Public WiFi Security
the constantly traveling
mobile white collar
professional getting online while away from the office was often a
challenge often requiring the use of a dial up modem. Connections were
often slow and dropped frequently. The use of wireless networks in the
past several years have freed the mobile professional worker from phone
lines and modems. Internet connections in places like hotels, coffee
shops, restaurants, and airports allow for more than just offline
composition of word processing documents, and spreadsheets. Now the
mobile professional can be in active contact with the office at
practically all times.
Using openly available WiFi maybe great for catching up on e-mail back at the office, but the downside is rarely seen or even considered. Using WiFi access points that have no encryption can open one up to getting their personal information to getting stolen. There are a couple of ways of intercepting sensitive data when using public WiFi.
The first method that data gets intercepted is if somebody using a computer on public WiFi network uses a freely packet capture utility such as Wireshark. Packet capture programs, capture all data that comes out of every computer within range. Anybody who appears to be just another user could actually be reading other peoples’ personal e-mails. Interceptors don’t just get other peoples’ e-mails but also the user ID’s and passwords for the e-mail accounts. This could allow peoples’ e-mail account user ID’s and passwords to be collected and sold to spammers.
The other method used to intercept sensitive data is the man in the middle attack. A computer is set up to act as an WiFi Access Point and when an unsuspecting user tries to connect to what they think is a public WiFi network they are in fact are connecting to a computer that is waiting to capture all their sensitive data. Man in the middle attacks are more commonly seen on municipal WiFi networks. The man in the middle Access Point will have the same SSID as the public network. An unsuspecting user will see the same SSID for the public WiFi on two channels are will try to connect to the one with the stronger signal strength. If the man in the middle access point is physically closer to the user or has better antennas than the real public WiFi access point then they become very likely to get their identity stolen.
To combat the problem of data eavesdropping on public wifi networks there are a number of companies that offer data encryption service. These services take that data on somebody’s computer encrypts it before it’s transmitted on the public WiFi network. The data is decrypted on the company’s servers and directs the Internet traffic to where it’s supposed to go. Anybody using a packet capture program or conducting a man in the middle attack will only see garbled data which they cannot use.
For the traveling white collar professional or even the casual web surfer using public WiFi networks is close to unavoidable. While the risk on most public WiFi networks is pretty low a greal of caution must be practiced in order to keep sensitive data safe.
Public WiFi Security Tips
If using public wifi is required for doing work then make sure that your company provides a Virtual Private Network that connects using Secure Socket Layer with 28 bit encryption.
For personal surfing use an encryption program
NEVER EVER use Municipal WiFi in place of real broadband service.
If a two Access Points are found using the same SSID DO NOT use ether on of them, chances are that you have a running a 50/50 risk of connecting to a man in the middle and you’ll be giving up sensitive data to somebody you don’t even know.
If there are any concerns about data security when using a public WiFi Network then hardwire if possible. While this maybe inconvenient, the risks are much greater.