Using a Virtual Private Network (VPN)

Note

Under Windows XP, you can only change the permissions on files and folders to make them private if the NTSF file system is being used. The NTSF file system is superior to the alternatives, FAT and FAT32 (which are used in Windows 9x/Me and optional in Windows XP), anyhow, so there is little reason not to be running it. If you can't make folders private, your computer is probably not running NTSF. For information about how to convert to NTSF, open Windows Help and Support, and search for NTSF.

You should also know that the details of the process for setting sharing will differ from what I described if you are in a network with a domain controller, rather than in a workgroup network. For details of resetting permission in a network with a domain controller, see "Sharing and Security" in Windows Help.

You've logged on to a public hotspot at some great location. This time, let's say that you're connected poolside at some great hotel in a warm location. You can hear the gentle ocean surf not far away, and smell the finger food at the open-air bar. So far, all is well and good.

When you connected to the Wi-Fi hotspot provider, say T-Mobile Hotspot or Wayport, you were probably authenticated. This means that you had to provide a login identification and a passwordin part so that the Wi-Fi provider would know who to bill for your time online.

But beyond this authentication, there is no security at a public Wi-Fi hotspot.

If the Wi-Fi service is free and/or put together as a one-off by the establishment you are visiting, there might not even be this level of authentication.

Furthermore, your Wi-Fi transmissions are probably not encrypted. Wireless networks are inherently less secure than wire line networks because anyone can pick up the signals. Without encryption, tapping into your Wi-Fi packets as they are transmitted is like reading plain text. It is not very hard to do from a technical viewpoint.

I don't want you to get the impression that the world is full of people who live to lurk and to pick up your Wi-Fi transmissions. And, after all, every time you hand a credit card to a server at a restaurant there is a security risknot unlike the security risk with open Wi-Fi.

But you should regard a public Wi-Fi hotspot as fundamentally insecure. If you need to work remotelyas I sometimes do on consulting projectswith information on your home (or, more likely, office) network, this can be problematic.

TIP

For an explanation of authentication and encryption, see Chapter 15, "Advanced Access Point Configuration."

One solution that can be used to at least make a connection more secure from a public hotspot to your home network is to set up a Virtual Private Network (VPN) by installing a remote access server on your home network. VPNs use a dedicated server to "tunnel" through the Internet and provide a way to communicate securely with your home network, as shown in Figure 17.3.

This means that using a VPN is a very helpful way to add security to a Wi-Fi connection. After you've logged in to the VPN, you can use the resources of your home network without feeling that security is compromised.

Note

As specific examples of security risks that might concern you, this means that someone with the know-how and right equipment could easily sniff passwords that you provide to Web servers, read your unencrypted email, note which websites you visit, and track your online banking and credit card transactions.

There are a great many vendors of VPN server products, which are mostly geared at the enterprise. For a good source of information about VPNs, and to find the companies that are involved in making the server software, you might want to have a look at the website for the Virtual Private Network Consortium, better known as VPNC, http://www.vpnc.org. The VPNC is the trade association for companies that make VPNs.

It's good news that the client software for use with a VPN is baked in to the Windows XP operating system.

To make a connection to a VPN from Windows XP, open the Network Connections applet by double-clicking Network Connections in Control Panel. In Network Connections, click Create a New Connection. (You can find this on the left under Network Tasks.) When the New Connection Wizard opens, click Next.

Choose Connect to the Network at My Workplace, as shown in Figure 17.4, and click Next.

Choose Virtual Private Network Connection as shown in Figure 17.5, and click Next.

You will be asked to provide a name for the VPN, such as myVPN, and the host name, such as bearhome.com, or the IP address of the VPN server.

Click Finish to close the wizard. The VPN will now appear in your Network Connections window, as you can see in Figure 17.6.

Figure 17.6. The new VPN is shown in the Network Connections window.

When you attempt to connect to the VPN, you will be prompted for your VPN username and password so that the VPN remote access server can authenticate you, as shown in Figure 17.7.