Public WiFi security tips

This free bandwidth does come with an element of risk. Once you are
associated to an access point, you are on the same network as others
connected to the same access point, in the same way as plugging into
the same network segment. A simple network discovery will show who else
is connected….and from there an unscrupulous user could try and
access your machine. This may not be deliberate – a Trojan may
automatically be scanning in the background for, and trying to infect
other machines. In addition to the possibility of direct attack, your
data is probably going to be “clear text” – not encrypted.

So what issues do we face when using public ‘hotspots’?

  1. Clear text data – by its very nature a hotspot will not have
    any encryption or security on it. It is there to enable as many people
    as possible to connect, as easily as possible. To offer a pre-shared
    security key is impractical, and the more people have a key, the less
    valuable a key is. What does this mean? Well if you are sending email,
    someone on that network will be able to see, and read that data. It is
    a bit like handing a postcard over a post office counter. Everyone in
    the post office can read it. So you really would not write anything
    confidential on it. To say “Hi, having a wonderful time, wish you were
    here” is not exactly top secret. You may not want to put all your
    credit card information on it!
  2. Most web traffic is, by its very nature clear text. Most web
    sites will switch to secure, encrypted HTTPS traffic when doing
    commercial transactions. Web mail is normally in the clear…How can
    you tell if you have changed? Look for the little padlock in your
    browser!
  3. If you are using business email, we strongly recommend using a
    VPN (Virtual Private Network) between you and the business mail server.
    This should be provided by the business. This normally is a security
    overlay on your traffic. This will encrypt data and ensure no
    eavesdroppers read it.
  4. Your PC needs to have a personal firewall installed, and
    switched on. A basic firewall is provided within Windows now. Use it!
    This stops unauthorised access on to the PC.
  5. Many businesses will add an additional personal firewall. The
    clever ones will actually change the policy based upon your location,
    which will control the flow of data in and out of your PC in accordance
    with your policy.
  6. Ensure your anti-virus software is installed, up-to-date and working! This will defend against known virus or Trojan attacks.
  7. Turn off ad-hoc networking – WiFi has two methods of working –
    ad hoc and infrastructure. Infrastructure is when your PC connects to
    an Access Point, and then on to a wired network. Ad-hoc is when two
    PC’s communicate to each other directly without an Access Point. You
    really should ensure no one can network directly, unless there is a
    specific reason!
  8. Shoulder surfing. Always be aware who is watching you. Don’t
    sit with your back to a crowd or window inviting unwanted snoopers to
    see you type your password or read your documents.
  9. Think about the length of time you are connected. As a
    precaution, prepare messages off line and only connect to send and
    receive. This will reduce the window of opportunity for someone to
    capture your data.
  10. Lastly, when accessing a hot spot be aware of hot spot high
    jacking. This is when a fake access point is used to fool you into
    connecting to it. It will record all traffic from your system. This
    type of attack is mainly used in internet cafes since access is open.
    Always try and make sure you connect to genuine access points.

By David Hobson
Managing Director of Global Secure Systems