A good firewall program will prevent unwanted inbound connections to her machine, and possibly restrict outbound access if so desired. All the other standard adages apply as well, AV, automatic updates, secure password, etc, etc.
The key issue here is that the communications are mostly sent unencrypted across public airwaves. This needs to be dealt with differently than accessing the same information on the wired internet. We all now how easy it is to run airsnort and read ppl's email while they are at Panera, but such a task becomes much more difficult when that same person is connected via a cable. The attacker would have to have control of part of the physical link. Moving on, key issues to be concerned about are email access, bank/financial institution access, and access to service providers (paying AEP online, or your cell phone bill, etc). Here's my suggestions to make those comms a little more secure (well, maybe a lot more). 1) Always choose the "log in securely" option. Make sure that the "little lock at the bottom" is displayed BEFORE entering a username and password. 2) If connecting to her place of employment, use a VPN as others have suggested. Whatever VPN technology the place of employment is using should be fine. 3) If email is access via pop3, find out if the provider offers connections via secure pop3. 4) When one is not logged in to a HTTPS/SSL enabled endpoint, take the mentality that everyone in the room will be reading that same information that you're looking at, and if you're not okay with that, don't access it. I'm sure there are more but it's lunch time and all this panera talk is distracting me. Nathan Grandbois, CISSP Cerdant, Inc. -----Original Message----- From: Agent Zr0 [mailto:[EMAIL PROTECTED] Sent: Tuesday, April 18, 2006 10:09 PM To: [email protected] Subject: Internet security on "hotspots" I have a friend who is interested in better securing her laptop while she's out surfing the net at coffeehouses and what not. I'm thinking of telling her to just get herself a REALLY good firewall program (I use zonealarm pro myself), but I was wondering if anyone here had any other ideals or thoughts that I could pass onto her other than that. Agent Zer0 [EMAIL PROTECTED] --------------------------------------------------------------------------- --------------------------------------------------------------------------- --------------------------------------------------------------------------- ---------------------------------------------------------------------------
