Public Access WIFI Security

No. Some ISPs offers VPN into their server whenever you are at a wireless hot spot (and you can use it with wired as well, if you want). For example, see: "

". Most ISPs offer this only to their business customers, at extra cost, but a few of the better regional ISPs include it with every account.

There are some private companies offering VPN for a fee (typically around $40-75 per year), but Google now offers it for free, see "

". I guess the question is whether or not you trust Google (or trust your ISP or the private VPN services for that matter). Google offers it because they are rolling out their own free wireless across the country, but it works with any hot spot.

Would somebody mind explaining a bit about these services to me? I'm somewhat confused. It seems to me that if you are using, for example, IPig's company's servers, you are sending information between the two of you (between your computer and the IPig server) in an encrypted manner. But once it gets there, it is decrypted and sent on its way to its final destination. Hence, folks can still get your information because it travels a part of the way in an unencrypted manner. Are the Ipig servers clever enough to continue the encryption if the eventual destination is also running an IPig server?

Obviously, the first 1/2 of the data's journey is much more vulnerable when it travels over a wireless connection (wifi, 802.11g, etc.). So for that purpose, using the company's servers (or Google's) makes a lot of sense.

As for openVPN and, I would imagine, setting up an IPig server, one can establish their own VPN with a minimum of hassle, it seems. But I've got a funny situation and I'm wondering if I'm precluded from doing this. And that is that my wifi provider uses private IP addresses, not public ones. So, everybody from my wifi ISP appears to be coming from the IP address that shows up in the headers of this message. My router is set to a WAN address that begins with

192.168.x.x. (My LAN addresses are 192.168.y.x) If I have 3 computers here, would setting up an IPig server at another location that is permanently connected to the internet even work? It would seem I have to be sending information to the IPig server saying that my address is the public IP address and once it gets back to my ISP won't know who to send it to. Obviously, the routers automatically take care regular HTTP: type communication. But as I understand the IPig configuration file, my outbound communication includes my IP address.

So, I'm a bit confused.

Thanks

mike

Sure. In order to insure wireless security, you're introducing a middleman into the system. The typical wireless hot spot is not going to terminate your VPN for you. The administrative overhead for passwords and authentication is just too much. So, you hire a 3rd party to do it for you.

A VPN encrypted "tunnel" is established between your wireless laptop and the 3rd party VPN service. Everything that goes between your laptop and this 3rd party is encrypted inside the tunnel. Anyone sniffing the wireless traffic at the hot spot will see only encrypted packets.

The 3rd party VPN service provider the decrypts the traffic and shovels it to a proxy server (which regenerates the connections) and relays the traffic on its way to wherever your mail servers are located. This traffic is NOT encrypted and can be sniffed.

Note that this arrangement does NOT offer end to end encryption as is therefore still at risk from anyone sniffing the wired part of the connection. This constitutes a substantial improvement in security, but end to end encryption by the mail service provider would be much better.

[snip]

Right, but we are also reminded almost daily that many people tend not to think, especially when it comes to computers. ;-)