Good Tool for Secure Access at WiFi Hotspots

Even if you secure your own WiFi Network, you can still face the challenge of getting a secure network connection on a public WiFi network (WiFi hotspot). Because it's so easy to capture an e-mail username and password on an unsecured WiFi network (look over the shoulder of a wireless hacker, you should never connect to a public WiFi network without a secure connection One way to effectively deal with this is to make sure that your e-mail connection uses an SSL connection. Many e-mail providers will provide you the SSL connection ports if you poke & prod them enough for the information. Another alternative is to use a personal VPN like that available from WiTopia. The personalVPN works in the background to seamlessly secure your sent and received data via an encrypted tunnel to WiTopia's Internet gateways. Works with any and all applications including email, instant messaging, and web surfing.

Best Practices to Secure Your Wireless Network

The good news is that simple tools are available to properly secure your wireless network and avoid the dangers discussed above.

The Wi-Fi Alliance designated WPA (Wi-Fi Protected Access) as the recommended security practices for consumer & business networks. WPA comes in two forms: WPA-PSK which offers a lower-level security for consumers, and WPA-Enterprise which offers a higher level of security for enterprises. Solutions like Witopia and WiFi Login Pro deliver enterprise level security with the consumer-level simplicity that can be easily and quickly deployed in home offices, small offices, and medium businesses. WPA-PSK (Pre-Shared Key) - WPA-PSK provides a relatively secure solution for consumer networks. If you’re technically competent, and feel comfortable configuring the security parameters of your wireless access point or router, you can configure your wireless network to support WPA-PSK. By entering a common 64 digit hexadecimal key or an ASCII pass phrase into every device on the network you can properly encrypt all network traffic to and from the access point. The LucidLink WiFi Client can automatically detect if a network requires WPA-PSK and simplifies the client configuration.

WPA-PSK has fixed many of the problems associated with pre-shared keys used in WEP. While it is quite awkward to properly enter a 64 digit hexadecimal key into each device on the network, if done carefully, it can provide strong encryption of network traffic and ward off hackers. A random ASCII passphrase (random to avoid a dictionary attack) can be used to avoid the hexadecimal key entry.

One of the common complaints with WPA-PSK, however, is that it uses a common key across all of the devices and PCs on the network. If you, an employee, or your child innocently shares this key with anyone, the integrity of the network can be compromised. If any person leaves an organization or needs to be denied access to the network, every PC on the network needs to be reprogrammed with a new 64 digit pre-shared key. The need to re-key every device on the network if a single user is removed can become a heavy burden to maintaining a small business network.

WPA-Enterprise uses the same type of network security used by enterprises and ISP over the last decade to protect access to wired networks. Unlike WPA-PSK, each user accessing the network is given unique credentials. These credentials may be in the form of passwords or electronic certificates.

For a user to access the network, they provide the unique credentials which are verified by a designated PC providing access management using a security protocol called 802.1X. When the server acknowledges the user as having valid credentials, the user is given access to the network and given a new encryption key every time they enter the network. The encryption key is used to encrypt & secure the network traffic between the user's PC and the network access point. Without proper credentials, the user is denied access.

One of the benefits of WPA-Enterprise is that it offers a much higher level of manageability. User access can be controlled on a user-by-user basis. A user can be removed from the network without re-keying every device on the network.