There are three things you need to consider when using an internet service away from home: your internet provider, your internet connection, and your computer. Your ISP can monitor everything you do. I’m not saying that they are, but they can.

Whenever you’re using a wireless hotspot such as in an internet cafe, or even a wired connection in a hotel or somewhere else, they are your ISP for that connection. Again, I’m not saying that the coffee shop, hotel or their wireless provider is spying on you, but I would take care to make sure you trust the provider you’re using. If you’re at “Joe’s Cafe” and it’s Joe’s teenage son that’s just slapped a wireless access point on their DSL connection – yes, he could certainly be monitoring what you’re up to if you’re not careful.

But that’s not really the biggest threat. So while you should of course exercise caution, for this discussion I’ll simply assume we can trust whoever’s providing the internet connectivity. “Anyone within wireless range of your laptop could be monitoring your internet usage.”The people we shouldn’t trust are the other users within range of that wireless connection.Anyone within wireless range of your laptop could be monitoring your internet usage.

 Scary, huh?

 So, here’s what you need to do:

•Use a firewall! Sounds like you’re already doing this, but for everyone else, this is critical. And it doesn’t have to be difficult; for example, I simply enable the built-in Windows firewall when I’m in an open WiFi situation.

Yes, there may be a router or firewall at the hotspot protecting you from threats from the internet, and that’s fantastic. It’s also not at all what I’m talking about here. In an open WiFi situation and in any “internet provided” situations like hotels, you need to protect yourself from everyone else that’s on the same side of the router as you are. They can see and connect directly to your machine unless you have enabled your firewall.

•Use httpS! That’s https; note the “s” at the end. An https connection is encrypted. That means that while someone can see that you’re accessing a particular web site, if you’re using https they cannot see any of the data you send to or receive from that site. This is the only safe way to do online banking. If you can’t connect via https, or the “s” disappears at some point in your exchange with your bank, then stop immediately. If it’s not https it’s not secure and anyone in the room could be monitoring what you’re doing.

•Secure your Email! Email is perhaps the biggest open security hole in these situations. If you use a POP3/SMTP email client, the default configuration for most is totally unsecure. I could sit in a corner of the internet cafe and not only read your email with you, but also steal your account name and password. It really is that unsecure.

With POP3 and SMTP you should contact your email provider and see if they support SSL connections. If they do, it’s a slightly different configuration in your email program but once done all of the communication between your email program and email servers are securely encrypted.

Online or web-based email services deserve special consideration. Most do not support https connections. The one exception is Gmail, which will use https if you make sure to login through an https connection, and have the “always use https” option selection in Gmail’s options.

•Consider a VPN. Not all sites support https as it takes extra work on their part. For example, there is no https version of ask-leo.com; you can only access it through unencrypted http, and that’s the norm for most sites that don’t process confidential information. But that means that someone could still be watching where you go. If you don’t mind them seeing that you’re visiting ask-leo.com, or what you might happen to search for on Google, or whatever other sites you’re visiting in the clear, then you don’t need to do anything.

 And not all email providers will provide secure connections.

However, if you’re a “road warrior” and spend a lot of time in internet cafes, have an unsecure email configuration, or browse a lot of sites that you’d rather not be so easily sniffable, you might consider a VPN (Virtual Private Network) service. I’ve never used one personally, so I can’t recommend one specifically, but there are several. http://www.hotspotvpn.com/ is one example. Using these services you create an encrypted connection to the service and route all your internet traffic through them. When you do this, the folks in the cafe see only encrypted data which they can do nothing with.

•Realize that a “login intercept” protects them, not you. In many free WiFi situations the first time you use the service no matter where you try to go you’re first intercepted and sent to a page where you’re required to “login” or otherwise accept the terms of service. This page does not protect you at all. It has nothing to do with security, wireless or otherwise. It’s nothing more than a bit of legalese to protect the internet provider.

So, how big is the risk, really? It depends.I would expect busy hotspots near sensitive areas to be a fairly reasonable risk. Busy coffee houses, open airport WiFi, libraries and the like seem like “target rich environments” for the potential hacker. These are certainly places where I’d make sure to take these safety measures myself. Less busy hotspots? Perhaps not so much. But it is possible, and more frighteningly, it’s not all that hard for someone who’s technically savvy.

 Article C3269 – November 12, 2009

No tags

Hot spots are hot. Located in thousands of airport lounges, hotels, cafés, and even public parks, they allow anyone with an 802.11b wireless LAN card to surf the Web, check e-mail, or even connect to the company LAN at broadband speeds. Before you experience the thrill of surfing the Net while nursing a latte at Starbucks, however, be sure you take the necessary precautions.

All wireless LANs have security issues, but wireless hot spots raise unique concerns. As with any wireless LAN, signals can penetrate walls and ceilings. That means that anyone in range with a standard wireless card can connect, even if they’re sitting out in the parking lot.

Hot-spot services are designed for maximum ease of use, so they generally don’t offer WEP or WPA encryption; if you connect to a hot spot, just about all the data you send is probably unencrypted. Since wireless LANs allow peer-to-peer connections, the computer-savvy guy at the corner table may be able to connect to your notebook and mooch your Internet connection, look at your unprotected files, or hitch a ride as you connect to your corporate LAN. He can also eavesdrop the airwaves with one of the many wireless sniffers available on the Web and watch as you unintentionally reveal your corporate network log-on information, your credit card numbers, IP addresses of your connections, and even the contents of e-mails, instant messages, and file attachments. Anyone with malicious intent can do lots of damage with this information, both to you and the company that employs you. And of course, you’re vulnerable to the same viruses, worms, and other attacks as you would be on any unprotected network.

So what can you do? Here are several ways you can protect yourself.

• Disable your wireless card’s ad-hoc (peer-to-peer) mode. You can do this via the adapter’s utilities or within Windows XP by clicking on Network Connections in the Control Panel. This will help prevent anyone from connecting to your notebook.

• Remove or disable your wireless card if you’re working offline.

• Install a personal firewall. Windows XP offers the rudimentary Internet Connections Firewall, but more advanced personal firewall products, such as Symantec’s Norton Internet Security and Zone Labs’ ZoneAlarm, can prevent others from accessing your notebook and even alert you when an attempt is made.

• Install personal antivirus software from McAfee, Symantec, or another antivirus vendor, and enable automatic signature updates.

• Take advantage of your e-mail client’s security features, particularly digital signatures and e-mail encryption. Digital signatures verify your identity to your recipients and ensure that messages are not tampered with during transmission. Microsoft Outlook lets you add digital signatures to messages and encrypt messages and attachments using S/MIME. If you’re using a Web-based e-mail service, make sure it offers some type of encryption. Be aware, however, that in many cases with such services only the log-on information is encrypted, while text is sent in the clear. You may want to use third-party e-mail encryption utilities, such as PGP Corp.’s PGP Personal, which offers digital signatures and strong encryption for messages and attachments, as well as for files stored on your computer.

• Make sure you submit credit card information only to SSL-protected Web sites (look for https:// in the address bar).

• For the best protection, use a virtual private network (VPN) to provide strong authentication and encryption for all your hot-spot communications. This is particularly important if you’re connecting to your company’s network, in which case you’ll probably get VPN client software from your IT manager. Small-business users can install VPN-enabled firewall and router appliances from Netgear, SonicWall, 3Com, or Watchguard at the office or use one of the many small-business VPN services available, for example, from Sprint or Verio. • Keep your OS and software up to date with security patches.

And of course, make sure nobody is looking over your shoulder as you enter vital information. Enjoy the freedom and convenience that hot spots offer, but make sure that hot spots don’t land you in hot water.

No tags