Log in

View Full Version : Expert Warns on Wireless Security in Asia


Paul Martin
12-13-2006, 09:20 PM
<div class='os_post_top_link'><a href='http://www.infoworld.com/article/06/12/13/HNasiawirelesssecurity_1.html' target='_blank'>http://www.infoworld.com/article/06...security_1.html</a><br /><br /></div><i>"The fast growth in wireless Internet use throughout Asia leaves users vulnerable to data theft over unsecured networks and lost or stolen mobile devices, a security expert warned Tuesday. ...As mobile applications increase, and people use mobile networks more and more often to log onto the Internet for work and play, [Chief Security Officer Kurt] Roemer sees the danger of users failing to protect themselves. He reckons the smartest solution for companies and Internet service providers is to take proactive steps to protect users, and keep user tasks simple."</i><br /><br />Though this Infoworld article focuses on Asia, it's a good precautionary note for the rest of the world. At home, I'm behind a firewall on my PCs and use encryption on my wireless router for both the laptop and Pocket PC. But, when I'm at the coffee shop, I check my e-mail and don't often think about others trying to peek at my data. If you use a public hotspot, do you think about the security of your wireless activities? Have you found an easy way to secure your connection?

whydidnt
12-13-2006, 10:29 PM
That's a good question, and I'm not sure I know enough about Wireless networking to know for sure. I "think" I am practicing safe habits -- for example I only connec to the office over a VPN, so I assume once connected to the VPN all data is encrypted within the VPN tunnel.

When I get email, I typically do it via the web-interface of GMail, which uses SSL encryption for the login. Same goes for Internet Banking, etc. I'm assuming that the SSL encrypts the data before transmitting, so I "think" most of that information is secure.

However, I don't think that when I login into websites such as this that data is secured at all, so I suppose someone could take over my PPCT account if they wanted, but why would they, it's free for anyone to sign up for anyway, right? So, all-in-all I feel okay about using public hot spots. I hope I'm not overestimating the power of a SSL connection to a website though.

However, wouldn't it make sense for some hot spots to start using some sort of simple encryption, such as a WPA key or the like to encrypt data? It could serve the dual purpose of encrypting transmitted data, while giving the hot spot issuer a way to validate a customer before giving out the key. Of course this wouldn't be possible in airports and the like, so we'd need a different solution. I guess this may add a layer of complexity and related support issues that hot spot providers may not want or be able to deal with though...

minimage
12-14-2006, 06:41 AM
As far as I know, whenever I'm on my employer's VPN, all my traffic is encrypted, so that it what I use. I intend to set up a VPN server at home one day.

Paul Martin
12-15-2006, 02:28 AM
However, wouldn't it make sense for some hot spots to start using some sort of simple encryption, such as a WPA key or the like to encrypt data?

While I suppose it could be too much trouble for the local provider, some simple method of encryption would be nice. I'm not much of a security guru, though.

Paul Martin
12-15-2006, 02:32 AM
As far as I know, whenever I'm on my employer's VPN, all my traffic is encrypted, so that it what I use. I intend to set up a VPN server at home one day.

Hmmm, I wondered about the difficulty of setting up a VPN tunnel to home. When I log into work from home, it's through a VPN so that's fine. I guess I was just wondering if there was an easy way to secure POP3 e-mail checking while on a public hotspot, since that's usually the way I have my Pocket PC do it.