Q: What is the best approach to securing public access Wi-Fi? And what is needed to accomplish this? – D.J., ChicagoThe Wizards have pondered your question and reply: T.K. “Ranga” Rengarajan, Pronto NetworksUse HTTPS/SSL for initial communication at a hot spot (e.g., for authentication, entering credit card information, etc.) Practically all hot spot solutions have this capability built-in. After that, use a VPN between the client and the secured site, such as a corporate LAN. Microsoft Windows 2000 and XP come with a built-in VPN client, thus a user has all he/she needs for secure connectivity to e-mail and other sensitive information on a corporate LAN. Granted, regular HTTP traffic is not encrypted, but most users are less concerned about others sniffing this type of traffic as this information is generally not confidential. Dan Simone, Trapeze NetworksIf your employees will be using Wi-Fi in public access locations, make sure the client devices are configured to support personal firewalls and that users are trained to launch a VPN to access corporate resources. Also, make sure your employees’ laptops are configured with automatically updated virus protection software. To provide your own guest access securely, make sure the WLAN you select supports your own employees on their typical private groups but enables support for a new “guest” group, on an encrypted SSID, that gains access to the network that is outside your corporate firewall.Marcel Wiget, Chantry NetworksToday, most public access Wi-Fi hot spots are using secure captive portals to authenticate users. There are multiple potential problems with this solution: no wireless encryption is used and hence unencrypted user traffic can be captured and analyzed by anyone close by. Even worse, a potential hacker can learn the MAC and IP address from a validated wireless user and take over his session by modifying his own client card with the stolen information and get a “free ride.”The obvious solution is to use wireless per session encryption as provided by WPA (802.1x with TKIP). Unfortunately, this requires up-to-date drivers and software on the client side, which most likely customers won’t necessarily have immediately. The good news is that more wireless solutions offer multi-SSID support, allowing the advanced user to select the security access that best suits their requirement and hardware capabilities.So for legacy clients, the standard captive portal secured access without encryption is provide on one SSID and 802.1x with PEAP and TTLS support on another SSID (allowing username and password authentication). 802.1x with either dynamic WEP or TKIP will guarantee privacy by session and packet based dynamic encryption. Related content how-to Doing tricks on the Linux command line Linux tricks can make even the more complicated Linux commands easier, more fun and more rewarding. By Sandra Henry-Stocker Dec 08, 2023 5 mins Linux news TSMC bets on AI chips for revival of growth in semiconductor demand Executives at the chip manufacturer are still optimistic about the revenue potential of AI, as Nvidia and its partners say new GPUs have a lead time of up to 52 weeks. By Sam Reynolds Dec 08, 2023 3 mins CPUs and Processors Technology Industry news End of road for VMware’s end-user computing and security units: Broadcom Broadcom is refocusing VMWare on creating private and hybrid cloud environments for large enterprises and divesting its non-core assets. By Sam Reynolds Dec 08, 2023 3 mins Mergers and Acquisitions news analysis IBM cloud service aims to deliver secure, multicloud connectivity IBM Hybrid Cloud Mesh is a multicloud networking service that includes IT discovery, security, monitoring and traffic-engineering capabilities. By Michael Cooney Dec 07, 2023 3 mins Network Security Cloud Computing Networking Podcasts Videos Resources Events NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe