Securing laptop PCs for public Wi-Fi hot spots

A California-based network security company said it has new technology that could enable government employees to work securely on laptop computers and other devices from public Wi-Fi hot spots or networks at home.

Los Gatos-based Cranite Systems recently announced that its SafeConnect product would provide the first Layer 2 secure access solution for enterprise networks. The patent-pending technology would also allow remote users to access the same functions they use when working in an office, company officials said.

They said the technology is significant because it could allow government employees to work securely with sensitive but unclassified information via public wireless hot spots. It could save organizations time and money because employees could work away from the office, they said.

“This is providing a secure virtual network over an untrusted network,” said John Vigouroux, chief executive officer of Cranite Systems, during an interview with Federal Computer Week last week.

Cranite, whose other technologies are used by the military, will be demonstrating the product at the Military Communication conference in Atlantic City, N.J., this week.

The product will also be one component of a New York City program, Geospatially-Aware Urban Approaches for Responding to Disasters (GUARD), which would create two-way wireless communications for first responders during disasters. In the GUARD program, Vigouroux said, Cranite’s technology would also cryptographically separate police and fire department communications traffic on the shared network into two virtual Layer 2 networks.

Mike Coop, Cranite’s vice president of consulting engineering, said government workers are understandably averse to working on mobile devices that contain sensitive but unclassified data via public networks.

Public Wi-Fi systems are inherently unsafe, and hackers can breach an organization’s network security even if it uses virtual private networks, company officials said. SafeConnect, they said, essentially expands the network perimeter from the office to all remote workers.

Generally, military policies have barred employees from accessing public wireless hot spots because of those risks. The Army is in the process of revising best business practices to examine how they can ensure safe communications for remote users, he said, adding that he expected the Marine Corps and Navy to follow fairly quickly.

Vigouroux said Taher Elgamal, Netscape’s former chief scientist and creator of the Secure Socket Layer protocol, examined and approved Cranite’s technology. In the company’s press release, Elgamal said “SafeConnect has the right model for protecting remote users. By extending the secure perimeter, SafeConnect shields the remote user from threats.” He is now CEO of EKtasis.

But Vigouroux and Coop said they’re not claiming that SafeConnect is absolutely foolproof. They also said it doesn’t address data at rest, meaning that data should be encrypted on any device in case it’s stolen.