Due to their very openness, Wi-Fi hotspots present a serious and complex set of security issues. With no encryption or filtering protections for users, most public hotspots are easy prey for cybercriminals. Hackers often lurk on public Wi-Fi nets, sniffing network traffic as it passes by for things like passwords and credit card numbers. They can also look for users who have turned on file sharing -- and get direct access to their hard disks.

The other major danger is connecting to a malicious hotspot. Many cybercriminals set up "free" Wi-Fi networks in public places like airports and parks to trap unsuspecting users. These can even mimic the names of real hotspots -- so-called "evil twin" networks -- so that even if there is a legitimate network in the same area, you may accidentally attach to the malicious one.

So what can you do to protect yourself at public hotspots? Plenty...

1. Make sure you're connected to a legitimate access point! This first step is probably the least obvious, but one of the most important. Rogue access points in public areas can have the same SSID as what you'd expect (such as "Wayport" or "tmobile"), but really connect directly to hijackers' databases to collect the passwords and usernames you use to sign in. Even worse, they can collect credit card data from people who sign up for new accounts. And so-called man-in-the-middle attacks using ad-hoc Wi-Fi networks carry the same risks.

So don't connect in places where there is no sign for a legitimate provider, and check the list of available SSIDs to make sure you are connected to the right one. Don't set your wireless card to connect automatically to any available network. Turn off the ad-hoc mode (which lets other clients connect directly to you!). And turn off your Wi-Fi card entirely as soon as you are done.

2. Encrypt sensitive data. As you beam emails from your laptop to the wireless access point and back, or as you enter your username and password to check your bank account balances someone nearby can be "sniffing" (intercepting) those packets of data as they fly by. Much of the information -- even information that you might think should be encrypted -- is sent in clear text. That means that the person intercepting those packets may be able to read your emails or learn your passwords.

Stuffit Deluxe

While data sent to and from secure Web sites (those starting with https:) is generally protected, you can also use encryption in other contexts. If you are sending a sensitive file via email, for example, encrypt it first with a password. Most file compression programs, such as StuffIt Deluxe, offer encryption, and there are numerous freeware and shareware encryption programs as well.

3. Use a Virtual Private Network. One of the best ways to protect your data when using a public wireless network or hotspot is to use a virtual private network (VPN), such as JiWire Hotspot Helper. A VPN establishes a private network across the public network by creating a tunnel between the two endpoints so that nobody in between can intercept the data. Many companies allow remote users to connect to corporate networks as long as they use VPN. This keeps the users' communications just as secure as if they were sitting at a desk in the building.

If you don't have a corporate VPN, you can be secure at any hotspot using JiWire Hotspot Helper. Hotpot Helper's VPN is supported by almost all wireless routers, both public and private, and the software also includes an offline hotspot finder and other handy tools.

4. Use a personal firewall. When you connect to a public wireless network you are joining a local network with other unknown computers. Having these computers on the same IP subnet makes them more dangerous than machines elsewhere on the Internet. Machines in your network and subnet range are able to more easily capture traffic between your computer and the wireless access point or attempt to connect with your computer and access your files and folders.

To protect your computer you should run a personal firewall program. There are many excellent choices. Some, such as Zone Labs ZoneAlarm, Kerio's Personal Firewall, and the built-in Windows Vista firewall are available for free for home or personal use. You should not install them on your corporate laptop, however, without purchasing the proper licensing or consulting your IT manager. Security software vendors such as Symantec and McAfee also make commercial personal firewall products.

A personal firewall will help you restrict the traffic allowed in and out of your computer. This protects you not only from attacks that originate outside of your network, but also those from other computers on the same network. Personal firewall software generally monitors both incoming and outgoing traffic (with the notable exception of Microsoft's Windows XP firewall, which only filters incoming data), as well as applications trying to interact with other system processes or with the operating system. Should your computer somehow become compromised with a Trojan horse or backdoor program, a personal firewall application should flag the unusual communication attempts and alert you. Make sure you take the time to familiarize yourself with the product you choose and configure it properly to get the maximum protection without getting in the way of legitimate traffic and applications.

5. Use anti-virus software. When you are on your home network or even on your company network you can operate with a fair assurance that the other machines on the network with you are at least as protected as yours is against viruses and other malicious code. When you connect to a public network you have no such assurance. Suddenly it is more important than ever to have antivirus software installed.

Of course, antivirus software is only as good as its last update. If you updated your antivirus software a month ago there are probably at least 10 and maybe 50 or more new viruses, worms and other malware that you aren't protected against. Make a special effort to go to the vendor's Web site and download the latest update any time you hear about a new high-risk or fast-spreading threat, and take advantage of the auto-update features found in most such programs.