GetNetWise

WSI (Wireless Security Initiative)

GetNetWise launched the WSI public awareness campaign to help Internet users get-net-wise about wireless threats and precautions they should take.

Wireless Security

Home
Childrens Safety Privacy Online Security Spam Tell someone about GetNetWise Glossary Frequently Asked Questions Join Us

Home / Spotlight / Wireless / WiFi tips / Public Wi-Fi Protection

Public Wi-Fi Hotspot Protection

First and foremost, online users should proactively take all the necessary steps to safeguard their computers. A key component to computer security is password protection. Make sure your administrator account on your computer is protected by a password that is hard-to-guess but easy-to-remember. This is especially important if you have a home network of computers. You don't want people using your Wi-Fi connection to gain easy access to your computer. In Windows XP set your password in the "Control Panel" under "User Accounts." In Macintosh OS X (10.3) set your password in the "System Preferences" under "Accounts" or "My Accounts."

Precautions for Public Wi-Fi Use

Whether you open or close your Wi-Fi network, there is still another security risk of which you should be aware. When you access Web pages or send email over a Wi-Fi network those transmissions are sent "in the clear." In the clear means that a sophisticated and determined hacker could grab that information right out of the air and capture your emails and Web page requests. This is also the case when using Wi-Fi at your local coffee shop .

  • Use an SSL secure connection for transactions involving the sharing of sensitive personal information: Secure Socket Layer (SSL) technology encrypts transactions by creating a secure tunnel between your computer and the Web site server. Before you type in your credit card or sensitive information, be sure to look for indicators that the site is encrypted.
    • How to Recognize A Secure Web Site Using SSL.
    • flash movie
      Other Signs:
    • The prefix https:// instead of http:// in the URL -- look for the "s".
    • Firefox users will find that a secure URL will be highlighted in yellow in your address bar.
    • A closed padlock on the bottom of your screen.
    • An unbroken key on the bottom of your screen.
  • Read and understand security policies for the networks that you are using: Follow the links below to find the security policies for some of the most popular networks available in public spots, this information is often available at the login page for the free site as well ( More information on reading a privacy policy):

Risks Associated with Wireless Activity*

Evil Twin Attacks

Evil twin attacks are slowly mounting as wireless device users are increasingly conducting business over the Internet. While grabbing a few minutes of connectivity is convenient and productive, identity thieves are discovering that, through evil twin attacks, hotspots are a great way to steal unsuspecting users' private information and business data.

While users are connecting their laptops, PDAs, and smartphones to a wireless network or hotspot, a hacker may be in the area sending out his own Wi-Fi signal, with an exact replica of the sign-in Web page of a legitimate service - hence the name evil twin.

The damage from an evil twin attack can have many consequences. An intruder can degrade network performance or deny service completely. An evil twin may offer fake login prompts to steal user names and passwords, which can then be used for later access by the hacker or a third party. The hacker's goal is to have unsuspecting surfers log on to the page and dole out private, sensitive data including credit card numbers, passwords, and confidential business information.

Security Risks Associated with Web Browsers

There are several measures already in place by most Web browsers to warn about unencrypted Web pages. However, various security flaws still exist in these browsers.

  • Pop-up warnings: Web browsers often use a pop-up dialog box to indicate that information being sent is not encrypted. However, these boxes offer the option to users to turn off the dialogue box so it never appears again. Even when enabled, many users are prone to simply clicking through such warnings without paying much attention.
  • The lock icon: Most Web browsers display a small lock icon to indicate an encrypted Web page. Though users should be diligent about looking for them every time they log on to a new Web page, they often are not. Additionally, hackers often register commonly misspelled domains names or ones that closely resemble legitimate sites. When a user is redirected to that page it will display the lock icon, and the user may not notice the changed domain name. While the connection to the site may be encrypted, the user is not communicating with the site they believe they are.
  • HTTPS and unfamiliar links: Many financial services advertise the unencrypted version of their Web pages (https indicates a secure version; http, however, is easier to remember). When a user logs on to that page and clicks to enter the encrypted version, he or she can be redirected to a page with a domain name that is different than the company's normal home page. If users don't recognize the name, however, it is difficult to know if they have been redirected to a page operated by the company or a hacker.

Physical Loss of Computer

The biggest risk associated with Wi-Fi activity is, in fact, the loss or theft of the Wi-Fi enabled laptop or other devices. Before taking any action to secure Wi-Fi communication, it is important to establish the physical security of the device itself. The risks associated with the physical loss of a laptop or wireless mobile device include (but are not limited to):

  • Loss of confidential or proprietary information, which might expose you or your employer to litigation, loss of competitiveness, loss of reputation, loss of clients, loss of suppliers, breach of M&A information, stock exchange regulations affecting confidential information exposure, etc.
  • Loss of irreplaceable information, which might expose you or your employer to severe interference or disruption.
  • Loss of confidential access information (user names, passwords), which might enable a malicious acquirer of the laptop to access and compromise (or plunder) your or your employer's resources.

In the office, physical security means using computer locking cables during the day to ensure that laptops that are in use on desks cannot simply be picked up and removed. In theory, laptops are safer at home than they are in an unattended office (i.e., don't leave your laptop or other wireless mobile devices on your desk overnight), as long as the home is secured from theft.

The real challenge is in transit: it's what happens to the laptop in the coffee shop, in its bag on the bus, plane or train, or in the taxi cab. More laptops are lost in taxis than by any other means. The basic guidance (apart from paying attention) is store laptops in nondescript carry bags, or inside brief cases or luggage - anything that doesn't look like a computer case, so as to avoid encouraging a passing criminal to consider stealing it.

When in public places, hold on to the laptop at all times, especially in bars, hotels, and airport lounges. When you're not using it, keep it under your feet or better yet, on your lap. Do not leave a laptop unattended, not in a public place, not on view inside a vehicle, not anywhere. Keep a close eye on it when you go through a security checkpoint - someone might grab it while you're distracted by something or someone else.

* Information provided by symantec.

 
Privacy Policy Contact GetNetWise Search Sign up for the GetNetWise Newsletter Press
Site Copyright 2003 Internet Education Foundation