With the availability of public hot spots and neighborhood wireless (WiFi) networks springing up in every direction, you might wonder if using someone else's wireless Internet service is secure. It's not always clear exactly what the local coffee shop, a municipal network, or a neighbor can see if a person uses someone else's network. If they want, the network owner might be able to see nearly everything that travels between a laptop and the network’s router.
Using any wireless Internet service can carry some risks. When information is broadcast between a laptop and an open wireless router, anyone within range can use packet-sniffing software to pick up the broadcast. Someone listening in can trap usernames and passwords, email and file transfers. Only a connection made to a secure website remains secure, even across such a network, because the encryption originates at the website and extends to the user’s computer.
To secure a wireless LAN from local eavesdropping, all information that travels between the laptop and router must be encrypted using software security options built into the wireless router. In this case, the entire LAN broadcasts in an encrypted format. The router only decrypts traffic to send it on to the Internet. This does not make surfing the Internet any more secure than it otherwise is, but it does eliminate some of the risks associated with potential eavesdropping on the LAN side.
Securing a wireless network also prevents “hitchhikers” from parking within range of the network, then using the wireless LAN to connect to the Internet. Wireless networks that are encrypted require a username and password to gain access, preventing freeloading.
Many municipalities provide free wireless access for residents and visitors, which commonly requires parking in a certain part of town to be within range. These types of networks are rarely encrypted because requiring a password and username restricts their accessibility. Many local neighborhood networks are also unsecured, as are some corporate networks. In cases like these, using the wireless Internet service does open a person up to risk.
To increase their personal security while maximizing the convenience of using third party networks, computer users should avoid using a single username and password for all of their needs. When networking from a secure location, they should assign unique usernames and passwords for each registered site, for email, for banking, shopping and other needs. Most web browsers can remember website usernames and passwords, keeping them encrypted locally for safety, then filling them in automatically when the user visits a site. It is also advisable for people to occasionally change usernames and passwords associated with sensitive accounts.
Security schemes designed to protect privacy and personal information will not protect those using someone else's wireless Internet service for illegal purposes. Every network adapter, for example, has a unique MAC address that the computer reveals every time it connects to a network. It is a relatively easy matter in most cases to trace that MAC address back to a real world user by various means, should authorities be motivated to do so.
Knowing that using someone else's wireless Internet can be risky, users may want to limit their activities on unencrypted networks accordingly. When possible, they should avoid visiting sites that require a username and password, and put off sending or collecting sensitive email or files until they can connect from a secure location.