Clagnut

Menu

Secure wifi

§ Wireless

During another Geekend in London, Andy brought up the question of how to make his home wifi network secure but open. The same question can be turned on its head – how to keep your computer secure while working on an open wifi network (such as in a wifi-enabled pub). Stuart had the answer – something about tunnelling packets through SSH – accompanied by the whooshing sound of overhead aircraft (at least in terms of how to actually accomplish that).

Well, it’s funny how these things work out. Upon catching up with my RSS feeds, there lay Doug’s post on Secure wireless email on OS X. If you’re in the habit of using open wifi networks you’ll want to read his post, and fast. Did you know your email usernames and passwords travel through the ether as plain text, there for the plucking? In an extremely generous step-by-step manner Doug explains how to prevent that occurrence by, um, tunnelling packets through SSH. The comments provide plenty of advice for Windows users too.

Before implementing Doug’s instructions, make sure you can’t already do things the easy way by using secure email. If you’re not sure, contact your ISP and ask if they can provide both secure POP and secure SMTP. For example .Mac mail has secure POP and SMTP available as standard, but if you followed the .Mac setup instructions you won’t have it enabled. All you need to do is tick the SSL boxes in your Mail.app account preferences.

If your host doesn’t and won’t provide you with secure email, you could try moving to the nice folks at TextDrive who are tricked out with such things. My current host, the always helpful digitalspace.net does not currently provide secure email, however at my prompting they are endeavouring to do so.

It’s worth noting that your FTP authentication details will also travel as plain text. If you can use SFTP instead your login and password (and files) will be encrypted as per using secure email. I found with my digitalspace.net hosting that I could simply select SFTP instead of FTP and it still just worked. Again contact your ISP about this.