|
My
Publications -
Tutorials
Wi-Fi
Hotspot Security: Using VPNs
By
Eric Geier
-
Originally Published by Wi-Fi
Planet on November 29, 2007 -
As discussed
in earlier tutorials, there are numerous security issues regarding the
use of public wireless networks — all of which can be overcome. One
of the solutions for users, as brought up in Wi-Fi
Hotspot Security: Solutions for Users, is to use Virtual Private
Networks (VPNs) to secure the real-time traffic of Wi-Fi hotspot
users. This tutorial expands on the options you (the hotspot user)
have regarding using VPNs.
Use Company
Provided VPN
Many
businesses provide their employees with VPN access. Although this
access is typically put in place for employees to have remote access
to the corporate network in order to access files and documents while
away from the office, it may also be used to encrypt your
communications while on an un-trusted network such as a Wi-Fi hotspot.
Check with a
network administrator at your company for more information on using
their VPN service. Specifically inquiry about polices for usage while
on public wireless networks and public workstations.
Create your
Own VPN Server
If you don’t
have access to any VPN servers, create your own. Being able to
remotely access files and documents from PCs where your VPN server is
located is one of the advantages over using hosted VPN services. You
can also access other devices on your network, such as Wi-Fi video
cams to keep an eye on things while away.
First you need
to figure out what VPN server you want to setup and use. Purchasing a
special router with a built-in VPN server or setting up a server with
Windows XP Professional are two common approaches.
When using the
software-based VPN server features in Windows XP Pro, the PC running
the server has to be powered-on for you to access your home network
from a Wi-Fi hotspot. However, this isn’t the case if you use a
hardware VPN server. VPN routers run as low as $70 to $130, with
popular models including the Linksys WRV200
and WRV54G.
There are also
other tools, such as the freeware or paid version of iPIG,
that allow you to setup a software-based VPN server fairly quickly.
Using
Windows XP VPN Server
To setup the
VPN server on Windows XP Professional use the Create a New Connection
wizard:
-
Open your Control
Panel.
-
Open the Network
and Internet Connections category. (If in Classic view, click
Network Connections.)
-
Click the Network
Connections icon. (If in Classic view, skip to step 4.)
-
Click Create
a New Connection, under the Network Tasks area on the left.
-
When
running the wizard keep in mind that you want to setup an advanced
connection that accepts incoming connections and allows virtual
private connections.
If the PC
running the Windows XP VPN server is behind a router - for example if
it’s connected to a wireless or wired network rather than directly
to your cable or DSL broadband modem — you will need to configure
some settings. You need to forward data received from the Internet on
the standard VPN ports (1723 for PPTP and 500, 50-51 for IPSec), to
the IP address of the PC running the Windows XP VPN server. You should
also ensure that VPN pass-through feature is enabled on your router,
which is typically accessible from your router's web-based
administration screen. Make sure any software firewall you’re
running on the PC in question allows the incoming traffic as well.
Working
with Dynamic IP Addresses
When you
connect to a VPN server, such as a hardware or software one at home,
you’ll need to know the Internet IP address where the server is
running, which causes a small problem for those using dynamic, or
frequently changing, IP addresses. Therefore, you should probably
setup Dynamic Domain Name System (DDNS) which allows you to access
your network (or VPN server) over the Internet using domain names
instead of IP addresses.
You just sign
up with a service to create a domain name (such as yourname.homeip.net)
and input some information into the web-based administration screen of
your router. Then you can begin to use your domain name, instead of
your Internet IP address, which the DDNS system always points to your
real IP address.
Check your
web-based administration screen of your router for the DDNS systems it
supports. Two commonly supported DDNS services which are offered free
of change based upon certain conditions are Dynamic
DNS and No-IP
Free DNS.
Use Hosted
VPN Services
If you aren’t
a do-it-yourself type when it comes to computing and networking, then
using hosted VPN services is likely the best bet to securing your
Wi-Fi hotspot connections. In addition, the performance of hosted VPN
services may be a bit better than using your own server setup at home.
These services
are also typically developed specifically for securing user
connections on un-trusted networks, rather than for remote access, so
the client configuration, if any, consists of inputting a username and
password. There’s not setup of VPN parameters over the heads of many
consumers.
Here are
several different hosted VPN services you can check into:
|
