As you’re sipping your favorite drink or getting a bite to eat while surfing the net from a Wi-Fi hotspot, others could be sipping or gulping down your personal information. Since Wi-Fi signals are wireless, people can essentially grab your data from thin air.
However, don’t give up on public Wi-Fi yet. There are many preventive measures you can take to ensure your files and sensitive information stay private, which we’ll discuss.
To properly protect yourself against Wi-Fi hackers or eavesdroppers, you must first understand the main security risks of using Wi-Fi hotspots:
• Traffic off your connection is exposed: – Most Wi-Fi hotspots don’t use encryption to scramble the data being sent to and from your computer and the hotspot. This means anyone within hundreds of feet, with the right tools, can potentially intercept the raw data packets of your connection.
At the very least, without encryption, they could see exactly what websites you visit. Moreover, if the website connection isn’t encrypted with Secure Socket Layer (SSL), represented by the padlock in the browser, then they could see the contents and traffic involving that particular website. This could include the username and password of Web sites you log onto that, again, aren’t using SSL.
The same risk applies to other services, such as FTP or email, that aren’t secured. Figure 1 shows you exactly what one can see from a hotspot user checking their POP3 email account, such as with Microsoft Outlook, that’s not protected with SSL. In addition to the email account credentials shown in the figure, messages sent or received would be in clear-text as well.
• Your laptop is vulnerable to unauthorized access:– If your firewall or sharing settings aren’t properly configured, your computer is much more susceptible to intrusion from hackers on the Internet or at the hotspot location. One of the biggest mistakes you can make is leave shared folders enabled while on a hotspot. Others connected to the hotspot may be able to open up Network or My Network Places and browse to your shared folders. Depending upon your sharing settings, they may be able to read or edit your files—not good.
• Evil-twin hotspots can divulge your financial info or identity:– Wi-Fi hackers wanting to deliberately break the law can set up their own AP and equipment to create a copycat of a real Wi-Fi hotspot. They would do this in order to get you to connect to their signal and make payment. Then they could use your credit card and identity information themselves or sell it. Since they could copy the exact look and feel of other real hotspot providers, you might not ever notice you’ve been duped—good reason to regularly check your credit report. They can also pull other tricks out of the bag, such as redirect users from popular financial Web sites to their fake sites to order to obtain the login info.
Protecting Your Wi-Fi Connection’s Traffic
Now let’s see how we can prevent all these bad things we’ve dreamed up from happening to us. First, let’s discuss some techniques to secure your wireless traffic. Using just one of the following methods is adequate to protect your most sensitive information when using hotspots:
• Use SSL for sensitive sites/services: Regardless of being on a public hotspot, you should always make sure any Web site you log onto that deals with sensitive information or any service you use (such as email and FTP) are protected with SSL encryption. This will ensure the information passing to and from your computer and the site or service are secure, even if you are on a real or fake hotspot. When SSL is used, web browsers will have an https address, instead of http, and will display a padlock or certificate information.
For email client programs, such as Outlook or Thunderbird, you need to make sure SSL is being used for the POP3 and IMAP4 or SMTP server connections. The email service you use must support the encryption. If yours doesn’t, you may want to look into other solutions, such as Neomailbox, Hushmail , or 4securemail.
• Use a Virtual Private Network (VPN) connection: This would encrypt all your Internet traffic. You could essentially use unencrypted connections to sites and services, and hackers at the hotspot won’t be able to intercept anything. You would basically be using the Internet connection at the VPN server end-point for access to the web. The hotspot’s Internet connection is just being used so an encryption tunnel between your computer and the VPN server can exist.
Using a VPN connection when on public hotspots is great if not all the sites or services you use are encrypted, or you want extra security. You can check with your employer to see if they have a VPN solution, create your own, or use a commercial or freehosted service. For best protection, use IPsec-based VPN, rather than PPTP.
• Use encrypted hotspots: Some of the big hotspot providers, such as T-Mobile and iBahn, provide WPA-Enterprise encryption on their hotspots with 802.1X authentication. Connecting to these spots ensure your wireless communications are protected from the public. Remember, it’s always best to make sure sites and services are accessed securely though, to protect the traffic when traveling through the Internet.
Stopping Internet and Wi-Fi invasions
Now to prevent unauthorized access to your computer or device, make sure you follow each of these practices:
• Disable sharing: Some hotspots don’t block communication between connected users. Therefore, you should always disable file sharing while surfing at public locations. In Windows XP, double-click the wireless icon in the system tray, click the Properties button, uncheck the File and Printer Sharing option (see Figure 1), and click OK. In Windows Vista, you should use the new network classification scheme. After connecting to the hotspot, select Public for the network type or location (see Figure 2); this automatically disables sharing.
• Keep Windows firewall enabled and safe: This blocks the ports people could use to intrude on your computer. You might also think about checking the Don’t allow exceptionsoption while connected to open networks, or at least review the programs and ports on the exceptions list.
• Keep your computer or device up-to-date: This ensures your computer is plugging the latest security holes that have been found in the operating system or your software.
Watching out for the evil-twins
Now here are a few things you can do to ensure you are connecting to a real hotspot:
• Check in with the business hosting the hotspot: If you find a hotspot, try to identify who is hosting it and ask about the service. You might find discrepancies that are alarming, such as they don’t really offer Wi-Fi. Plus, if the hotspot seems to be a part of a network or multi-location provider, check to see if their hotspot directory lists the given location.
• Sign up for hotspot service at home: Just to be on the safe side, don’t sign up for hotspot service directly from hotspots. That way an evil-twin hotspot can’t get your credit card information.
• Make sure SSL is used for hotspot: payments/billing: If you must sign up for hotspot service while on the go, make sure any payment and billing forms you fill out are protected with an SSL connection. Plus watch out for SSL certificates with errors, which Internet Explorer should notify you of. Fake hotspots may not use proper certificates or SSL at all.
• Don’t connect to ad hoc connections: Any ad hoc connections (computers allowing people to connect to them) should be considered as evil-twin setups or a misconfiguration of wireless settings in XP. In other words, wireless Internet is rarely provided via these computer-to-computer connections.
You’re protected now!
If you follow the tips and techniques we discussed, your computer, data, and identity should be just fine. Remember the three risks. To protect your Wi-Fi packets, use at least one encryption method. For hacking prevention, think sharing and firewall. Finally, be careful to make sure you don’t get duped by a Wi-Fi criminal.
We’ll leave you with a few last quick tips:
• Keep your eye on your tech toys when in public—all this tech talk and someone can just swipe your stuff.
• Disable the automatically connect option in the properties of your networks.
• Remove any ad hoc networks from the Windows list.
• Disable your wireless adapter altogether when not actively surfing.
Eric Geier is the Founder and President of Sky-Nets, Ltd., a Wi-Fi Hotspot Network. He is also the author of many networking and computing books, including Home Networking All-in-One Desk Reference For Dummies (Wiley 2008) and Wi-Fi Hotspots: Setting Up Public Wireless Internet Access (Cisco Press 2006).