Wi-Fi hotspots present a special set of security issues, notably unknown computers sharing the same local network with you. Unlike home or office networks, most public hotspots in hotels and cafes broadcast their SSIDs, lack WEP or WPA encryption, and don't bother with MAC address filtering. After all, turning on any of these functions would negate the "public" aspect of hotspots. That said, even if they used closed networks and encryption, making customers go through hoops to get connected, there would still be no way to tell a "legitimate" client from a "malicious" one out to hack other customers' data. Anyone with a credit card can sign up for hotspot service. So what can you do to protect yourself at a public hotspot? Plenty... | |
Top 10 Security Tips for Public Hotspots
1. Make sure you're connected to a legitimate access point! This first step is probably the least obvious, but one of the most important. Rogue access points in public areas have been springing up that have the same SSID as what you'd expect (such as "Wayport" or "tmobile"), but really connect directly to hijackers' databases to collect the passwords and usernames you use to sign in. Even worse, they can collect credit card data from people who sign up for new accounts. So don't connect in places where there is no sign for a legitimate provider, and check the list of available SSIDs to make sure you are connected to the right one. Don't set your wireless card to connect automatically to any available network. Turn off the ad-hoc mode (which lets other clients connect directly to you!). And turn off your Wi-Fi card entirely as soon as you are done. 2. Encrypt sensitive data. As you beam emails from your laptop to the wireless access point and back, or as you enter your username and password to check your bank account balances someone nearby can be intercepting those packets of data as they fly by. Much of the information -- even information that you might think should be encrypted -- is sent in clear text. That means that the person intercepting those packets may be able to read your emails or learn your passwords. While data sent to and from secure Web sites (those starting with https:) is generally protected, you can also use encryption in other contexts. If you are sending a sensitive file via email, for example, encrypt it first with a password. Most file compression programs, such as Allume's StuffIt Deluxe, offer encryption, and there are numerous freeware and shareware encryption programs as well. 3. Use a Virtual Private Network. One of the best ways to protect your data when using a public wireless network or hotspot is to use a virtual private network (VPN), such as JiWire SpotLock. A VPN establishes a private network across the public network by creating a tunnel between the two endpoints so that nobody in between can intercept the data. Many companies allow remote users to connect to corporate networks as long as they use VPN. This keeps the users' communications just as secure as if they were sitting at a desk in the building. If you don't have a corporate VPN, you can be secure at any hotspot using JiWire SpotLock. SpotLock's IPSec VPN is supported by almost all wireless routers, both public and private, and SpotLock also includes full Wi-Fi connection management. 4. Use a personal firewall. When you connect to a public wireless network you are joining a local network with other unknown computers. Having these computers on the same IP subnet makes them more dangerous than machines elsewhere on the Internet. Machines in your network and subnet range are able to more easily capture traffic between your computer and the wireless access point or attempt to connect with your computer and access your files and folders. To protect your computer you should run a personal firewall program. There are many excellent choices. Some, such as Zone Labs ZoneAlarm, Kerio's Personal Firewall, and the built-in Windows XP Firewall are available for free for home or personal use. You should not install them on your corporate laptop, however, without purchasing the proper licensing or consulting your IT manager. Security software vendors such as Symantec and McAfee also make commercial personal firewall products. A personal firewall will help you restrict the traffic allowed in and out of your computer. This protects you not only from attacks that originate outside of your network, but also those from other computers on the same network. Personal firewall software generally monitors both incoming and outgoing traffic, as well as applications trying to interact with other system processes or with the operating system. Should your computer somehow become compromised with a Trojan horse or backdoor program, a personal firewall application should flag the unusual communication attempts and alert you. Make sure you take the time to familiarize yourself with the product you choose and configure it properly to get the maximum protection without getting in the way of legitimate traffic and applications. 5. Use anti-virus software. When you are on your home network or even on your company network you can operate with a fair assurance that the other machines on the network with you are at least as protected as yours is against viruses and other malicious code. When you connect to a public network you have no such assurance. Suddenly it is more important than ever to have antivirus software installed. Of course, antivirus software is only as good as its last update. If you updated your antivirus software a month ago there are probably at least 10 and maybe 50 or more new viruses, worms and other malware that you aren't protected against. Make a special effort to go to the vendor's Web site and download the latest update any time you hear about a new high-risk or fast-spreading threat, and take advantage of the auto-update features now found in most such programs. 6. Keep your OS and apps up to date. It seems that almost every week there's a new "security patch" for various parts of the Windows operating system or Office programs. And it's not just Microsoft. Apple has its own fair share of security updates, as do most utility and business software vendors. Most of the malicious viruses and worms that have plagued users recently spread through email, so be especially cautious about opening attachments. Windows users should enable Automatic Updates or visit the Windows Update site to scan your system and identify patches you may be missing. Mac OS users should enable the automatic Software Update feature in System Preferences; and Linux/UNIX users can visit sites such asBugtraq or subscribe to receive bulletins and alerts from the Department of Homeland Security'sUS-CERT. 7. Be aware of people around you. When you're at an ATM, you make sure noone can see you type your PIN. Be just as careful about typing in your name and password at a Starbucks. You pay big bucks for your T-Mobile access! 8. Use Web-based email when you're connecting at a public hotspot, instead of Outlook, Eudora, or Apple Mail. Most ISPs these days let you send and receive email via a Web interface as well as downloading it into your email program. These Web sites generally use secure sockets layer (SSL) or other security protocols, which protect your data while it's being transmitted. 9. Make sure file sharing is off! On home networks, file sharing is frequently used to copy files back and forth between computers. On a public network, this is the last thing you want to have on, for obvious reasons. If necessary, put a sticky note on the edge of your computer screen reminding you to turn it off before you close your laptop. Just don't write your passwords on the same sticky note... 10. Use passwords for personal data. Our final tip: use strong passwords for sensitive files and folders, as well as for access to your computer as a whole. This is especially important for mobile warriors whose laptops are attractive theft targets. Consider keeping your most important data on an encrypted USB keychain storage device, so even if you lose your portable, you won't lose your presentation or email folder. | |
0 التعليقات:
إرسال تعليق