Lock Down Your Email
Another way to stay secure in your communications while on the road is email encryption. A good idea even while at home, encrypted email becomes all the more useful when accessing the Internet through an insecure access point or in an untrusted computing environment.
As with disk encryption and VPNs, there are a variety of different ways available to encrypt email. The most common email encryption mechanism is Pretty Good Privacy (PGP), which can be found in a variety of implementations ranging from standalone command-line tools to plugins for email clients.
The competing (and incompatible) standard is Secure/Multipurpose Internet Mail Extensions (S/MIME), which requires a valid security certificate from a reputable certifying authority. Both standards are endorsed by the National Institute of Standards and Technology as security standards, and are both secure enough for everyday use. However, the two standards cannot decrypt one another, so it is important to know which email encryption mechanism the person you are communicating with uses before sending a message (or even if they are using encryption at all!), to avoid a mess of garbage text from reaching your recipient.
PGP is officially available through the PGP Corporation, which also offers the PGP Universal solution for encrypting emails in an enterprise environment. For a free option, Gnu Privacy Guard (GPG) is a free/open-source solution that can be used from the command line or even plugged into an email client for even easier encryption.
The Enigmail plugin for Mozilla Thunderbird (Figure 5) allows GPG email encryption directly from the client. In the large version of the figure below, the message on the left has been encrypted, while the message on the left has been decrypted.
Figure 5: Enigmail plugin for Mozilla Thunderbird
S/MIME support is included with many e-mail clients, so using it is as easy as selecting the 'Encrypt Email' option within the client. The difficult part, however, comes with obtaining a certificate from a CA. Many organizations provide their own CA's, but certificates are also available through trusted third-party CA's. Thawte is the most popular third-party CA, and can issue free S/MIME certificates (Figure 6), while VeriSign provides certificates for a fee.
Figure 6: An S/MIME certificate issued by Thawte and viewed in Mozilla Firefox. (Click to enlarge)
A word of caution/paranoia: Though the cryptographic algorithms behind mechanisms such as PGP and S/MIME are secure, it should be noted that their greatest weak points come in their implementations. An improperly-implemented version of one of these algorithms can provide a false sense of security - which can be even worse than having no security at all! - so take care to update to the latest versions of whichever implementation you choose. Or, for the truly paranoid, just use the time-tested command-line versions of each tool.
A final concern when bringing your laptop on the road is file sharing. For security's sake, unless you absolutely trust the network you are plugged into, disable file sharing on your laptop's network adapter when connecting to a network. This will prevent other machines from viewing and accessing the files on your laptop, and may even save you the pain of having to remove a worm from your machine if file sharing permissions are improperly configured.