What are risks of WLAN connections at internet cafes?

Discussion in 'Wireless Networking' started by Guest, Aug 10, 2005.

  1. Guest

    Guest Guest

    I recently bought my wife a laptop with WLAN built in and she would like to
    connect to the internet now and then at her favorite coffee shop, using the
    WLAN capability. But I have no wireless experience of any kind and I'm
    wondering if a WLAN internet connection from an internet cafe, introduces any
    risks/vulnerabilities not present with a home dial-up internet connection.
    If so, would someone be so kind as to explain what they are and what I
    can/should do on the laptop to address the risks.


    NOTE: Norton Anti Virus 2005 is installed on the laptop -- the virus list
    is kept up to date and Norton's Internet Worm Protection is on. I understand
    Norton's worm protection is also a firewall, so I turned off Windows Firewall
    because I read it's best to have only one firewall active.
    Guest, Aug 10, 2005
    1. Advertisements

  2. Guest

    Jack \(MVP\) Guest

    The risk from the Internet is No different from any other Internet connection, and thus
    you have the regular software protection On. http://www.ezlan.net/security.html

    The additional risk comes for the Wireless connection.

    In order to provide smooth easy service the Wireless connection of almost all public Hot
    spot is not secured. That means that other people who are within the Wireless range
    can intercept your Wireless data. So what ever you do on the Internet you have to be
    take into consideration that some one might be watching.

    Avoid using public Wireless for sensitive personal activities like On Line Banking etc.;
    in addition make sure that your hard drive is not set for data sharing so that your
    files would not share over the connection.

    Jack (MVP-Networking).
    Jack \(MVP\), Aug 10, 2005
    1. Advertisements

  3. Guest

    Guest Guest

    just set up ur wireless for the cafe and keep firewall on and nortons updated
    to set up wireless go into network wizard run wizard in control panel to
    cafe connection and it will be ok it should be safe as a volt
    Guest, Aug 10, 2005
  4. Guest

    Pavel A. Guest

    Perhaps the biggest risk here is that you can lose your dear wife.
    There is lot of dating sites on the 'net... Antivirus won't help.
    Pavel A., Aug 10, 2005
  5. Guest

    Guest Guest

    Thanks to one and all for your feedback -- it's very much appreciated! I
    don't think data sharing is on, but I'll double check just to make sure.
    Regarding that extra serious risk noted by Pavel A, I'll keep that in mind.
    So far, I'm fortunate in that she always wants me to join her on her visits
    to the internet cafe. ;-)
    Guest, Aug 11, 2005
  6. You might find the last section of my column on wireless security


    Barb Bowman
    MS Windows-MVP
    Expert Zone Columnist
    Barb Bowman MVP-Windows, Aug 11, 2005
  7. Guest

    Guest Guest

    Thanks, Barb -- I'll take a look at that today! By the way, I'm new to the
    Newsgroups and I'm wondering... what does the line "MS Windows-MVP" located
    below your name signify?
    Guest, Aug 11, 2005
  8. Barb Bowman MVP-Windows, Aug 11, 2005
  9. Guest

    Guest Guest

    Thanks, Barb! I checked out the link you just provided for the MVP status.
    It's an honor to have help from someone so highly thought of. I also checked
    out the link to the article in your previous reply and followed some of the
    links from that as well. It was *very* helpful. A few thoughts/questions
    from the info in those links.

    We currently have XP Home on both our desktop and laptop machines. As I
    understand it, we'd have to get at least one license for Windows Professional
    in order to use Remote Desktop to reduce our exposure. No feedback requested
    on that unless I'm mistaken.

    Since we're using Norton's Worm Protection (which I understand is also a
    firewall) I have Windows Firewall turned off. Am I correct in understanding
    it's best to only have one firewall turned on? If so, do you have a personal
    preference for using one over the other?

    If I understand the situation correctly, even if a person has a firewall
    turned on and has current antivirust software, any sensitive info such as
    User IDs, passwords, etc., that have to be entered to access an internet
    site, can be picked up/seen by anyone using the HotSpot. So, for example, if
    my wife is in a coffe shop that offers a free wireless internet connection,
    and she has to enter a logon id and a password to view her e-mail at work,
    her logon and password could be seen by anyone using the hotspot. (I haven't
    read enough of the info on the VPN links yet to know if that would be true if
    the employers web site is set up to use that, but I understand it would
    definitely be the case otherwise.) Am I on track there? And a related
    question -- would the only people who could see that info, be the people in
    the area who are using the "same" hotspot?

    Thanks again.
    Guest, Aug 11, 2005
  10. Remote Desktop - Yes, you need XP Pro as a host.
    Windows Firewall - I've run two firewalls at times. Opinions vary
    whether two is good or not. You could turn on the Windows Firewall
    while you are away from home and see how things work for you. I've
    tried and used a lot of different firewalls. I'm behind a SPI firewall
    on my router at home and use the Windows Firewall at the same time.
    I'm not paritcularly fond of either Norton or McAfee. I've used Tiny
    and have a license for Sygate as well.

    Your final question is a tough one in that sophisticated hackers can
    pull info almost out of thin air. The tools get better every day. VPN
    or RDP is best. https access to webmail will give you reasonable
    protection and I would not recommend using webmail that is not SSL
    enabled at a public hotspot.

    If you sign up for a day's access at a hotspot and need to setup a
    username/password, setup a combo you have not used anywhere else and
    only use it for the hotspot.

    When you sign up for a hotspot, if you can use a single use credit
    card (Discover does this) that is a good thing.


    Barb Bowman
    MS Windows-MVP
    Expert Zone Columnist
    Barb Bowman MVP-Windows, Aug 11, 2005
  11. Note there have been reports of NAV 2005 worm protection killing Remote
    Desktop connections. Something to consider...

    Personally I run Remote Desktop through a SSH2 tunnel, to my home LAN, and
    use a 2048-bit RSA private/public key pair for authentication versus a



    Al Jarvi (MS-MVP Windows Networking)

    Please post *ALL* questions and replies to the news group for the mutual
    benefit of all of us...
    The MS-MVP Program - http://mvp.support.microsoft.com
    This posting is provided "AS IS" with no warranties, and confers no
    Sooner Al [MVP], Aug 11, 2005
  12. Guest

    Guest Guest

    Everyone has been very helpful -- I'm sorry to be such a pain in the
    posterior, but I'm not clear as to whether any of the things discussed
    (Remote Desktop, VPN, RDP, or SSL) are designed to encrypt or hide info sent
    from the laptop to the hotspot's wireless system. (In our current scenario,
    the hotspot/wireless provider is Panera.) If I understand the big picture
    correctly, at Panera, the first link in the communication chain between our
    laptop and the rest of the world, will be the link between our laptop and
    Panera's wireless system. If that's the case, if "feels" to me like anyone
    within range of panera's wireless system could see any info sent from our
    laptop to the system -- even if some of the safegaurds noted above are being
    used. My concern is that they would be able to see logons and passwords we
    have to enter (and pass to Panera's wireless system), in order to access
    internet sites where we're already registered? Is that a legitimate concern
    or am I missing something?

    I also have a related question that I'm hesitant to ask because I'm
    "already" asking so "many" things -- but I'll go for broke. Here it is.
    Even though we don't have a wireless network at home, if we're using the
    laptop at home "and" have it's WLAN enabled, can hackers see what we're doing
    and/or gain access to the OS or to our files?
    Guest, Aug 11, 2005
  13. While you are using Panera or any hotspot provider, if you are not
    using SSL you have risk. If you are using RDP/VPN etc. you are not.
    Outlook Express, Eudora, and other mail clients have settings for SSL
    access as well so if you are in a public venue, you can prevent your
    email from being sent in the clear. If you logon to websites with SSL,
    you are ok. Otherwise don't logon.

    At home, you need to be using at least WPA. Personally, I use WPA2 and
    SSL at home (I use Eudora for email). If you use WPA at home and a
    router and a firewall, you will be oki.


    Barb Bowman
    MS Windows-MVP
    Expert Zone Columnist
    Barb Bowman MVP-Windows, Aug 12, 2005
  14. Guest

    Guest Guest

    Thanks, Barb. I'll study up on RDP and VPN. At this point, I don't think
    either of these are employed when my wife is connecting to her e-mail at
    work. But it is my understanding that the work site she accesses for e-mail
    is using SSL. I also understand one way to tell a web site is using SSL, is
    that the URL for the site will start with https.

    So as I understand the whole security issue at this point...
    1) When my wife enters her logon and password to access her employer's web
    site, that info will be encrypted or hidden in some way from other people
    using Panera's wireless system, because her employer's web site is using SSL
    -- and that this is true even without RDP or VPN being used.
    2) Even though we do NOT have a wireless LAN set up at home, IF the WLAN is
    enabled/activated on the laptop while it's in use at home, then
    snoopers/hackers in the neighborhood would be able to "see" the laptop, and
    potentially access it in some way.
    Guest, Aug 12, 2005
  15. no - unless there is an unprotected ad hoc network setup on your
    laptop, the existence of wireless is not enough to let outsiders
    connect. i thought you had a wireless router at home.


    Barb Bowman
    MS Windows-MVP
    Expert Zone Columnist
    Barb Bowman MVP-Windows, Aug 12, 2005
  16. Guest

    Guest Guest

    I thought you might be under that impression, but wasn't sure. Thanks for
    clarifying. -- it's good to know that since we don't actually have a WLAN at
    home that we don't have to worry if someone accidentally activates the WLAN
    "ability" of the laptop.

    Thanks again to EVERYONE for the help. It looks like there have been a few
    MVP sharing their knowledge.
    Guest, Aug 13, 2005
  17. Guest

    Pavel A. Guest

    Sure enough. As long as the WLAN adapter is enabled, the
    laptop *is* vulnerable (just because the last security hole of WinXP is yet to
    be patched).

    So turn the wireless OFF when not in use. No techno-babble, pretty obvious.

    Pavel A., Aug 13, 2005
  18. Guest

    Scott Guest


    I'm wondering if your wife's laptop has Norton Anti-Virus 2005 alone or
    the Norton Internet Security 2005 suite (which includes Norton AV)?

    I ask this because my wife just got a new Gateway notebook with Norton
    Internet Security 2005, and the bootup took several minutes...way too
    long. After uninstalling Norton, bootup time was reduced to an acceptable
    30-seconds. I then installed a stand alone version of Norton AV (slightly
    earlier version), and now all is well.

    Scott, Aug 13, 2005
  19. Guest

    Guest Guest

    Hi, Scott !

    Norton Internet Security 2005 "was" installed on my wife's laptop when I
    bought it for her, but like you, I uninstalled it and installed a stand-alone
    version of NAV 2005. I did that for a few reasons.

    1. The Norton software that came with the laptop was just a three month
    trial version -- after that, we'd have to buy it. But we don't expect the
    laptop to see very much internet time -- for the most part, we'll access the
    internet from our desktop machine, so I didn't feel it made sense to have it
    on the laptop.
    2. I feel like there's a lot of bloat-ware and overhead in some of the
    3. We have two friends who have their own businesses. Both of them went
    with Norton Internet Security 2005 because they felt it would give them
    better protection than the combination of just NAV 2005 and either Windows
    Firewall or NAV's Worm protection. But both have them have been nailed a
    couple of times -- and pretty bad. In fact, Norton Internet Security quit
    working, and they couldn't even uninstall and reinstall it -- not even with
    extensive help from Norton. Norton finally told them the only thing they
    could suggest was to buy a "new" copy of Norton Internet Security to see if
    they could get "that" to install. The last time I talked to one of them, he
    was waiting for someone to come out from a business that trouble shoots that
    sort of thing (at $50 to $60 and hour). So I just don't have that much
    confidence that it's really any better than current anti virus software and
    the Windows firewall.
    Guest, Aug 13, 2005
  20. Guest

    secureeng Guest

    If you are not using sharing then you are in pretty good shape, if
    however you do have folder sharing enabled then you REALLY need to go in
    and setup the security features. Use serious passwords, disable the
    Guest account. Even if you have not explicitly setup shares on your
    machine, if the feature is enabled then you are at risk. There are a
    number of shares that are created when you enable the service.

    Hope this sheds some light,
    secureeng, Aug 24, 2005
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.