Helping people with computers... one answer at a time.

Wireless encryption is important, but it's not as far-reaching as some might believe. We'll look at how far, and what additional steps you might need.

I use a wireless internet connection (secured WPA-personal) and no one other than me knows the password for it. Can anybody/ISP see what I am doing on the internet? I use Skype and Yahoo Messenger to talk to my family overseas. Can others hear and see what I do on the Skype & Yahoo video? If the answer is yes, can you please tell me how can I secure it?

There are a couple of important potential misunderstandings of just how wireless security works, how far it works, and what you can do - if anything - beyond the reach of that security.

Let's look at exactly what kind of security wireless connections give you.

First, let's look at a very simple example of connecting to a service over your wireless connection:

A typical wireless connection to a remote site

This is a simple and common scenario: your laptop is connected via WiFi to a wireless access point, which is in turn connected to (or part of) your broadband router. That router is then connected to your ISP over your broadband connection. Your ISP is connected to the internet, and at the far end the internet is connected to whatever service or web site you happen to be using.

Without any additional security like WPA or https or a VPN, the entire conversation that happens over that wire is "in the clear", meaning that anyone who can connect to any of the points along the way can listen in to your conversation.

"... wireless security only secures the wireless portion of the connection."

This is particularly important for wireless connections because anyone within range - usually around 300 feet - can in fact connect to and listen in.

Wireless Security

That ease with which people can listen in to the wireless conversation is why security people so often and so strongly recommend that wireless connections be secured with encryption, and specifically WPA.

But what does that add to the picture?

I'll put it this way: wireless security only secures the wireless portion of the connection.

A typical wireless connection to a remote site, with WPA on the WiFi

Wireless security only encrypts the data traveling between your laptop and the wireless access point. The access point then decrypts it, and sends it on its way. The rest of the connection to the remote site is unaffected by wireless security.

Now, you might be asking "what's the point, then?" The point is simple: the wireless connection is by far the most vulnerable. Anyone within range can listen in. To gain access to the rest of the connection that someone else must actually gain physical access to the connection somehow - while not impossible, is a much more difficult task. Even by securing only the wireless portion of the conversation, you've eliminated perhaps the single riskiest part of the entire scenario.

But, yes, to continue your question: everything past that point is still visible to your ISP and anyone who cares to listen in along the way. For that we need more.

HTTPS and SSL

SSL, (or more properly in many situations "TLS" for Transport Layer Security) is technology that encrypts the entire connection end-to-end. It's the ideal solution for sensitive data, and is what banks and other services use when you connect via "https".

A typical wireless connection to a remote site using SSL

In this case, regardless of your wireless security - or any other security along the way - the entire conversation between your laptop and the remote site is encrypted; no one in between can listen in.

But there's a catch: the remote site needs to support it, and not all do.

To use your example: does Skype use it? I don't know, but I'd expect not. Does your instant messaging program use it? I'd bet not. And if they don't there's no way to force them to. You can only encrypt the entire connection if the remote service supports encryption. There's just no way around that.

The only way to be sure is to check with that service and find out what your options are. A great example is email - more and more email providers are now making secure connections available. Whereas in the past, the email you downloaded was "in the clear" and visible to anyone listening in; using a secure connection prevents that by using encryption.

VPNs - a partial solution

You can use a VPN, or Virtual Private Network, to encrypt part of the conversation. You can encrypt more than you would with wireless, but it still won't be end to end.

At the consumer level a VPN for this purpose would be something like http://www.hotspotvpn.com/ (not a recommendation, per se, just an example of this class of service).

HotSpotVPN provides a server on the internet to which you connect to securely.

Connecting to a remote site using a VPN

As you can see, everything that travels between your laptop and the VPN service is encrypted. No one else on your network can listen in, and neither can your ISP.

However...

  • Once past the VPN service, the information is no longer encrypted.

  • The VPN service itself must be trustworthy, since they're decrypting the data before sending it on.

Remember, there's no way to get end-to-end encryption without the support of both ends. A VPN gets you further - bypassing your ISP for example - but ultimately, if what you're connecting to does not support encryption itself, even a VPN cannot help secure that last leg of the connection.

Article C3786 - June 24, 2009 « »

Share this article with your friends:

Share this article on Facebook Tweet this article Email a link to this article
Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

2 Comments
Ben D.
July 16, 2009 9:30 AM

"does Skype use it? I don't know, but I'd expect not"

Actually Skype has been encrypting everything for years, if not from the very beginning:

http://www.skype.com/security/security/

The independent security evaluation linked-to on the page above is an interesting read.

Derek
December 4, 2009 6:58 AM

This is a nice article. Another solution is SSH. Setup a linux box with SSH enabled on it. Leave it on at your home connected to your internet. Take your windows laptop or home computer, get putty on it, download xming for xforwarding and ssh into the linux box and wa lah, everything end to end is encrypted under SSH protocol. Is it slow? A little bit but not to frustrating for internet use.

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to http://askleo.com/ask to ask your question.