|
My
Publications -
Tutorials
Wi-Fi
Hotspot Security: Solutions for Users
By
Eric Geier
-
Originally Published by Wi-Fi
Planet on August 7, 2006 -
There are
numerous issues regarding the usage of public wireless internet
access, as discussed in one of my earlier tutorials, Wi-Fi
Hotspot Security: The Issues. However, Wi-Fi hotspots can still be
safe and secure if hotspot administrators and users implement some
safeguards.
There are many
things you can do to help protect personal documents, privacy, and
identity when using public networks:
Secure Your
Real-time Traffic:
-
Use a
VPN connection
A virtual private network (VPN) <DEFINE: VPN> encrypts
all data sent from the VPN client (your computer) all the way to
the VPN server, and vice versa. Along with providing a great way
to secure real-time traffic on un-trusted networks, such as Wi-Fi
hotspots, VPNs can also enable the access of files and services on
the VPN server’s network, which is why they're often used by
businesses. Keep in mind, there are a few different VPN flavors
and several different ways you can go about getting this type of
encryption, such as:
-
Use a
company provided VPN
-
Create
and use your own VPN server
-
Purchase
hosted VPN access or software
-
Use
“clientless” SSL VPNs
-
If a
VPN Connection Isn’t Used…
-
Secure
any Services Used
Make sure any services you use, such as POP3 and FTP, are
secured if you are not using a VPN. Some e-mail hosts provide
SSL encryption for e-mail accounts. If not, most e-mail
providers do offer secure Web-based e-mail. You can even
encrypt Google's Gmail, with the right browser extensions.
-
Use
SSL (or HTTPS) Websites
Don’t visit any private or sensitive Web sites, such as
banking, e-mail, or web accounts, unless it’s secured with
SSL and uses a HTTPS address, typically indicated by a
pad-lock icon in your web browser.
Prevent
Others from Connecting to Your Laptop:
Before
connecting to Wi-Fi hotspots, you should disable sharing of any
files, folders, and services you may not want others to view, use or
edit.
You can view
all your PC’s shared folders in Windows XP:
-
Access
your PC’s Control Panel
-
Open
the “Administrative Tools.” If in the control panel is in
category view you’ll need to select the “Performance and
Maintenance” category.
-
Double-click
on “Computer Management”.
-
Click
on “Shared Folders” and open the “Shares” folder.
You should
see all your PC’s shared directories. Keep in mind by default,
Windows XP adds a few shared directories (such as for remote
administration); however, these should be protected from network
access like on Wi-Fi hotspots. You should refer to the program’s
help documentation for more information. Typically, if a share path
is of a specific personal directory, it’s likely a shared folder
that others on the same network, such as hotspots, can view and/or
edit.
You can edit
the sharing preferences of folders in Windows XP:
1.
Right-click on the folder, such as in “My Computer,” “Windows
Explorer,” or on your desktop.
2. Select
“Sharing and Security”
3. Edit the
settings, in the “Sharing” tab, and click OK.
To protect
yourself from intruders on Wi-Fi hotspots and internet, you should
have personal firewall software installed and active while
connected. You can either use Windows
XP’s built-in firewall utility, accessed via the Control
Panel, or use third party software such as ZoneAlarm.
Make sure
your operating system is up-to-date at all times. This ensures that
you’re protected with the latest fixes that may repair any
security holes in the operating system.
Watch Out
for "Evil-twin hotspots"
There are
several things you can do to help verify the legitimacy of Wi-Fi
hotspots:
-
Check
for “Wi-Fi here” Signs
You may want to verify if the establishment that you’re
located at actually offers wireless Internet access and details
such as the SSID or network name by looking for signs or asking
someone from the establishment.
For example, you may be connecting to some sort of hotspot, but
the management at the location may say, “Well it’s not us, we
don’t have wireless at this time,” thus you may be connecting
to a fake hotspot.
-
Make
Sure SSL Encryption is Used
Any login or payment pages of the hotspot should be protected
with SSL encryption; otherwise, it’s a possible fake hotspot.
Look for that pad-lock icon.
-
Check
the SSL Certificate
By looking at the details of the SSL certificate used by any
login or payment pages of the hotspot, you may help verify the
legitimacy of the Wi-Fi hotspot. In Internet Explorer you can do
this by double-clicking the Pad Lock in the browser’s lower
right hand corner.
Beware
Public Workstations or PCs
-
Use as
Last Resort
Even though you can take steps to help protect yourself on
public PCs, you should try to avoid using them because there is a
big risk that key loggers and other tools are installed to expose
every click you make.
-
Use
Personal VPNs
When using public PCs to access sensitive sites, you should
use personal VPNs to encrypt the traffic because the PC may be
connected to a wired or wireless network where others can see all
the traffic, just as if you were using Wi-Fi hotspots.
However,
exercise extreme caution when using corporate or other VPNs
connected to a remote network that enables access to personal data.
The use of hosted VPN access or software made for access on public
networks utilizes the same strong encryption (to protect the
real-time traffic); although, this does not enable remote
connectivity to network files and servers. Therefore, if someone
does get your VPN account information, they won’t be given access
to any files and servers.
-
Don’t
Save Login Information
When logging into your web accounts on public PCs, make sure
you don’t save the login information. For example, don’t use
the “Remember Me” option. Also, manually logout when you’re
done.
Stay tuned
for the solutions Wi-Fi hotspot operators can implement in order to
increase wireless security at their venues.
|
