- Wireless Security
- (Plus version only)
- The Home Approach
- Almost any personal firewall uses a security approach divides all potentially accessible computers into two main categories - trusted and unsafe. Trusted computers are located in same local/home network and accessible locally/directly. All the other computers are accessible via the Internet and so expected unsafe.
- The approach mostly works. Actually your home PC can hardly be attacked from a "kitchen" PC or from a computer based home theater. As the result, all the network activities are expected safe and enabled by default in almost any personal firewall. Frequently personal firewalls do not make any distinctions between different types of activities in home network and enable all the traffic completely.
- The entire home network is mostly protected by a standalone internet connection device (firewall/router). The connection device blocks all especially dangerous incoming connections from the Internet. Even if the computer is connected to the Internet directly all the incoming the connections are perfectly protected by Windows Firewall. Outgoing connections are (sometimes mistakenly) expected safe by definition or managed by a personal firewall.
- The Wireless Threats
- All the wireless home connections may be supposed safe as the wireless connection medium in home local networks is functionally equal to wired one. Of course, some actions must be undertaken to limit those wireless connections to home network only - disable SID broadcasting and encode transmitting data by WEP/WPA at connection point side of the network. Anyway nothing should be done at PC side.
- The situation is changed completely on public wireless connections. Imagine your local network is entire airport, entire library, entire cafe or entire hospital. All the computers in such networks are connected to the Internet via a single connection device (firewall/router), so your PC is still in local network but other local network computers of such network may not be expected trusted or safe.
- Any approaches based on WEP/WPA traffic encoding do not help. The encoding saves from direct intercepting of the data between your PC and public connection point. Those approaches are rather works to protect the access point and the public infrastructure, but for your PC such approaches do nearly nothing. Even under WEP/WPA your computer is easily accessible from other local network participants.
- The Solution
- All what you need to satisfy the both types of requirements - home and public wireless connection security - is a firewall capable to take into account the both environments and manage them correspondingly and separately.
- Windows7FirewallControl Plus has a special mode - Mode: Expensive/Insecure connections. You can configure Windows7FirewallControl for your home local network as usual setting proper security zones for internet active application in the regular manner.
 - Selected application vitally required for public wireless network operability can be marked as "Allow in "Mode: Expensive/Insecure connections"". No special configuration options are required then. You can operate in your home local
network as usual. - All you have to do before entering into a public wireless network is to choose "Mode: Expensive/Insecure connections" in the TrayIcon menu. As the result, all the vitally required and marked as "Allow in "Mode: Expensive/Insecure connections"" applications will operate under selected security zone, but all the other applications will be gently blocked from the Internet and public wireless network access. Returning back to your home network will require only reverting to "Mode:Normal" again.
- Another benefit
- Practically the same problem arises on expensive connections: mobile, satellite or another expensive media. You need to suppress almost any background internet activity of almost any application excepting several vitally required ones. Actually you would hardly need a heavy windows or antivirus update via expensive connection channel. Such updates can wait for regular home connection.
|