Security at public APs?

New to wireless (but not to networking, system software, etc.). I have a
Dell laptop with a TrueMobile 1400 card, running XP, and have an SMC2804WBR
on order to use with my SOHO LAN. I have done a little research, but am
still a newbie. I plan to use 11g/WPA. Perhaps I will have some
configuration questions about that by and by -- or if you have any warnings,
gotchas, or helpful hints to offer, feel free. Meanwhile...

If/when I take my laptop to a Borders or an airport or hotel with a public
access point, I assume that I will be pretty much offering a virtual RJ45
(Ethernet jack) on my laptop to anyone nearby. Is that right? Do public
APs generally offer any security options?

--
For mail, please use my surname where indicated:
(E-Mail Removed) (Steve Brecher)

Steve Brecher <(E-Mail Removed)> wrote:
> If/when I take my laptop to a Borders or an airport or hotel with a public
> access point, I assume that I will be pretty much offering a virtual RJ45
> (Ethernet jack) on my laptop to anyone nearby. Is that right? Do public
> APs generally offer any security options?

Some of them have VLANs, so that no two wireless nodes can see each other.
Aside from that, you are connecting directly to the internet in most cases,
so you should have your own personal firewall software installed.
If you are doing anything that you don't want someone to sniff, you should
only communicate to https web sites, log in to unix via ssh or some other
encryption, or run VPN to some VPN server.



--
---
Clarence A Dold - Hidden Valley (Lake County) CA USA 38.8-122.5

In article <(E-Mail Removed)>, (E-Mail Removed)
says...
> New to wireless (but not to networking, system software, etc.). I have a
> Dell laptop with a TrueMobile 1400 card, running XP, and have an SMC2804WBR
> on order to use with my SOHO LAN. I have done a little research, but am
> still a newbie. I plan to use 11g/WPA. Perhaps I will have some
> configuration questions about that by and by -- or if you have any warnings,
> gotchas, or helpful hints to offer, feel free. Meanwhile...
>
> If/when I take my laptop to a Borders or an airport or hotel with a public
> access point, I assume that I will be pretty much offering a virtual RJ45
> (Ethernet jack) on my laptop to anyone nearby. Is that right? Do public
> APs generally offer any security options?

Generally speaking, the answer is no, sort of. You should consider all
of your unencrypted network traffic as fair game for anyone within range
of your wireless card when using a public hotspot. Most hotspots don't
even offer WEP, as the configuration and support issues are too onerous
for the typical hotspot venue.

That said, most hotspots will allow you to use a VPN to securely connect
to your corporate network, for example. And of course, SSL secured web
sessions are safe from prying eyes as well.



--
********************************************
John Nelson
Flatline Wi-Fi -- Un-Wiring You To The World
http://www.flatline.com
********************************************

Anyone with a laptop running Ethereal or some other sniffer can capture all
net traffic, and they don't have to be associated with the net (VLANs won't
help). No hotspots use WEP. There may be some that offer WPA or VPN. In
these cases, everything is encrypted and you should be reasonably secure.
Otherwise, use SSH for login, avoid typing any sensitive data into unsecured
web pages, and don't use email via unsecured web pages or unsecured pop/imap
servers. The userid/password you use to log in to these servers, or for
example to yourYahoo! SDL home page, are sent in the clear and can be used
to hijack your account. I'd also disable file sharing.

Here's an interesting white paper from Intel on some of the hotspot
infrastructure issues:

http://www.intel.com/technology/itj/...1_abstract.htm

"Steve Brecher" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> New to wireless (but not to networking, system software, etc.). I have
a
> Dell laptop with a TrueMobile 1400 card, running XP, and have an
SMC2804WBR
> on order to use with my SOHO LAN. I have done a little research, but am
> still a newbie. I plan to use 11g/WPA. Perhaps I will have some
> configuration questions about that by and by -- or if you have any
warnings,
> gotchas, or helpful hints to offer, feel free. Meanwhile...
>
> If/when I take my laptop to a Borders or an airport or hotel with a public
> access point, I assume that I will be pretty much offering a virtual RJ45
> (Ethernet jack) on my laptop to anyone nearby. Is that right? Do public
> APs generally offer any security options?
>
> --
> For mail, please use my surname where indicated:
> (E-Mail Removed) (Steve Brecher)
>
>

In article <(E-Mail Removed)>,
"Steve Brecher" <(E-Mail Removed)> wrote:

>
> If/when I take my laptop to a Borders or an airport or hotel with a public
> access point, I assume that I will be pretty much offering a virtual RJ45
> (Ethernet jack) on my laptop to anyone nearby. Is that right? Do public
> APs generally offer any security options?

Follow the same rules you use at home. Personal firewall enabled on your
laptop, use only encrypted transaction to connect to your business, use
only encrypted connections to send and recieve your mail...

>>Personal firewall enabled on your laptop

If you happen to have Win-XP, it has such a personal firewall in it
that you could ENABLE in these circumstances if you choose to.
(I have NOT used it, so I can't speak to its quality or effectiveness.)



"David Turley" <dturley@pobox_NOT_.com> wrote in message
news:dturley-(E-Mail Removed)...
> In article <(E-Mail Removed)>,
> "Steve Brecher" <(E-Mail Removed)> wrote:
>
> >
> > If/when I take my laptop to a Borders or an airport or hotel with a
public
> > access point, I assume that I will be pretty much offering a virtual
RJ45
> > (Ethernet jack) on my laptop to anyone nearby. Is that right? Do
public
> > APs generally offer any security options?
>
> Follow the same rules you use at home. Personal firewall enabled on your
> laptop, use only encrypted transaction to connect to your business, use
> only encrypted connections to send and recieve your mail...