|
Securing Your Wi-Fi Hotspot Sessions
By Eric Geier (NoWiresSecurity Founder
& CEO) - originally published on
InformIT.com
As you may know already, there are
some security concerns when using public Wi-Fi networks such as
hotspots at cafes, hotels, restaurants, and other public places.
Wi-Fi wasn't specifically developed for public access. Other than
certain national hotspot providers such as T-Mobile, wireless
encryption (WPA/WPA2) isn't used on hotspots. This Wi-Fi encryption
isn't practical for hotspots as it is with private networks in homes
and businesses. Plus the sharing aspect provided by Wi-Fi works
against us on public networks; you don't want to share files with
strangers.
In this article, I'll discuss exactly how to secure your computer
and communications while using Wi-Fi hotspots. Though wireless
networking technology isn't designed for public use, it can still be
safe and secure if hotspot providers and users follow a few
precautions:
Use Secure Browsing and emailing practices
Just like when on the web at home or
work, you should follow basic Internet security practices while
using Wi-Fi hotspots. Many of the Internet protocols and services we
use day-to-day are inherently insecure by default.
The login and communications for services such as HTTP web browsing,
POP3/SMTP email, IMAP email, Telnet command-line access, and FTP
file transferring are not encrypted and are sent and received in
clear-text.
At home and work, the communications of these clear-text services
can be encrypted and secured from local Wi-Fi eavesdroppers by using
WPA or WPA2 encryption.
However, most Wi-Fi hotspots don't use encryption. For this reason,
you should follow the practices described in the following sections.
Use HTTPS/SSL for Sensitive Logins and Sites
Make sure that any website you log in
to is using Secure Socket Layer (SSL) encryption. The URL address
should begin with https instead of just http. Plus the browser
should display a pad lock, green address bar, or other notification.
Secure POP3/SMTP/IMAP Email Connections with SSL
If you use an email client such as
Outlook or Thunderbird with the POP3, IMAP, or SMTP protocol, you
should try to use it with SSL encryption.
Whether or not you can use encryption depends upon your email server
or service. If it's supported, you can set it up on your email
client. If the server doesn't support it, see if you can access your
mail via the web (using HTTPS/SSL), at least when using public
networks.
Use SSH Instead of Telnet
If you must remotely connect to a
computer or server while on a public network, use a secure remote
access protocol such as SSH.
Use SFTP/SCP Instead of FTP
Though it's usually easier to use
plain FTP when downloading or uploading files from servers, it's not
secure. Similar to the other plain-text protocols, Wi-Fi
eavesdroppers can capture the login credentials and the transferred
data of FTP connections.
You should use SSL encryption with FTP connections, which must be
supported by the server and the client. You might also look into
using the SCP protocol.
Encrypt Your Communications
Because most hotspots don't use WPA or
WPA2 encryption to scramble the communication between computers and
the wireless access point (or wireless router), you should use
something to provide this encryption.
That way, if you use a clear-text protocol as I discussed, local
Wi-Fi eavesdroppers can't see the communications. This encryption
can be provided by using a Virtual Private Network (VPN) technology.
Traditional VPN solutions were designed to provide secure remote
access to networks from outside the building so you can, for
example, access work files at home. Because VPN connections are
encrypted from the user's client all the way back to the network or
server, any traffic while using them on a hotspot is protected from
eavesdroppers.
If your employer doesn't provide VPN access, you can set up your
server using a Professional edition of Windows.
There are also VPN solutions specifically designed for hotspot
security. They don't include the ability to remotely access files,
but they still tunnel Internet traffic through the encrypted
pipeline back to a safe network, thus securing your hotspot traffic.
One free solution you might want to check out is AnchorFree's
Hotspot Shield.
Protect Your Computer and File Shares
Originally wireless networks were
designed with only private-use in mind, within homes and businesses
where the users are "trusted". Though the ability to share files and
printers is one of the defining benefits of Wi-Fi, its one of the
dangers of public Wi-Fi hotspots where the users aren't "trusted".
Some hotspots are setup using hotspot gateways that block sharing,
but many hotspots are implemented using regular Wi-Fi equipment.
However, you can ensure your computer and documents are safe by
following these precautions:
Classify the Hotspot as Public in Vista or Windows 7
When first connecting to wireless
networks in Windows Vista and 7, you're prompted to classify its
type as either Public or Private (Work or Home). Then Windows
chooses the appropriate networking and firewall settings, such as
disabling file and printer shares when connected to a Public
network.
If you need to change the network classification or type after the
initial configuration during the first connection, access the
Network and Sharing Center.
Disable File and Printer Sharing in Windows XP
If you're still using Windows XP,
you'll have to manually disable sharing. To do this, access the
Network Connections window by right-clicking the network status icon
in the system tray or by clicking Start > Connect To > Show all
connections.
Then double-click the connection you're using, uncheck the File and
Printer Sharing for Microsoft Networks option, and click OK. When
you get back home or to the office, you can re-enable the option to
get sharing back.
Ensure Windows Firewall Is Enabled
Being connected to hotspots also opens
your computer up to general intrusion attempts from local hotspot
and Internet hackers.
Thus you should ensure that you have Windows Firewall or another
firewall solution enabled while on public networks.
Things to Remember
I discovered many things to help
protect data and privacy while surfing at Wi-Fi hotspots. Remember;
try to independently secure your services.
Also consider using a VPN service of some type to encrypt all your
Internet communications from local eavesdroppers. Plus make sure
that you aren't sharing with the other hotspot users. |
