Ways to use public Wi-Fi safely
Ways to use public Wi-Fi safely
By Rich Vázquez, CISA, CISSP Friday, 13 March 2009
It is important to remember that public Wi-fi is just that — public. Using public networks can be convenient, but without proper security, logging on to websites that feature personal information, such as a banking web site, can be similar to leaving your wallet sitting on a park bench. In 2007, the Federal Trade Commission received more than 800,000 consumer fraud and identity theft complaints and losses cost victims more than $1.2 billion.
The first thing to do in a public space is find the name of the network to connect to. Hackers sometimes set up similarly spelled networks, such as HavaHouse instead of JavaHouse. This is called an Evil Twin Attack. Once connected to the imitation network, hackers can get information from the computer and internet activity. It is important to verify the name of the intended network before connecting to one.
Using anti-virus and firewall software is a front line of defense. A firewall prevents someone from finding a program on a computer that would allow them to connect and steal information. If a hacker can connect to a victim's computer, he or she can also find a way to infect the victim's computer with a virus and later steal private information. Many criminals collect information in large databases and work through the names over time. Some frauds are executed over many months or years, so victims may not realize their information or computer has been compromised until the criminal is ready to use it.
File sharing is also a big risk. Many people have multiple computers in their homes and share files. If folder with family pictures or business documents is shared at home, those files will still be shared when connected in a public place and may be exposed to anyone else on the network.
Not every attack is high-tech. While engrossed in email or doing taxes online, someone may be sitting nearby carefully watching for user names, passwords or other personal information. This is called shoulder surfing. Social engineering can be a series of emails, phone calls or a conversation that tricks a victim into revealing information that can be used later to bypass security. That same person who was looking over a victim's shoulder could start a conversation and during casual chatter find out additional personal information such as birthdays, names of children and names of pets — all commonly used passwords. Without ever touching a computer, a hacker could find out e-mail providers, banking information, and answers to commonly asked security questions.
Not all hackers' attacks are to steal money. Privacy can also be compromised by an invader. Any personal gossip, family pictures or embarrassing information on personal computers may be at risk, especially if it is sent by e-mail via a compromised network connection.
Chris Boyd, a director of EFF-Austin, suggests following what he calls the Six O'Clock News Rule.
"If you are using your computer on an open access network and the data that you are about to send or potentially receive could be damaging or embarrassing if reported on the six o'clock news, you should encrypt it, or better, wait until you are at a more secure location," he said.
The easiest way to confirm a secure connection is to check for the https, with an s at the end, on a website to verify that it is using basic encryption for the traffic. Errors on the page could also be an indicator to watch out for. Sites using https are using SSL Certificates, which help verify the website is authentic. The information sent between visitors and the website is also encrypted, or scrambled so that someone watching the network cannot read the information.
Encryption helps protect website visitors from wireless sniffing. Tools are available for free that enable information to be tracked as it moves on the network. Attackers can watch a website vistor's traffic and use it to find passwords or even recreate a document or file sent to someone via the internet.
Several government websites are dedicated to educating consumers and the public about safe internet use at home and in public. There are also local organizations with security professionals who are available to speak to community groups about security.
Free anti-virus software: ClamAV and AVG
Local Organizations
Austin-EFF - advocates establishment and protection of digital rights and defense of the wealth of digital information, innovation, and technology.
ISSA (Information Systems Security Association) - part of their mission is to encourage a free exchange of information security techniques, approaches, and problem solving
OWASP (Open Web Application Security Project) - a worldwide free and open community focused on improving the security of application software. They have monthly free and open meetings.
Consumer Information
EFF (Electronic Frontier Foundation) - This group just released a guide to protect your privacy while online
FTC (Federal Trade Commission) - Information about fraud, privacy and a series of resources for protecting children onlines
Staying Safe Online - The National Cyber Security Alliance focus is Home Users, K-12 Educators, Small Businesses and Higher Education.
US-CERT Reading Room - The US Computer Emergency Readiness Team is a part of Homeland Security. They have several articles incuding the topics of protecting your browser, online fraud and securing your home wireless network.
Site tools
Georgetown | Hutto | Taylor Calendar
| « | < | July 2010 | > | » |
| S | M | T | W | T | F | S |
| 27 | 28 | 29 | 30 | 1 | 2 | 3 |
| 4 | 5 | 6 | 7 | 8 | 9 | 10 |
| 11 | 12 | 13 | 14 | 15 | 16 | 17 |
| 18 | 19 | 20 | 21 | 22 | 23 | 24 |
| 25 | 26 | 27 | 28 | 29 | 30 | 31 |
| Jul 29 – Georgetown Farmers Market |
| Jul 29 – Taylor Farmers Market |
| Jul 30 – Georgetown First Friday |
| Jul 30 – Music on the Square |
| Jul 31 – Sun City Farmers Market |
| Aug 5 – Suddenlink Communications Customer Appreciation Day |
| Aug 6 – Music on the Square |