I have a great laptop and love using the wireless router I've set up
at home and the one at the office.  I've set up a basic encryption key
at both places -but when I travel how do I connect to what windows
says is a "non-secure" network without leaving myself wide open?  What
about hot spots?  (For example at the hotel - there's no key to enter
to access the wireless network.  Is everything I transmit subject to
being intercepted? )

blue_bna-ga:

Thanks for your question!

I am going to answer your question using a combination of my own
personal knowledge, as well as some references to general information
you can view online.

As you may have already heard from other sources, way too many people
buy wireless routers and adapters at their local big-box electronics
store, bring it home or to the office, plug it in, and never change
the configuration from the default, un-secured settings. This is
analogous to leaving the front door of your house unlocked and
standing wide open.

In your case, you have set up a basic WEP key to keep the casual
visitor out. This is analogous to locking your doors and windows.
Enough to keep out accidental intrusions and amateur hackers, but not
enough to keep out anyone who has both the desire and the skill to get
past the basic protection of a WEP key, in order to get into your
network. That said, in much the same way that the vast majority of
home-owners can feel safe enough by just locking their doors and
windows, the vast majority of PC and network owners can feel safe
using just a WEP key... there are many targets out there that are a
lot easier than your WEP key-protected system.

So, what happens when you want to take advantage of a public hotspot,
which does not use a WEP key? Well, to continue abusing the analogy,
think of a hotspot as a boarding house. If you were sharing a house
with a bunch of strangers, you most likely would want to have a lock
on your room door, to keep others from looking inside even if they can
freely roam throughout the rest of the house. The computer equivalent
of this lock on your room door would be a good software firewall
program. Now, Microsoft has included a basic firewall with Windows XP,
called the Internet Connection Firewall. In spite of the criticism
that they have received over the inadequate protection that the ICF
provides using its default settings, it is still better than not
having a firewall at all. If you have Windows XP, you can read more
about setting up the Internet Connection Firewall here:


Microsoft: Use the Internet Connection Firewall
http://www.microsoft.com/windowsxp/using/networking/learnmore/icf.mspx


You can also try a 'better' firewall by using third-party software. My
personal favorite is Zone Alarm, which has a free version available.
However, in their current release (version 5.x), there have been some
compatibility issues reported (especially with XP Home users). So, be
aware of this in case you run into problems after installing it; if
you find that your computer freezes or hangs, best to uninstall ZOne
Alarm and try another program.


Zone Alarm Free Version
http://www.zonelabs.com/store/content/catalog/products/sku_list_za.jsp

- when installing, read everything carefully as the installer will
want to install the trial version of Zone Alarm Pro (paid version)
instead of the basic Zone Alarm Free Version; while I would definitely
encourage you to consider buying the paid version should you find Zone
Alarm to your liking, I suggest you start with the free version first.


Other free firewalls include:

Sygate Personal Firewall
http://smb.sygate.com/products/spf_standard.htm

Agnitum Outpost Firewall
http://www.agnitum.com/download/outpost1.html

Kerio Personal Firewall 4
http://www.kerio.com/kpf_download.html


Regardless of which firewall you use, that is simply one layer of
protection that you should add. It's like having multiple locks and
chains on your house doors. So, additional layers you should add
include:

Pop-up Ad Blocker:

For blocking pop-up ads, there are several approaches. Some firewalls,
such as the paid version of Zone Alarm, include pop-up blocking. Some
web browsers also include pop-up blocking as an integrated feature. If
you are using Internet Explorer on a Windows machine, then the
simplest and easiest tool to block pop-ups with is the Google Toolbar:

http://toolbar.google.com/


Anti-virus Software:

If you do somehow get attacked, it will most likely be by a virus in
the form of a worm or trojan. The most readily protection for this is
to use a good anti-virus program, and to regularly update its virus
signature database. The usual programs that you will find in the
stores include products from Symantec (Norton Antivirus) and Network
Associates (McAfee Antivirus). If you are interested in a free
solution, then I suggest you check out:

AVG Free Version
http://www.grisoft.com/us/us_dwnl_free.php


Anti-spyware Applications:

Finally, one of the more annoying scourges of the Internet today is
spyware. To provide yourself with some protection against the more
common spyware, you should download and use the following:

Ad-Aware Free Version
http://www.lavasoft.de/software/adaware/

SpyBot Search & Destroy
http://www.safer-networking.org/index.php?page=mirrors

Spyware Blaster
http://www.javacoolsoftware.com/spywareblaster.html


The first two, Ad-aware and SpyBot Search & Destroy, will search your
system for any existing spyware and safely remove them (at least, the
known ones). The third, Spyware Blaster, will help guard against the
entry of any known spyware.


You also asked whether your data transmissions are freely
interceptable when you use a non-WEP-encrypted hotspot. Technically,
yes, they are. However, while tools to do this can be found online, it
is not as simple as, for example, picking up a telephone extension to
listen in on a conversation. If you are very concerned about this,
though, then you may want to consider subscribing to a VPN (virtual
private network) service that will allow you to encrypt your data no
matter whether you are using WEP or not for the wireless
transmissions. Normally, a VPN is set up by a company or organization
that can afford the necessary hardware and bandwidth to handle the
load. With a VPN, all traffic from all users must first go to the VPN
server (as encrypted traffic) before it then goes on to its final
destination. There are, however, some businesses that have been
offering VPN services as a subscription service for private
individuals such as yourself. These businesses include:

Boingo Wireless
http://www.boingo.com/whatisboingo.html

- "Personal VPN Service" embedded in their Boingo Wireless client software


HotSpotVPN
http://www.hotspotvpn.com/




For more information on wireless security, and the risks that you may
face (although I do advise taking it all with a grain of salt), pay a
visit to:

http://www.practicallynetworked.com/security/


I hope that this helps you!

aht-ga
Google Answers Researcher

Thanks for a well documented and very informative answer.

Hi blue_bna-ga,

   Just using the WEP/WPA is not sufficient to prevent snooping your data
over air. There are free tools available to make this a mere click and
run task. That said software firewalls help prevent someone from able to
gain access to your computer's data(eg. files on your computer made accessible
through a spyware that got installed when you opened an email attachment).
Antivirus software help avoid activation of the spyware/worms in the first
place.
   The only reasonable way to protect a wireless network is to use vpn
in addition to the available security(such as WEP/WPA). You could convert
an outdated PC to act as your firewall/vpn(pptp) server using m0n0wall
(m0n0.ch/wall/). In this case, all you need to do is to setup a vpn
connection(as simple as setting up a dialup on winxp clients) and activate
it whenever you need wireless access. I could provide you more details
on the setup if you require. Regarding wireless access from hotels, do 
not use unsecured access, since it could be easily sniffed. It is still 
safer, if you are accessing sites with https (SSL enabled). In this case 
make sure you enter your login information on a secure page and rest of 
the access remains secure(not redirected to unsecured page), until you logout.
If you are using a hotel provided vpn client(or vpn access information for
pptp), it will be safer, even if you do not have wep enabled on your wireless
client.  Hope this helps clarify your questions regarding wireless security.

Regards
ldavinci-ga

ldavinci-ga is only partly right. First off these is no real windows
based client to crack wep, and most would be attackers would be
wanting to use this, so this is an obstacle to attack. Secondly, the
vulnerabilities in wep (namely a problem called weak initialization
vectors) have been addressed in most recent wifi equipment, so your
standard point and click cracking software simply does not work the
same way it used to.

When I travel how do I connect to what windows says is a "non-secure"
network without leaving myself wide open?

What about hot spots?  (For example at the hotel - there's no key to
enter to access the wireless network.  Is everything I transmit
subject to being intercepted? )"

In short, yes.  You must assume things that are transmitted without a
secure connection are subject to being intercepted.

Public hotspots cannot reasonably give you a WEP key since the people
wanting to read your Internet traffic would also have access to the
same key.  So when you use a public hotspot, you will need to use a
bit of common sense:

1) Your login page should be secure.  To make sure, check if the
log-in page has https:// in the URL of the page you enter your
username and password or has a lock symbol on your web browser
indicating it's secure.

2) Like on a hard-wired network, you should only enter sensitive data
such as credit card numbers or other personal data when the access is
over a secure web page.

3) Be aware that all other web page traffic is not secure and can be
read using a network protocol analyzer.  Ethereal is an example of
software that is available for free and runs on Windows.

4) Be aware that all e-mail and most chat programs are also insecure. 
Consider using encrypting mail that requires security using a program
such as PGP or using secure web page access for your e-mail.  Consider
using a secure chat program when conversing sensitive matters.

5) Consider using a VPN router and a client at home, at your office
and while travelling.  The VPN router and client setup a secure tunnel
which allows you to connect over the air securely.  When travelling, a
VPN tunnel allows you to check your work e-mail or home e-mail. 
Depending on the VPN vendor, some protocols may not be carried through
the tunnel, but served locally.  This means that some data is visible
if the wireless connection were to be monitored.

6) Consider using WPA while at home or in the office.  WPA employs the
same encryption as WEP does, but it also changes the keys every few
minutes.  It is literally impossible currently to crack WPA.  Soon,
this standard will upgrade to WPA2 / 802.11i which uses the government
encryption standard AES instead of WEP.

7) While travelling, consider using a service provider that has 802.1x
security.  T-Mobile, the nation's premier Wi-Fi service provider
(Starbucks, Borders, Kinkos, Hyatt, and airport lounges American,
Delta, United, and USAir) has recently announced its plans to provide
security over the air using 802.1x.  See this article:
http://www.wi-fiplanet.com/news/article.php/3091051