22 November 2010

Using Your Laptop at Starbucks: Is it Safe?

Wireless Internet access is available at most coffee shops, bookstores, airports, and hotels around the world. But how safe is it?

Automatic Wireless Connections
When it comes to wireless, many laptops will connect to "Any available network" and "Automatically connect to non-preferred networks". Convenient? Yes. But also risky.

In plain English, this means your laptop will connect indiscriminately to whatever available wireless signal is strongest. And in order for that to happen, it means there's likely no encryption or other controls in place to ensure your data isn't being sent and received in plain text - openly readable by anyone nearby who has the proper tools. And you can almost bet there will be.

To keep Windows XP from connecting - or being connected to - indiscriminately, see:
How to Disable Automatic Wireless Connections

Dynamic Local Linking
Wireless ready laptops running Windows XP and 2000 have an additional security concern - a feature known as dynamic local linking. Absent any other available network, these operating systems will create their own local area network using the private 169.254.x.x IP address range and broadcast their availability using the same SSID from their last successful wireless connection. This feature may make it easier to establish local networks, but it could be exploited by attackers.

Any laptop in the vicinity that last visited that same hotspot (or has been deliberately configured to exploit those who have), might be able to automatically connect.

To prevent exploit by dynamic local linking, configure automatic wireless connections to connect to "Access point (infrastructure) networks only". To do so, see:
How to Disable Automatic Wireless Connections

File and Printer Sharing
Chances are, your laptop or PC is configured with File and Printer Sharing enabled. If you've shared any folders in Windows XP Home, these will be automatically available to anyone who shares the same network with you, making it easier for anyone using the same wireless network to get access to your data. And if it's easier for people to get unauthorized access, it's that much easier for viruses and worms as well.

You're best bet, if you're on-the-road and using a wireless hotspot, is to make sure you first disable File and Printer Sharing. You can easily re-enable it when you return to your home or office.

To protect your files and folders from unauthorized access, see:
How to Disable File and Printer Sharing

But What About Starbucks?
T-Mobile provides the wireless services at Starbucks. T-Mobile Hotspots go one step above basic WEP encryption, offering 802.1x authentication standards and WiFi Protected Access (WPA). You do have to pay for the service, but remember that you are also paying for the better security it offers.

Remember Traditional Protection
Just because you've taken steps to make your wireless connection more secure, it doesn't mean your computer is safe. In fact, you're even more at risk when you're on the road and away from the extra protection offered by your office network or home router. Make sure you always:

  • Use antivirus software and keep it up-to-date to protect against the latest threats.
  • Use a personal firewall, preferably one that offers both inbound and outbound permission-based monitoring. An excellent option is the free ZoneAlarm personal firewall.
  • Consistently apply patches. Microsoft releases new patches the second Tuesday of every month. Mark it on your calendars as "Patch Day" and celebrate it by visiting http://update.microsoft.com/.
  • Don't neglect other vendor software. Firefox users and Mac users also need to be diligent about applying patches. Unfortunately, these patches aren't released on a predictable schedule so you'll need to keep a close eye on those vendors' websites for needed updates. Mac users should also check out the tips outlined in "OS X Security Basics" for additional safety measures.

The above article was originally published at: http://antivirus.about.com/od/wirelessthreat1/a/starbucks.htm

Contact Farend for more information about your own IT security