Email login credentials and messages
In previous articles of mine, such as How To Secure Your E-mail, I've used the email example with Outlook. Check it out if you haven't yet.
Don't forget about web-based email. Like described earlier about non-secured sites, accessing web-based email without SSL encryption means your messages can be captured. Some email sites always offer secured access, while others can be optional or non-existent. Currently, the default for Gmail is no encryption. Figure 6 shows an example of what an eavesdropper can sniff when you send an email from your Gmail account, using an unsecured connection.
Figure 6:
To find out if your web-based email provider offers encrypted access, throw a S after the HTTP. For example, instead of http://mail.google.com, it would be https://mail.google.com/. Securing POP3 accounts that use a client, such as Outlook, is a bit more involved. Refer to my article on securing email for more information.
Using WPA/WPA2 encryption on your private Wi-Fi network protects unsecured email from eavesdroppers. If you can't or don't want to secure your email when using public networks, you could use a VPN to encrypt your communications.
FTP login credentials and transferred files
If you upload or download files to or from a FTP server, on a unprotected network, sniffers can capture the file(s). Plus just like with the email server, the login credentials are also sent in clear-text (see Figure 7) for the eavesdropper to see.
Figure 7:
Unfortunately, it is not possible to secure or encrypt FTP connections. However, using FTP on your private network is fine when using Wi-Fi encryption. Unless you use a VPN, you should not use FTP connections while on public networks. If you are the server administrator, you might look into other secure methods, such as SFTP.
Instant messaging conversations
Most instant messaging and chat programs, including ICQ and IRC, send and receive in clear-text. So if you are on a public network, eavesdroppers can see the conversations with your loved-ones, friends, or business associates. Figure 8 shows an example of an Yahoo Messenger IM and Figure 9 shows what it looks like in a sniffer. Again, to prevent this on unsecured networks, you can use a VPN.
Figure 8:
Telnet login credentials
Don't forget about Telnet; it also sends and receives in clear-text. Again, don't connect to servers or computers via Telnet on unencrypted networks, unless using a VPN. You should really look into using SSH instead, which is secure.
Keeping it secure
We've discovered several Internet and network services that are vulnerable to sniffing on unprotected and public networks. Anyone within range could possibly see websites you are visiting and the files you are downloading or transferring. Email messages, files transferred using FTP, and Telnet sessions are also vulnerable, along with their login credentials. Finally, we saw that instant messaging conversations can also be captured.
Figure 9:
I'll leave you with some tips on how to keep these types of services secure:
Eric Geier is an author of many computing and networking books, including Home Networking All-in-One Desk Reference For Dummies (Wiley 2008) and 100 Things You Need to Know about Microsoft Windows Vista (Que 2007).