Lab Notes

It turns out that if you don't enable security, your network will be insecure. OK, sarcasm aside, it's not unreasonable to expect at least a little bit of privacy when connecting to a public Wi-Fi hotspot. You're on somebody else's network, and you need to take responsibility for your own security.

When connecting to a public hotspot, a VPN or some other kind of end-to-end encryption is a must. Even with Wi-Fi security enabled, your data is only protected as far as the wireless access point to which you are connected. When you are in your corporate office, connecting to your own network's access points, this is plenty. The problem with a public hotspot is that the network operator controls the access point, so once your data enters the wired network, it is vulnerable. In this case, your data need to be protected all the way from your laptop back to your corporate servers.

Here at Corriente, our own remote access methods are simple. Rather than rely on an IPSEC VPN and all its inherent headaches, we use application-layer encryption. For instance, all remote email access is SSL secured, using the SSL support built into the email client. Any service we use that doesn't natively support an encrypted layer (like our source code control system) is tunneled through SSH. All this keeps the bad guys at bay while still allowing us to get some work done while on the road.