How safe are free wifi?

[computernewb]

hi. is it safe to connect to a free wifi at starbucks? what are some things i should be aware of? can people hack into my computer?

thanks!

 

[eibgrad]

Because it's open wifi, it means it is possible for others to eavesdrop on your communications. It's no different than your wireless network at home should you leave wireless security disabled or use the weak WEP security protocol.

Minimally, you should define the open wifi location as a “public” network so Windows will use the strongest personal firewall settings. While that protects the machine itself (e.g., others can’t see or access your shared folders or files), it doesn’t protect the communications from and to your computer.

As long as your communications use secured protocols, it's reasonably safe. For example, any time you're using https://, all your data is encrypted between you and that website. In contrast, http:// is not secured. Other protocols for ftp, telnet, etc., likewise have their secured cousins (e.g., sftp, ssh).

Admittedly it’s a bit awkward to manage individual websites/protocols in this fashion, or monitor changes from http to https and back within the same website. You spend more time worrying about what is and isn’t safe than just getting your work done.

The best thing you can do is connect to a VPN server, preferably your own back home, so that ALL your communications are encrypted in the area of greatest vulnerability; the open wifi location itself. Then you don’t have to worry about what is and isn’t safe to do. EVERYTHING is encrypted, from soup to nuts.

 

[computernewb]

hi thanks. If i create a VPN at home, does my computer at home need to be on for me to access it?

also im reading there are 2 types of VPN. ingoing and outgoing. which one should i do?

 

[eibgrad]

You need a VPN server at home to connect to, and a VPN client on your laptop/tablet from which you can connect to that VPN server. When you connect to that VPN server, all your traffic from the VPN client will be sent to the home router and redirected back out to the internet (of course, you’ll also have access to your home network as a local user too!).

You don’t to necessarily need run a desktop at home for the VPN server. There are routers that support their own VPN servers. I use a dd-wrt (third party firmware) router running a PPTP VPN server. Of course, there are commercial routers w/ these featurse built-in, but you won’t find it on the very inexpensive models. You need to step up a bit for that feature.

What I would recommend is starting w/ a desktop/laptop at home and configuring a Microsoft PPTP VPN server. It’s pretty easy and there are plenty of guides on the ‘net to help you set it up. Then you port forward your router to allow access to it from the internet. Finally, you use the built-in VPN client of Windows to access it (again, pretty easy to set up w/ similar guides available on the ‘net). If you have an iOS (Apple) device, such as an iPhone or iPad, it’s even easier; it already has a PPTP VPN client and you just need to specify the IP address of your VPN server and credentials.

Once you get it working, and get a little experience with it, you can then decide if you’d rather move the VPN server to your router. But in the meantime, you have something with which you can gain some experience and immediate protection.

P.S. You could also configure your home desktop for WOL (Wake On LAN) so that even if you used the desktop as your VPN server, it wouldn’t be running all the time. You’d let it sleep and only wake it when necessary. Once it was back up and running, it would establish the VPN server again and you could connect to it. Eventually when the system was inactive again, it would go back to sleep (or you could force it to sleep). So there are ways to mitigate the fact you’re using a desktop.

 

[computernewb]

should i accept ipv6 as well? its not highlighted

 

[eibgrad]

You don't typically need IPv6, IPv4 is sufficient.