Photos: How to secure your wireless laptop

This slide show assumes you have a working wireless laptop. For our purposes we'll use a Acer Travelmate 8200 laptop running Windows XP SP2. Over the next few slides we'll discuss how to:

• Meet network connections properties
  
• Remove past connections
  
• Make new connections on demand
  
• Turn off ad hoc networking
  
• Turn off file sharing
  
• Use corporate VPN
  
• Use free VPN services
  
• The value of SSL connections
  
• Use remote access services

To get started, double-click on your Wireless icon. When the screen displaying "Choose your wireless network" appears, look to the left-hand navigation. Click Changed Advanced Settings. This should take you to Wireless Connection Properties.

This dialog, with three tabs, is our starting point. Do not make changes on the General tab; leave these settings alone. Proceed instead to the Wireless Networks tab.

Windows keeps track of every network you've connected to. That's both good and bad. Bad in that if it's a generic network, like Linksys WS54GS, a bad guy could spoof that router name so you automatically connect to him and not the legitimate network. See How to secure your home wireless network for details on how to change your home network's SSID. Aside from this it's also a good idea to periodically clean out your wireless connections list--remove any listings that no longer make sense, such as public networks or hotels. Leave only your secured home network and any you use for work.

For those connections you use only occasionally, drill down and change the setting from automatic connection to on demand. That means when you take your home laptop into work, you should be prompted to connect rather than connect automatically. This is also true with a service like T-Mobile; you should be prompted to connect at a participating coffee shop or airpport. This is another layer of safeguarding against bogus routers. Go ahead and leave the automatic connection feature on for your secured home network and other networks you connect to all the time (work), but turn it off for *all* others. Thereafter, logging onto a network creates a few seconds of hassle, but the added security is worth it.

You should already have a firewall enabled, either the Windows XP one or some third-party firewall like ZoneAlarm, Symantec, or McAfee, so leave the top section alone. On this tab you'll want to make sure that Internet Connection Sharing is turned off. Turning it on allows for ad hoc connections through your laptop. In other words, someone would connect to your laptop, and you would be able to share files and folders with that other person. In general, not a good idea.

Now that your laptop is hardened with various security settings, let's take it out on the road. Whenever you connect to a public Wi-Fi network, or a non-secured private network, Windows automatically flags the network as insecure. That means it lacks encryption and everything you do online through that network might be read by someone else. Public networks have to be open, but home networks really should be secured with some form of encryption like WEP or WPA. For more on that, see How to secure your home wireless network.

After connecting to a legitimate free public Wi-Fi, you should be asked to accept various terms of use. Not seeing this does not always mean you have connected to a bogus network, but you should see terms, since even the free provider is responsible for the content on its network. And seeing this is also not a safeguard as bogus network providers can simply copy an existing terms and usage page. Not seeing it should be a warning, however.

Now that you've connected to a public network, you'll want to secure your connection. Virtual Private Networks (VPN) encrypt the data from your laptop to the Internet, end-to-end security. If you work for a company, you'll want to connect immediately to your Corporate VPN. This will ensure that all future activity from this hotspot is encrypted through your company's servers. Here we see a Nortel connection with the security banner provided by CNET.

Another alternative for those without a corporate VPN is a free VPN service like Anchorfree.com (you will have to put up with some advertising in your Internet browser). Our private VPN services include HotspotVPN at $8.88 per month and Steganos Secure Traveler for $29.95 per month or $169.95 per year. These services allow the average person to enjoy secure public Wi-Fi networks.

Stopping short of a full VPN service, you could use a public wireless network to connect to a Secure Socket Layer (SSL) site, like a bank (you can tell because of the https in the address bar and the tiny paddle lock in your browser window). While the connection would be secure, and your username and password would be encrypted, once you leave the SSL-enabled site, you will again be exposed. In general, good behavior online goes a long way toward staying safe. Avoid checking your bank accounts or other personal information while using a public Wi-Fi network. Save those transactions for when you're using your secured home or office network.

A better choice if your company doesn't provide its own VPN connection and you don't want to go the route of a private VPN is to take advantage of a remote access service. Check with your IT department first, but these require a host application be downloaded and run on your office PC. Then, from any remote PC, you can access the service's Web site and log into your PC via SSL connection. The advantage here, and unlike most VPN service, is you enjoy complete remote access to your desktop computer, all files and all programs, plus you can surf anywhere on the Internet, using your host desktop as the secured PC. LogMeIn.com offers a free service for connecting remotely, and there are other paid services available as well.