What do you use to keep your WiFi secure?

Use what you set up for your end users? Or something more?

There are plenty of studies and plenty of analyses showing how vulnerable consumers and corporate end users are to sniffers, phishing, password recording or simple eavesdropping connecting wirelessly, especially using WiFi, in public places.

IT people are generally considered to know better than to get a new cell phone and not change the default password – as did many of the celebrities whose sexting and naked photos are alleged to have been swiped recently.

Standard corporate practice seems to be to install a VPN client (usually Cisco's) that encrypts traffic back to a remote-access server that passes you through to some semblance of the resources you access when you're connected directly.

You (and your users) might not want to use the same connection for your personal browsing, emailing or resume distribution, however.

Another option is necessary, preferably one that's free or very low cost.

Former PCWorld usability and PC Annoyances guru Steve Bass recommends a couple of VPN options that are free or cheap, and relatively effective.

HotSpotShield is free, but shows you ads and replaces some error pages and search pages with its advertisers, most annoyingly Ask.com. proXPN,HMAPro and StrongVPN get OK reviews, though reactions vary with each of them.

There are dozens of other VPNs, free and paid, including the TOR/Onion network that offer a range of SSL and PPTP connections, and a range of encryption-key lengths. They vary widely on cost, efficacy, ease of use and the speed of their connections, however.

There is some good discussion of a few at BlackHatWorld.

I can tell you from experience that if you're testing any of these, run them in Sandboxie or a VM on your hard drive (Sun VirtualBox caused the fewest problems for me on 64-bit Win7). Their uninstall routines don't clear everything out of the registry or networking setups; neither does Revo Uninstaller Pro.

Adding and deleting several VPN apps, each of which creates virtual network ports leaves enough mostly non-functional ports behind to confuse Windows 7 beyond its ability to cope. I didn't end up with a catastrophic mess, but did spend a week cleaning out a lot of relatively small but annoying messes, many of which kept Windows from recognizing many of its own files, or running the routines designed to fix them.

If you use corporate VPNs, aren't worried about encrypting your traffic in a coffee shop, but still want to watch the Sweet 16 without raising a red flag on the NetOps consoles, free or low-cost proxies might be the way to go. They also allow for actual anonymous surfing, rather than the browser-based version, which just means your laptop doesn't know what you've been looking at online, even if the whole Internet does.

If you or a significant number of your end users also bring-their-own tablets or phones and use them to get inside the firewall in a significant way (not just viewing email through a web interface), the problem may be even more complex because of the variety of devices and, often, incompatibility of the operating systems with corporate VPN or other security software.

So what's the story? How worried are you about your own wireless networking and what do you do about it? How does it differ from what you want your end users to do?

Kevin Fogarty writes about enterprise IT for ITworld. Follow him on Twitter @KevinFogarty.

What’s wrong? The new clean desk test
Join the discussion
Be the first to comment on this article. Our Commenting Policies