When I discuss Wi-Fi security, I try to show an example of what a Wi-Fi eavesdropper or hacker could see from an unencrypted wireless network. This way you can imagine what someone from the parking lot or nearby can see of the data traveling between you and the access point (AP). The underlying reason is to help you understand why you need to encrypt your wireless connections. I usually stick with examples on how email messages and login details can be sniffed. But I thought I'd show you more.
In this article, we'll look at several different online and network services or communication types that are vulnerable to sniffing or capturing by eavesdroppers. Plus along the way, I'll give tips on how you could secure them, over and above encrypting the entire link.
What we'll discuss mainly applies when you are using public Wi-Fi hotspots or wired Internet ports you plug into. Though you can have the same types of vulnerabilities when using private networks, enabling WPA or WPA2 encryption scrambles all the communication from Wi-Fi eavesdroppers. So make sure your Wi-Fi network is using this encryption!
Websites you are visiting
First we'll look at the simplest service, http connections. In other words, the communication between a web browser and web servers on the Internet when you're browsing the web. Eavesdroppers can see what websites you are visiting. The addresses are always mentioned in the network packets. However, this is a crude method to snoop. They just see the URLs along with the raw html, php, or other web code. Figure 1 shows what the web page (of my site) pictured in Figure 2 might look like in a network analyzer.
However, if an eavesdropper wanted to go a step further, they could use a sniffer that captures the network packets and resembles the files or code. This way they could actually see the web pages you're visiting. Figure 3 shows an example, based off the page previously shown in Figure 2. Remember, they have the same data you've accessed store on their computer. They can export or save individual files (images, pages, documents) to their computer.
Remember, data from any secured web connection is scrambled and they can't see it. For example, when you access your banking, PayPal, and most other important accounts online, the connection between your computer and their server is usually totally secure. This is the case when the site uses SSL encryption, indicated by a https address rather than the usual http. Plus web browsers display a yellow pad lock in the lower right corner or around the address bar on top, when the connection is secure.
You shouldn't have to worry about non-secured sites when on your private network, since you should be using WPA or WPA2 encryption. However, when on public networks, if you want connections to non-secured sites protected, you can use a VPN. I'll list some VPN providers later.
Files being transferred over the network
Any files you transfer between computers on an unsecured network, or files you open from network locations, can be captured by eavesdroppers. They could review the raw packets to see the contents of clear-text files. Again, they could also use a special sniffer to export and save the file(s). This includes database files, documents, zip files, images, audio files, everything.
Figure 4 shows an example of what the plain text file pictured in Figure 5 would look like in an analyzer.
Using WPA/WPA2 encryption on your private Wi-Fi network solves this problem. For public or unsecured networks, you shouldn't be sharing files. You should actually disable file and printer sharing in the network connection properties in Windows XP or select the public network type in Vista.
One of the ways around the issues of security and control that make some businesses wary of cloud computing is to build a private cloud -- one that remains within the corporate firewall and is wholly controlled internally. Private clouds also increase the agility of IT an organization's IT infrastructure and make it easier to roll out new technology projects. Download this eBook to get the facts behind the private cloud and learn how your organization can get started.