It's incredibly confusing, and yet at the same time it's terribly important. You've got a little radio transmitter and receiver in your laptop (that's what wireless is, after all) and unless you secure it, every time you make a wireless connection you are broadcasting all of your private data in the clear to anyone within range.
(And, psst! Anyone who can use Google can find freely available programs that will help them eavesdrop on you.)
Don't believe me? Here, just go read the official security statement from the Wi-Fi Alliance, an industry group.
And consider that WEP, the kind of security that most of the people with "secured" home networks are currently using has become such a complete joke that the Wi-Fi Alliance is too sheepish to even mention it on their site. In fact, their attorneys have probably advised them against it.
Like a lot of you, I guess, I am the designated System Administrator for my network of friends and my extended family. I'm the guy they call when the computer eats their homework, or they get infected with spyware from surfing porn sites ("I have no idea how this happened!") or iTunes suddenly stops working on them.
I achieved this honor by having worked in the computer industry for the last 20 years and being a general propellerhead, but I have never made my living in the realm of PC security technology.
I have managed to secure my home wireless network pretty well, using the much stronger WPA standard; when I take my corporate laptop on the road with me, the IT staff of the big multinational consulting firm that sends me regular paychecks has thoughtfully provided me with Virtual Private Network (VPN) software and a SafeWord card that allows me to log in securely from almost anywhere, whether it's a wired connection in a hotel room or a wireless connection in a random airport somewhere.
So until recently, I haven't spent too much time worrying about wireless security. I've either been able to handle it on my own, or I've had some very smart and well-educated security folks handling it for me.
Then my wife and I bought a new "family" laptop with built-in wireless.
And we started using it occasionally from public access points, like coffee shops, or branches of the New York City Public Library.
I've been realizing, in the back of my mind, that I ought to do something about securing our new wireless laptop. I can't use the corporate VPN, for obvious reasons.
What I really needed, I figured, was some kind of *personal* VPN service that we could subscribe to... a service that, for a few bucks a month, would let us create a secure connection (that couldn't be eavesdropped on) from anywhere we happened to be.
In the course of searching out information on such a service, I stumbled upon something simply wonderful.
It's a $10 electronic book (e-book) called "Take Control of Your Wi-Fi Security." And if you're at all concerned with the issue, it'll be the best $10 you've spent in a long long time.
The authors, two guys with enormous geek credibility (one is the editor of the consensus-best Wi-Fi news and info website, the other has been writing and editing the Macintosh tech newsletter TidBITS since 1990), take the confusing tangle of Wi-Fi security issues and break it down for you in plain language.
The book is a marvel of excellent technical writing for a general audience, and I say this as a technical writer of some 20 years experience. It is completely current and up-to-date as of this writing (published exactly one month ago today: September 15, 2005) and packs a ton of information into a brief (115-page PDF) package; it's full of links to resources on the Web, too, and every link I've tried works: click it in Adobe Reader, and your browser goes right to the site.
(The links alone are worth $10; compared to what you'd have to pay at the local bookstore for an already outdated print copy of Teach Yourself To Be A Wireless Dummy in 15 Days, the e-book is an incredible bargain.)
Look, there are plenty of good, free Wi-Fi information sites on the Web. I'm going to list some of them at the bottom of this post, in case you're too cheap to shell out $10 to a couple of guys who have done all the skull-sweat for you.
And you can Google around and discover that there are, indeed, private VPN services like the ones I was describing above. Your choices include:
- PublicVPN - Works on Windows (Windows 95, 98, ME, 2000, XP), Mac OS X (10.2 or later) $5.95 per month, $59.95 per year
- HotSpotVPN - Ranges from $8.88/mo. to $13.88/mo, depending on encryption strength; multiply by 10 to get annual cost. (Has a day or week-priced option for infrequent travellers.)
- WiTopia personal VPN (Windows XP) - Regularly:$79.00; currently priced at $39.50
But it took me over an hour to sort all of that out, my friends. (I signed up for a couple months of PublicVPN service and am currently testing it out; if it works out, I will point all the users in my "support community" to it.)
And then when I stumbled on the book, I saw... grrrrrr!... that the authors had already figured this out for me!
Okay, here are the free resources I mentioned. But go buy that book, really.
- WiFi Networking News
- Daily Wireless
- MuniWireless - About municipal wireless efforts worldwide
- TechDirt Wireless
- Reiter's Wireless Data Weblog
- Om Malik's Broadband Blog - "Unwired" topic