How to: Surf Safely at Public Hotspots
June 17, 2009
Since Wi-Fi signals are wireless, people can essentially grab your data from thin air. However, there are many preventive measures you can take to ensure your files and sensitive information stay private.
To properly protect yourself against Wi-Fi hackers or eavesdroppers, you must first understand the main security risks of using Wi-Fi hotspots:
Exposed data. Most Wi-Fi hotspots dont use encryption to scramble the data being sent to and from your computer and the hotspot. This means anyone within hundreds of feet, with the right tools, can potentially intercept the raw data packets of your connection.
At the very least, without encryption, they could see exactly what Websites you visit. Moreover, if the Website connection isnt encrypted with Secure Socket Layer (SSL), (indicated by a padlock icon in your browser) then they could see the contents and traffic involving that particular Website. This could include the username and password of Websites you log in to that, if they arent using SSL.
Your laptop itself. If your firewall or sharing settings arent properly configured, your computer is much more susceptible to intrusion from hackers on the Internet or at the hotspot location. One of the biggest mistakes you can make is to leave shared folders enabled while on a hotspot. Others connected to the hotspot may be able to open up Network or My Network Places and browse to your shared folders. Depending upon your sharing settings, they may be able to read or edit your filesnot good.
Your financial info or identity. Wi-Fi hackers wanting to deliberately break the law can set up their own AP and equipment to create a copycat of a real Wi-Fi hotspot. They would do this in order to get you to connect to their signal and make payment. Then they could use your credit card and identity information themselves or sell it. Since they could copy the exact look and feel of other real hotspot providers, you might not ever notice youve been dupedgood reason to regularly check your credit report. They can also pull other tricks out of the bag, such as redirect users from popular financial Web sites to their fake sites to order to obtain the login info.
Protect your Wi-Fi connections traffic
Fortunately, with some common sense and simple tools, we can prevent all these bad things from happening to us. Using just one of the following methods is adequate to protect your most sensitive information when using hotspots:
Use SSL for sensitive sites/services. You should always make sure any Web site you log on to that deals with sensitive information or any service you use (such as e-mail and FTP) are protected with SSL encryption. This will ensure the information passing to and from your computer and the site or service are secure, even if you are on a real or fake hotspot. When SSL is used, Web browsers will have an https address, instead of http, and will display a padlock or certificate information next to the URL in your browser.
For e-mail client programs, such as Outlook or Thunderbird, you need to make sure SSL is being used for the POP3 and IMAP4 or SMTP server connections. The e-mail service you use must support the encryption. If yours doesnt, you may want to look into other solutions, such as Neomailbox, Hushmail, or 4securemail.
Use a Virtual Private Network (VPN) connection. This would encrypt all your Internet traffic. You could essentially use unencrypted connections to sites and services, and hackers at the hotspot wont be able to intercept anything. You would basically be using the Internet connection at the VPN server end-point for access to the Web. The hotspots Internet connection is just being used so an encryption tunnel between your computer and the VPN server can exist.
Using a VPN connection when on public hotspots is great if not all the sites or services you use are encrypted, or you want extra security. You can check with your employer to see if they have a VPN solution, create your own, or use a commercial or free hosted service. For best protection, use IPsec-based VPN, rather than PPTP.
Use encrypted hotspots. Some of the big hotspot providers, such as T-Mobile and iBahn, provide WPA-Enterprise encryption on their hotspots with 802.1X authentication. Connecting to these spots ensure your wireless communications are protected from the public. Remember, its always best to make sure sites and services are accessed securely though, to protect the traffic when traveling through the Internet.
Stop Internet and Wi-Fi invasions
Now to prevent unauthorized access to your computer or device, make sure you follow each of these practices:
Disable sharing: Some hotspots dont block communication between connected users. Therefore, you should always disable file sharing while surfing at public locations. In Windows XP, double-click the wireless icon in the system tray, click the Properties button, uncheck the File and Printer Sharing option (see Figure 1), and click OK. In Windows Vista, you should use the new network classification scheme. After connecting to the hotspot, select Public for the network type or location; this automatically disables sharing.
Keep Windows firewall enabled and safe. This blocks the ports people could use to intrude on your computer. You might also think about checking the Dont allow exceptions option while connected to open networks, or at least review the programs and ports on the exceptions list.
Keep your computer or device up-to-date. This ensures your computer is plugging the latest security holes that have been found in the operating system or your software.
Watch out for evil twins
There are a few things you can do to ensure you are connecting to a real hotspot:
Check in with the business hosting the hotspot. If you find a hotspot, try to identify who is hosting it and ask about the service. You might find discrepancies that are alarming, such as they dont really offer Wi-Fi. Plus, if the hotspot seems to be a part of a network or multi-location provider, check to see if their hotspot directory lists the given location.
Sign up for hotspot service at home. Just to be on the safe side, dont sign up for hotspot service directly from hotspots. That way an evil-twin hotspot cant get your credit card information.
Make sure SSL is used for hotspot payments/billing. If you must sign up for hotspot service while on the go, make sure any payment and billing forms you fill out are protected with an SSL connection. Plus watch out for SSL certificates with errors, which Internet Explorer should notify you of. Fake hotspots may not use proper certificates or SSL at all.
Dont connect to ad hoc connections. Any ad hoc connections (computers allowing people to connect to them) should be considered as evil-twin setups or a misconfiguration of wireless settings in XP. In other words, wireless Internet is rarely provided via these computer-to-computer connections.
Your own protection
If you follow the tips and techniques we discussed, your computer, data, and identity should be just fine. Remember the three risks. To protect your Wi-Fi packets, use at least one encryption method. For hacking prevention, think sharing and firewall. Finally, be careful to make sure you dont get duped by a Wi-Fi criminal.
Well leave you with a few last quick tips:
Keep your eye on your tech toys when in publicall this tech talk and someone can just swipe your stuff.
Disable the automatically connect option in the properties of your networks.
Remove any ad hoc networks from the Windows list.
Disable your wireless adapter altogether when not actively surfing.
Eric Geier is the Founder and President of Sky-Nets, Ltd., a Wi-Fi Hotspot Network. He is also the author of many networking and computing books, including Home Networking All-in-One Desk Reference For Dummies (Wiley 2008) and Wi-Fi Hotspots: Setting Up Public Wireless Internet Access (Cisco Press 2006).
Article adapted from Datamation.