This article was contributed to OUT-LAW by David Hobson of Global Secure Systems.
Once you are associated to an access point, you are on the same network as others connected to the same access point, in the same way as plugging into the same network segment. A simple network discovery will show who else is connected – and from there an unscrupulous user could try to access your machine.
This may not be deliberate. A Trojan may automatically be scanning in the background for, and trying to infect other machines. In addition to the possibility of direct attack, your data is probably going to be 'clear text' – i.e. not encrypted.
10 tips for using public Wi-Fi
- By its very nature a hotspot will not have any encryption or security on it. It is there to enable as many people as possible to connect, as easily as possible. To offer a pre-shared security key is impractical, and the more people who have a key, the less valuable a key is. This means that if you are sending email, someone on that network will be able to read your data unless there is other security in place. It is a bit like handing a postcard over a post office counter: everyone in the post office can read it.
- Most web traffic is, by its very nature, clear text. Most websites will switch to secure, encrypted HTTPS traffic when doing commercial transactions. Web mail is normally in the clear. To tell if you have changed, look for the little padlock symbol in your browser.
- If you are using business email, we strongly recommend using a VPN (Virtual Private Network) between you and the business mail server. This should be provided by the business. Normally this is a security overlay on your traffic. This will encrypt data and ensure no eavesdroppers read it.
- Your PC needs to have a personal firewall installed, and switched on. A basic firewall is provided within Windows now. Use it. This stops unauthorised access on to the PC.
- Many businesses will add an additional personal firewall. The clever ones will actually change the policy based upon your location, which will control the flow of data in and out of your PC in accordance with your policy.
- Ensure your anti-virus software is installed, up-to-date and working. This will defend against known virus or Trojan attacks.
- Turn off ad-hoc networking. Wi-Fi has two methods of working: ad hoc and infrastructure. Infrastructure is when your PC connects to an Access Point, and then on to a wired network. Ad-hoc is when two PCs communicate to each other directly without an Access Point. You should ensure no one can network directly, unless there is a specific reason.
- Watch out for shoulder-surfing. Don’t sit with your back to a crowd or window inviting unwanted snoopers to see you type your password or read your documents.
- Think about the length of time you are connected. As a precaution, prepare messages off-line and only connect to send and receive. This will reduce the window of opportunity for someone to capture your data.
- When accessing a hotspot be aware of hotspot hijacking. This is when a fake access point is used to fool you into connecting to it. It will record all traffic from your system. This type of attack is mainly used in internet cafés since access is open. Always try and make sure you connect to genuine access points.