Wi-Fi Hotspot Security: Solutions for Users
August 07, 2006
Take steps to protect your personal documents, privacy and identity when using public wireless Internet access.
There are numerous issues regarding the usage of public wireless Internet access, as discussed in one of my earlier tutorials, Wi-Fi Hotspot Security: The Issues. However, Wi-Fi hotspots can still be safe and secure if hotspot administrators and users implement some safeguards.
There are many things you can do to help protect personal documents, privacy and identity when using public networks:
Secure Your Real-Time Traffic:
- Use a VPN connection
A virtual private network (VPN) encrypts all data sent from the VPN client (your computer) all the way to the VPN server, and vice versa. Along with providing a great way to secure real-time traffic on un-trusted networks such as Wi-Fi hotspots, VPNs can also enable the access of files and services on the VPN servers network, which is why they're often used by businesses. Keep in mind, though, that there are a few different VPN flavors and several different ways you can go about getting this type of encryption, such as:
- Use a company-provided VPN
- Create and use your own VPN server
- Purchase hosted VPN access or software
- Use clientless SSL VPNs
If a VPN Connection Isnt Used
- Secure any Services Used
Make sure any services you use, such as POP3 and FTP, are secured if you are not using a VPN. Some e-mail hosts provide SSL encryption for e-mail accounts. If not, most e-mail providers do offer secure Web-based e-mail. You can even encrypt Google's Gmail with the right browser extensions.
- Use SSL (or HTTPS) Web Sites
Dont visit any private or sensitive Web sites, such as banking, e-mail or Web accounts, unless they're secured with SSL and use an HTTPS address, typically indicated by a padlock icon in your browser.
- Secure any Services Used
- Disable Sharing
Before connecting to Wi-Fi hotspots, you should disable sharing of any files, folders and services you may not want others to view, use or edit.
You can view all your PCs shared folders in Windows XP:
- Access your PCs Control Panel
- Open Administrative Tools. If in the control panel is in category view, youll need to select the Performance and Maintenance category.
- Double-click on Computer Management.
- Click on Shared Folders and open the Shares folder.
You should see all your PCs shared directories. Keep in mind that by default, Windows XP adds a few shared directories (such as for remote administration); however, these should be protected from network access like on Wi-Fi hotspots. You should refer to the programs help documentation for more information. Typically, if a share path is of a specific personal directory, its likely a shared folder that others on the same network, such as hotspots, can view and/or edit.
You can edit the sharing preferences of folders in Windows XP:
1. Right-click on the folder, such as in My Computer, Windows Explorer, or on your desktop.
2. Select Sharing and Security.
3. Edit the settings in the Sharing tab, and click OK.
- Use Personal Firewall Software
To protect yourself from intruders on Wi-Fi hotspots and the Internet, you should have personal firewall software installed and active while connected. You can either use Windows XPs built-in firewall utility, accessed via the Control Panel, or use third party software such as ZoneAlarm.
- Keep Up-to-Date
Make sure your operating system is up to date at all times. This ensures that youre protected with the latest fixes that may repair any security holes in the operating system.
Watch Out for "Evil-Twin Hotspots"
There are several things you can do to help verify the legitimacy of Wi-Fi hotspots:
- Check for Wi-Fi here Signs
You may want to verify that the establishment that youre located at actually offers wireless Internet access, and confirm key details such as the SSID or network name, by looking for signs or by asking someone from the establishment. For example, you may be connecting to some sort of hotspot, but the management at the location may tell you, Its not us: we dont offer wireless, which indicates that you may be connecting to a fake hotspot.
- Make Sure SSL Encryption is Used
Any login or payment pages of the hotspot should be protected with SSL encryption -- if not, its a possible fake hotspot. Look for that padlock icon.
- Check the SSL Certificate
By looking at the details of the SSL certificate used by any login or payment pages of the hotspot, you may help verify the legitimacy of the Wi-Fi hotspot. In Internet Explorer, you can do this by double-clicking the padlock icon in the browsers lower right-hand corner.
Beware Public Workstations or PCs
- Use as a Last Resort
Even though you can take steps to help protect yourself on public PCs, you should try to avoid using them at all, because there is a big risk that key loggers and other tools may be installed to track every keystroke you make.
- Use Personal VPNs
When using public PCs to access sensitive sites, you should use personal VPNs to encrypt the traffic, because the PC may be connected to a wired or wireless network where others can see all the traffic, just as easily as if you were using a Wi-Fi hotspot.
However, exercise extreme caution when using corporate or other VPNs connected to a remote network that enables access to personal data. Any hosted VPN access or software made for access on public networks uses the same strong encryption (to protect the real-time traffic), but this does not enable remote connectivity to network files and servers. Therefore, if someone does get your VPN account information, they wont be given access to any files or servers.
- Dont Save Login Information
When logging into your Web accounts on public PCs, make sure you dont save the login information. For example, dont use the Remember Me option. And manually log out when youre done.
Stay tuned for the solutions Wi-Fi hotspot operators can implement to increase wireless security at their venues.
Eric Geier is a computing and wireless networking author and consultant. Hes employed with Wireless-Nets, Ltd., a consulting firm focusing on the implementation of wireless mobile solutions and training. Eric is also an author and contributor of several books, including Wi-Fi Hotspots: Setting up Public Wireless Internet Access, and eLearning (CBT) courses.