[Professor Frink]

The boss is going to a conference for several days where there will be a wireless network available to use with his laptop. (I'm not sure if it's an "open" network or one that requires a special login)

But he is paranoid about security -- he's afraid that someone will be able to read his e-mails. Let's assume it's one of those open/public wireless networks -- how unsecure are they by default?

And what should I do to make things more secure for him? The company we work for doesn't have any kind of VPN setup. But would we be able to do our own? I'm a little confused when it comes to VPNs -- is it hardware or software based?

And how does a WIFI connection's security/safety compare to a Blackberry, which he is comfortable with?

[rolfenstein]

I think as long as your boss has no open shares on his notebook and a firewall set up he will be pretty safe. But i don't know how easy it is to access resources in a wireless LAN.

Well if someone is sniffing the whole traffic on the wireless network and no encryption is used to secure the data exchange, the data could be caught and analyzed. But same things could happen in a regular LAN as well...

I think VPN is primarily used to create a secured 'tunnel' for dial-up connections. For example my company uses VPN on its notebook to secure the connection between them and our Terminal servers. If I'm not wrong the VPN is software-based.

[prathapml]

WeP on Wi-Fi networks will make it harder for snooping on data packets - but I'm not sure it can be done without upgrading Access-Points/Access-Cards.

[Shotgun]

There is a better security WLAN protocol than WEP, I don't know if it is WPA, but its suppose to change the encryption key on every packet. That way not even someone with linux and Airsnort can crack/decode your encrypted packets.

When on the road, almost all "open" access points are left unencrypted and with default logins/ssids, so its almost a sure bet the WLAN is unprotected as well. The best security measure your boss can take is to have a firewall and an updated antivirus on his laptop before connecting to an unknown WLAN. WLANs that offer VPN connections, you must have some pre-defined user/login to access beforehand.

[10forcash]

Dependent upon your mail server, configure his laptop to use SSL for send / receive on email, plus disable any shares (ie. 'simple' file sharing) on his laptop, simple, no VPN, WPA or any other on - site configuration to worry about,
Cheers,
10forcash

[lvlolvlo]

he'll be fine..just tell him to use the web mail interface as opposed to outlook or such where the default config is to transmit pswd via simple text.

if you really want to be safe just have your firewall block file/resource sharing and connect to your work site via vpn and make sure you use your works gateway to access the net.