ain't cheap -- $60 and up per month - and it's not in every city. It's much more secure, but basic security is still needed.
Okay, maybe that's overkill, so what else can you do? Follow these simple steps and you'll be much safer. A word of caution: No one is ever completely safe on a wireless network. Encrypting your hard drive data is the best choice if it is really sensitive.
First, get the latest patches and updates to your operating system; next, use a software firewall, anti-spyware and anti-virus (you have all that since you've been reading my column, right?). Then, (after the updates and encryption), turn off file and print sharing if you're going away from "home." Don't know how? Get some help before you venture out. There are plenty of tutorials online that explain it, too.
Now, if you do need to risk secure data in public (like checking your cell phone account), look for https:// as the beginning of a website's address (vs. http://) because the "s" means it's secure. Also, you'll see a lock icon in the lower right corner of the browser window (Firefox and Explorer). If the lock looks locked, it's secure; if it looks unlocked, it's not. Some sites show an icon when they use VeriSign or other security companies for added safety; those are an assurance, not a guarantee.
As a rule, it's not safe to use a public Wi-Fi hotspot for sensitive data. If you must, access your machine remotely with a VPN. How? $200 or so gets you VPN-equipped router kits with a laptop card and software. You might need help setting it up, but it's worth it if you must have your data "out there."
Frank Goad is the Learning Resources Manager in the Information Systems department at Asbury College.