Earlier this year, I traveled to the Philippines. Based on past experience, I didn't have much hope for Internet access in that country. On my last trip 3 years ago, Internet access was limited to Web cafes at dial-up speed. To my surprise, this time I was able to access the Internet at broadband speed from the lobby of my hotel, the Waterfront Cebu City Hotel, for about $10.00 a day through a public wireless hotspot using Wi-Fi, the 802.11b wireless standard. Internet access through public hotspots is common today. Wi-Fi is available in most large airports, and in hotels and coffee shops throughout the United States and in many international locations. (For links to public hotspot directories, see the sidebar "Directories of Public Wi-Fi Hotspots.") Although Wi-Fi availability is a boon to business travelers, it presents cost and security challenges to corporate IT professionals.
The advantages of Wi-Fi for business travelers can't be overstated. In the past while traveling, I'd have to find a telephone with a modem port, connect my computer to it, and figure out the dialing string that would permit a long distance phone call to be charged to my business calling card. With Wi-Fi, I simply look for a sign advertising a public hotspot, turn on my Tablet PC, and make a Wi-Fi connection. Wireless computing is particularly easy with Windows XP, which has a built-in UI for browsing wireless connections. And in contrast to dial-up, Wi-Fi gives you broadband speed-in the Waterfront Hotel's lobby, I was getting performance comparable to the DSL line in my home office.
Don't Break the Bank
The biggest problem with using Wi-Fi while traveling on business is the cost. Most providers charge about $10.00 per day for access. At first glance, that price doesn't seem unreasonable-particularly when compared with long-distance charges for a dial-up connection-but price can present a real problem when you're traveling. Let me illustrate this point with my own itinerary from a recent business trip from my home in Modesto, California, to Denver, where I attended the 2004 Windows and .NET Magazine annual editorial meeting.
The nearest airline hub to my home is Sacramento International Airport, where Airport Network Solutions, a division of ICOA, provides Wi-Fi access. Public Wi-Fi access at Sacramento International Airport is relatively inexpensive at $6.95 for 24 hours; however, I only needed access for an hour before boarding my plane. The next stop was Denver International Airport, but I didn't bother with Wi-Fi when I arrived because I knew I'd have access at my hotel.
I stayed at the Magnolia Hotel in Denver, which offers T-Mobile wireless Internet access and even provides 802.11b network cards and software to guests who need them. The price is $10.00 per day. I used the service every day until I checked out.
The day I departed, I had a couple of hours at Denver International Airport-where I found Wi-Fi access available at most gates through AT&T Wireless, which also provides service at Austin-Bergstrom, Dallas-Fort Worth, Philadelphia, San Jose, and Seattle-Tacoma international airports. The service costs $9.99 for 24 hours.
Do you see the dilemma? On my travel days I paid for Wi-Fi access both at the hotel and at the airport I was traveling through. For someone like me, who only travels a few times a year, the cost of Internet access isn't a big problem; but for anyone who spends more time on the road than in the office, the cost can add up fast. Most public Wi-Fi providers offer monthly or annual discount plans, but it makes little sense to purchase annual membership in any one plan when you're likely to use more than one provider during a trip.
Larger airports usually offer a choice of Wi-Fi providers. At Denver International Airport, T-Mobile service is available in the American Airlines Admiral's club and at Starbucks locations. At Sacramento International Airport, however, Airport Network Solutions (ANS) has a monopoly.
To control this cost, corporate chief information officers (CIOs) might consider negotiating contracts at discount rates with one or more of the larger nationwide Wi-Fi providers. Businesses could encourage users on business travel to use these preferred providers when traveling. Of course, if your corporate headquarters is located near an airline hub, you'd be well advised to determine which providers are available there before negotiating a contract. (For a list of Wi-Fi providers, see the sidebar "Companies that Offer Public Wi-Fi Hotspots.")
Overcoming Insecurities
A larger dilemma exists with business use of public Wi-Fi hotspots: Using them provides little or no network security. I haven't yet seen a public hotspot using Wired Equivalent Privacy standard (WEP), Wi-Fi Protected Access (WPA), or 802.1X-the only security measures typically taken are those required to protect your credit card transaction before you log on. After logging on, you're connected to the Internet through a broadband connection. Public hotspots use dynamic rather than static Internet addresses, and in most cases probably provide some sort of firewall-though probably not a firewall comparable to what you provide over your corporate network.
And consider: While traveling, your notebook or tablet PC is isolated, but after you're back in the office, it will most likely be connected to your corporate LAN, behind the firewall. So if a virus or worm has infected your PC, it's going to spread. Running up-to-date antivirus software on your notebook computer helps but isn't a complete solution. What you need, because you can't count on one being provided for you, is a local firewall. (For more information about defending your network, see Microsoft's "Windows Server System Wi-Fi" Web site at http://www.microsoft.com/wifi.)
Microsoft will provide an enhanced local firewall in Windows XP Service Pack 2 (SP2), although the pre-SP2 firewall effectively blocks laptop attacks. The new Windows Firewall is a much-improved version of the pre-SP2 Windows XP Internet Connection Firewall (ICF) because it lets you operate Windows Firewall in the On Without Exceptions mode, which blocks all incoming connections to the computer. (Figure 1 shows the Windows Firewall in the On Without Exceptions mode.) I've used this mode on two tablet PCs when connecting through public Wi-Fi hotspots over the last couple of months, and I've been able to access everything I needed, including secure sites and a proxy server, with no problems. Administrators can enforce this setting for mobile users through group policy or a new version of the Netsh.exe command-line program that's provided with SP2. You can make this setting part of the undocked profile for a user. To download a white paper about deploying Windows Firewall settings, go to http://www.microsoft.com/downloads/details.aspx?FamilyID=4454e0e1-61fa-447a-bdcd-499f73a637d1&DisplayLang=en.
If you have users running versions of Windows earlier than XP or other OSs on notebook and tablet PCs, I strongly recommend requiring a local firewall such as Zone Labs' ZoneAlarm. And if you have users who travel, you'd be well advised to consider running software firewalls on desktop PCs inside your hardware perimeter because you never know what traveling users might pick up while they're out of the office (that's one reason why Windows Firewall is on by default in SP2.) Access to corporate data for a user who connects from a public hotspot will require a VPN or some other form of secure connection. Boingo, a Wi-Fi provider with more than 5000 hotspots worldwide, offers free client software with an integrated VPN client. That service may be worth a look.
One more thought on security: In the Philippines, I was able to purchase a "day pass" using cash. No credit card number was required because the pass had a username and password. The pass eliminated any risk of identity theft because I didn't have to give a credit card number-which made me more comfortable purchasing wireless access while outside the US. If you have international users, you might want to look into similar services. For example, Wayport offers prepaid access cards that work at 600 hotels and a dozen airports (mainly in the US, with a few locations overseas).
Get Up to Speed
Although Wi-Fi has exploded in the small office/home office (SOHO) environment, it hasn't been as widely accepted in the enterprise. This paradox doesn't surprise me-at its current state of development Wi-Fi is insecure, and the last thing enterprise IT personnel need these days is yet another security hole to worry about. But believe me, your users-at least those who travel-are already using Wi-Fi. Today's notebook and tablet PCs almost always come with Wi-Fi networking built in. Getting up to speed on Wi-Fi with realistic policies and appropriate measures will serve your users and your organization.
