1. Aruba Brings Wi-Fi to Wall Plates
  2. Review: Meraki Enterprise Cloud Controller for APs
  3. Logitech Harmony Link Review
  4. Ask the Wifi Guru: Episode 42
  5. Cisco Accelerates Wi-Fi with Aironet 3600

Wi-Fi Hotspot Security: Solutions for Users

By Eric Geier

August 07, 2006

Take steps to protect your personal documents, privacy and identity when using public wireless Internet access.

Related Articles

There are numerous issues regarding the usage of public wireless Internet access, as discussed in one of my earlier tutorials, Wi-Fi Hotspot Security: The Issues. However, Wi-Fi hotspots can still be safe and secure if hotspot administrators and users implement some safeguards.

There are many things you can do to help protect personal documents, privacy and identity when using public networks:

Secure Your Real-Time Traffic:

  • Use a VPN connection
    A virtual private network (VPN) encrypts all data sent from the VPN client (your computer) all the way to the VPN server, and vice versa. Along with providing a great way to secure real-time traffic on un-trusted networks such as Wi-Fi hotspots, VPNs can also enable the access of files and services on the VPN server’s network, which is why they're often used by businesses. Keep in mind, though, that there are a few different VPN flavors and several different ways you can go about getting this type of encryption, such as:
    • Use a company-provided VPN
    • Create and use your own VPN server
    • Purchase hosted VPN access or software
    • Use “clientless” SSL VPNs
  • If a VPN Connection Isn’t Used…
    • Secure any Services Used
      Make sure any services you use, such as POP3 and FTP, are secured if you are not using a VPN. Some e-mail hosts provide SSL encryption for e-mail accounts. If not, most e-mail providers do offer secure Web-based e-mail. You can even encrypt Google's Gmail with the right browser extensions.
    • Use SSL (or HTTPS) Web Sites
      Don’t visit any private or sensitive Web sites, such as banking, e-mail or Web accounts, unless they're secured with SSL and use an HTTPS address, typically indicated by a padlock icon in your browser.

Prevent Others from Connecting to Your Laptop:

  • Disable Sharing

Before connecting to Wi-Fi hotspots, you should disable sharing of any files, folders and services you may not want others to view, use or edit.

You can view all your PC’s shared folders in Windows XP:

    1. Access your PC’s Control Panel
    2. Open “Administrative Tools.” If in the control panel is in category view, you’ll need to select the “Performance and Maintenance” category.
    3. Double-click on “Computer Management.”
    4. Click on “Shared Folders” and open the “Shares” folder.

You should see all your PC’s shared directories. Keep in mind that by default, Windows XP adds a few shared directories (such as for remote administration); however, these should be protected from network access like on Wi-Fi hotspots. You should refer to the program’s help documentation for more information. Typically, if a share path is of a specific personal directory, it’s likely a shared folder that others on the same network, such as hotspots, can view and/or edit.

You can edit the sharing preferences of folders in Windows XP:

1.   Right-click on the folder, such as in “My Computer,” “Windows Explorer,” or on your desktop.

2.   Select “Sharing and Security.”

3.   Edit the settings in the “Sharing” tab, and click OK.

  • Use Personal Firewall Software

To protect yourself from intruders on Wi-Fi hotspots and the Internet, you should have personal firewall software installed and active while connected. You can either use Windows XP’s built-in firewall utility, accessed via the Control Panel, or use third party software such as ZoneAlarm.

  • Keep Up-to-Date

Make sure your operating system is up to date at all times. This ensures that you’re protected with the latest fixes that may repair any security holes in the operating system.

Watch Out for "Evil-Twin Hotspots"

There are several things you can do to help verify the legitimacy of Wi-Fi hotspots:

  • Check for “Wi-Fi here” Signs
    You may want to verify that the establishment that you’re located at actually offers wireless Internet access, and confirm key details such as the SSID or network name, by looking for signs or by asking someone from the establishment. For example, you may be connecting to some sort of hotspot, but the management at the location may tell you, “It’s not us: we don’t offer wireless,” which indicates that you may be connecting to a fake hotspot.
  • Make Sure SSL Encryption is Used
    Any login or payment pages of the hotspot should be protected with SSL encryption -- if not, it’s a possible fake hotspot. Look for that padlock icon.
  • Check the SSL Certificate
    By looking at the details of the SSL certificate used by any login or payment pages of the hotspot, you may help verify the legitimacy of the Wi-Fi hotspot. In Internet Explorer, you can do this by double-clicking the padlock icon in the browser’s lower right-hand corner.

Beware Public Workstations or PCs

  • Use as a Last Resort
    Even though you can take steps to help protect yourself on public PCs, you should try to avoid using them at all, because there is a big risk that key loggers and other tools may be installed to track every keystroke you make.
  • Use Personal VPNs
    When using public PCs to access sensitive sites, you should use personal VPNs to encrypt the traffic, because the PC may be connected to a wired or wireless network where others can see all the traffic, just as easily as if you were using a Wi-Fi hotspot.

However, exercise extreme caution when using corporate or other VPNs connected to a remote network that enables access to personal data. Any hosted VPN access or software made for access on public networks uses the same strong encryption (to protect the real-time traffic), but this does not enable remote connectivity to network files and servers. Therefore, if someone does get your VPN account information, they won’t be given access to any files or servers.

  • Don’t Save Login Information
    When logging into your Web accounts on public PCs, make sure you don’t save the login information. For example, don’t use the “Remember Me” option. And manually log out when you’re done.

Stay tuned for the solutions Wi-Fi hotspot operators can implement to increase wireless security at their venues.

Eric Geier is a computing and wireless networking author and consultant. He’s employed with Wireless-Nets, Ltd., a consulting firm focusing on the implementation of wireless mobile solutions and training. Eric is also an author and contributor of several books, including Wi-Fi Hotspots: Setting up Public Wireless Internet Access, and eLearning (CBT) courses.

Comment and Contribute
(Maximum characters: 1200). You have
characters left.