Tuesday, April 29, 2008

Wireless security: home-field advantage, and "playing on the road"

Last week, a local television station (WJLA) in Washington discussed wireless security in businesses that keep consumer records, such as medical offices. I discussed the report at this URL.

A similar concept comes up with wireless security at home and particularly when traveling. Many motels and restaurants may offer free unsecured wireless access. A question would come up about doing personal transactions in such environments. This may be comparable to questions about doing personal transactions in hotel “business centers” on hotel computers or in Kinkos. I have done these before, even in Europe, and never had “a problem” (it was easy to get Internet services everywhere in Spain, France, Britain, etc.) One problem with personal business is the ability to check it frequently. If one is traveling for business, company policies may not allow personal use of their computers, and require that the individual manage his own access with his own laptop or hotel computers. The more often one can check basic information, like bank accounts, the lower the practical risk.

It is safer to do wireless work on the road (or at home) if one subscribes to a commercially managed network, or which Verizon is the best known but there are many. I have not yet picked a provider for future road travel with a laptop, but Verizon tells me that its access is “secured” at hotspots, which cover most of the country. The visitor can visit this site
or chat with one of their agents.

Modern laptops are sold with various cards for broadband and wireless access. Dell Inspiron (as of 2006) had 1394 Net adapter (firewire, not recommended for broadband);
Intel® Pro/Wireless 2200BG Network Connection (wireless); Broadcom 440 x 10 / 100 Integrated Controller (cable). When I boot up I see a “security-enabled wireless access” unit come up with no identification as to company. Sometimes, on the road, various unsecured networks show up, many of them with weak signals. Airports have them (Columbus Ohio had a very good and quick-responding network the last time I was there; BWI in Baltimore did not yet, although I don’t know about now). Dell’s website hints that some of its computers may connect to Wayport, but I called the company and it said that it has no specific relationship with Dell, and that the appearance of a strong signal at home from a secured network would be coming from a nearby home or local business that has set up a secured network. The appearance of signals (particularly unsecured – secure access signals usually come from reputable places) on a laptop when working even with cable broadband (Comcast for me) means, according to Wayport, that conceivably a wardiving hacker could view transactions done on the laptop even when not wireless-connected (even when the user has McAfee and Windows firewalls), and that a user in these circumstances show take more steps to secure potential wireless access. A couple of links on the blogger link at the beginning of this posting (about the WJLA report) discuss home wireless security in great technical detail.

When one purchases a wireless plan from a major provider, often it is connected to plans involving cell or Internet phone use, and sometimes cable or FIOS access. Often wireless will not be available at home unless one sets up a home network with a wireless router and one has cable or FIOS access, however one would be able to take the laptop to a nearby hotspot for the company and get reasonably secure access.

Can someone "safely" use regular “paid” commercial wireless hotspots at home and on the road with normal laptop Windows and anti-virus security? Probably. Issues could arise when one accesses bank or brokerage accounts (to trade online) or ISP’s to publish online, or email. The practical risk is probably low if one can stay on top of everything one takes responsibility for and owns. Probably. It’s a good idea to limit oneself to secured connections (https) when conducting transactions or publishing online. McDonalds, Starbucks, and small establishments might be a little safer than hotels, malls and airports. Keeping track of one’s personal stuff when on the road (and required to be by work) is still an issue, and adds another complication these days to business travel.

Update: May 6:

The FBI has made a posting about wireless security and the danger of connecting to unsecured free wireless at "hot spots" here. The safest networks are those that you pay for from major companies (that stands to reason). It is even possible for a hacker to read information from a computer with an active wireless card even when the user hasn't connected.

No comments: