Help      |      Chebucto Home      |      News      |      Contact Us     

115. Safe wi-fi

By Andrew D. Wright

Wireless access points are common these days and so are ways to break into them.

At this year's Black Hat conference in Las Vegas, a gathering of network security experts, presenter Robert Graham demonstrated how easy this could be when he broke into an audience member's internet mail account live while they were accessing it over hotel wi-fi.

Many people, perhaps even most people, running a wireless access point rely on the protection of WEP, Wireless Encryption Protocol, but this can be broken into within minutes by anyone capable of using an internet search engine to look up how.

If you have control over the wireless access point, use WPA or WPA2, Wi-fi Protected Access, with a strong passphrase (something mixing letters, numbers and punctuation marks greater than eight characters in length) to protect traffic over your network.

If you do not have control over the wireless access point then you must be careful what you do.

If you use some sort of webmail, make sure your login is sent over an encrypted connection, one with an https:// web address rather than the usual http:// web address. If your webmail supports it, all traffic sent between them and you should also be encrypted the same way. This may be an option you need to set in your webmail service's options.

Without all mail traffic being secure, someone can intercept the webmail session cookies, text files storing the session information, and have the same access to your mail as you do. They can even send out mail as you.

If you use a POP3 or IMAP mail program then make sure it is using either SSL or TLS encryption to securely access your mail, assuming your provider supports encryption. Without the protection of encryption, using POP3 or IMAP over an open connection is not safe.

You will have less choice with SMTP, the send mail server, which needs to be the send mail server of the wireless access point's internet service provider. Since you cannot necessarily trust what an unknown access point is telling you, best not to use SMTP at all to send mail over an open wireless link.

Older protocols like FTP and telnet are also to be avoided over open connections as passwords and usernames are sent in clear text.

One of the best ways to secure access over wireless is to use a Virtual Private Network or VPN, which encrypts all traffic. There are a number of different kinds of VPN, some requiring software to be run. Most Windows, Macintosh and Linux computers can use IPsec, which works on the network layer of the network protocol, beneath the transport layers used by TCP or the application layers used by name servers or web servers.

As a result, a VPN can be used to securely link up to a trusted computer over an insecure connection and safely route all network traffic through to it.

The new Chebucto Wireless service run by Chebucto Community Net uses this method to secure the wi-fi access for its members.


Chebucto Wireless project page:


The Mousepad runs every two weeks. It's a service of Chebucto Community Net, a community-owned Internet provider. If you have a question about computing, email or click here. If we use your question in a column, we'll send you a free mousepad.


The Mousepad Index


Originally published 26 August 2007


Our community is online here!


A feature of the Halifax Herald