Over the past few years, we’ve witnessed several third-party web-hosted services become available including accounting, application sharing placeware, remote desktop access, and anonymous web browsing to name a few (many of which have actually survived). It was inevitable that we are now seeing an emergence of web-based application providers out to get a piece of the security business. What better target than WiFi? There’s nothing like the FUD surrounding WiFi security ever since the first WEP key was cracked.
Enter WiTopia and its new SecureMyWiFi service. It’s essentially a way to for individuals or small enterprises to outsource a Radius server. Even more novel is that for the time being, WiTopia is giving away free access for five or fewer users.
Set up your access point to authenticate users via 802.1x on the wireless side and a WiTopia Radius server on the wired side (after all, it’s just another IP host which can be located anywhere in the world) and away you go.
They also offer PersonalVPN, along the lines of HotSpotVPN . A VPN can be used by a client anywhere there’s Internet access, wireless or wired, as it operates at the IP layer, not layer 2 like WiFi encryption. Thus, one could argue that SecureMyWiFi is more secure than a VPN, at least for the wireless portion. One newcomer to keep on eye on is Google Secure Access Beta (being tested on Google WiFi in the SF area.)
Another potential drawback to a VPN is that securely encrypted packet exchanges are between you and the VPN server only. What’s so bad about that? While it makes a lot of sense for a corporate VPN server or firewall, for general Internet use all your traffic first goes to the service provider’s VPN server (WiTopia for instance) over the Internet and is then redirected back out on that server’s Internet connection – unencrypted of course. So don't be fooled. At some point, your data is exposed again somewhere on the Internet.
The VPN server could also become a bottleneck, processing packet encryption/decryption for who knows how other many users, not to mention the amount of Internet bandwidth available at that server’s connection.
The server could also be located several Internet router hops away from your destination. Sending packets from a wireless laptop via a hotspot in California to a VPN server in New York to access a web site in San Diego for instance, is hardly the optimal route.
On the other hand, the VPN will protect your WiFi application data from unscrupulous wireless eavesdroppers wherever you go and does not require an access point programmed to work with an external Radius server – something that the majority of hot spots are not doing and certainly not all to the same Radius Server!