Achieving secure unwired bliss

FRAMINGHAM (10/17/2003) - In my last column, I challenged readers to figure out how I securely communicated from the ether-sniffing environs of DefCon, the annual hacker convention in Las Vegas. Hundreds of solutions came flying my way. Some were fairly inane: "Morse code," said one reader. Others were highly creative: "You took a signal from the infrared port, linked it to your Palm and used a line-of-sight antenna."

I did not set out to defeat DefCon; my intent was much more utility-oriented than security-oriented. I wanted to be able to hit the 'Net from anywhere, anytime, for free. As a frequent traveler, it's a hassle finding access to e-mail. At airports, Wi-Fi (wireless fidelity) kiosks now are appearing at a daily access charge of US$5 to $10. But who intentionally sits at the same airport for 24 hours? Dial-up from a phone with a laptop is certainly a reasonable option, except it is slower than we all are used to nowadays, and depending on which service you use, it can be expensive.

In any event, here's what I did.

I have a Sprint PCS cell phone. Sprint offers cellular modems for umpteen dollars and however much they charge per minute for Internet access. However, many telephone companies offer free Web browsing, messaging and similar abbreviated services. I can check stocks, news and sports 24/7 if I want to, and it's all free - my monthly minutes are never touched.

It was preordained that some enterprising company would figure out how to turn a cell phone into a wireless modem - and a company called FutureDial (in which I hold no financial interest) did. Using FutureDial's SnapDialer and a $30 USB (universal serial bus) cable, you can convert your cell phone into a perfectly good cellular modem that connects to the Internet at a fixed speed of 230.4K bit/sec. For free.

The first time I used this simple setup, my wife was driving us back home from dropping off our freshman daughter at college. We drove the back roads of Florida for hours and I never lost a connection. My wife listened to her music and I got to crank out another article and answer overdue e-mail. This was a serious rush!

Remember the first time you got your 802.11 gear working? Sitting by the pool or barbecue pit, and you were free from those awful Category 5 cables. This was better than that. This was the panacea we all wanted: free Internet from anywhere, anytime - without wires!

Now it was time to get serious, though. What were the security implications? While sniffing and snorting 802 and LAN-based Ethernet and telco lines is pretty simple, scooping digital phone transmissions is a bit more of a task. No, it's not encrypted, but so what? I am really not worried about a guy trying to randomly intercept digital communications at Burger King while I answer e-mail and munch, but I am worried about who runs the independent and definitely insecure 802.11 access points and servers, and what he might be sniffing and saving.

What sort of security does Sprint offer? I went to Gibson Research's "test-my-security" site (www.grc.com), and they scanned 1,056 of my lower ports. Several ports were wide open - no security at all. Most of the ports, though, were closed. This means that if someone is port-scanning me, they will see my computer and know that the ports are active. This is not good enough for paranoids like me. Even on dial-up, the IP and port scanners will find you within an average of 30 minutes. I want to be invisible.

So I turned on my Norton firewall and reran the scan at www.grc.com. My entire computer was invisible to the Internet, as it should be. The super-critical ports such as 137, 139 and 445 were in full stealth mode. It's like having an invisible house on a nice street - the thieves don't even know you exist.

I am a really happy camper. I submitted this article to Network World from a high-speed train somewhere in the nether-reaches of the Carolinas. I had uninterrupted video streaming and consistent e-mail. The truly unwired experience is really that cool. Add a few doses of common-sense security, and you'll have the closest thing to bliss legally allowed when you're on the road.

Schwartau is president of Interpact, a security awareness consulting firm, and author of several books, including Pearl Harbor Dot Com. He can be reached at winn@thesecurityawarenesscompany.com.

Join the newsletter!

Error: Please check your email address.

More about Burger KingGibson ResearchInterpactSECSprintSprint PCS

Show Comments
[]