wireless.gumph.org
Main
  Home
  Wi-Fi Pages and links
  Glossary
 
Popular
  Homemade Antenna
  Antenna Connectors
  Laptop Mini Wireless Antenna
  Long Range How-To
 
Articles
  Customize your Wireless Router
  Howto - Windows XP VPN
  Public Wifi Safety
  The State of WiMAX
  Pre-N Wireless Roundup
  Securing Your Wireless Network
  Hardware for Point-to-point links
  MIMO Wireless Guide
  Highspeed Wireless Bridge
  Linux Based AP
  Access Point Comparison
  Limiting Shared Bandwidth
  Antenna Cabling
 
Reviews
  Netgear DG834G
  USR MAXg Router
  Linksys WAG354G
  3Com 3CRWDR100A-72
 
Hardware insides
  Inside a 3Com 3CRWDR100A-72
  Inside a Buffalo WBRG54
  Inside a Linksys Wag54g
  Inside a Belkin F5D7130
  Inside a Buffalo Airstation
  Inside a Linksys Wap11
 
Books
  Wireless Hacks
  Building Wireless Community Networks
  802.11 Security
  Wireless Network Starter Kit
  Hardware Hacking for Geeks
 
Appendix
  Older News
  Changelog
  Privacy policy
  About
Public WiFi safety
 
Keeping your wireless traffic secure while you read your emails at the local coffee shop will prevent anyone sniffing your emails, or worse - your passwords. We detail the options availble for keeping your WiFi connection safe.

Whenever we come across a public wireless service provided by either the local coffee shop, or the conference centre we are visiting, it's very easy to just jump right on and start using it just the same as we would if we were at home, or at work. But it's rarely safe to do so.

If the wireless is open to anyone, then usually it's not even encrypted, so anyone (with the right software) can sniff your wireless traffic straight out of the ether. Even if the wireless is encrypted you cannot guarantee the security of your connection, because if it uses a common password, it can be possible for anyone else who also knows the password to just decrypt your traffic as easy as pie.

If you use the connection to check your email, or log into your regular forum haunts (cookies may log you in automatically) then anyone sniffing your traffic, can easily pick up your user name and password, and log in as you whenever they like, allowing them easy pickings to at the least abuse your online identity, and at worst, steal your identity completely.

By taking a few precautions you can ensure the safety of your traffic, while still getting the benefit of free WiFi access.

Don't Forget Your Firewall

If you usually use your laptop at work or home, then it's easy to forget to check that the firewall is covering your wireless connection. Most times when setting up a firewall we just configure it to protect us on a dialup connection, and not our wireless connection, as it makes sharing files and printers easier. But as soon as you connect to an open wireless connection, are you sure you still want to be sharing all of your files with everyone else in the coffee shop? Thought not.

So before you connect, make sure your wireless connection is flagged as protected by a firewall. If you are using windows XP, just looking for the padlock on the icon for your wireless connection in the Network connections control panel, is not enough, as by default the XP firewall only protects you from internet traffic, not local traffic, so you need to secure your XP firewall . If you are using some other firewall (Norton, zonealarm etc) then make sure that the wireless connection is flagged as protected before connecting.

Webmail or POP

When checking your email it's easy to just start up outlook or thunderbird, and watch all the messages arrive lovely and quickly, but did you remember to check the security settings? Most email providers and ISPs don't require you to use encrypted connections to send and receive email, and some only require secure authentication to send email (as a spam prevention tactic) with no security when checking email.

This means that more often than not, unless you have turned on "secure connection" for both you outgoing and incoming email connections (which your ISP may not support) you are sending both your username, password and the contents of the emails in plain text across the wireless connection. Easy pickings for anyone sniffing your traffic.

The easiest way to ensure that all of your mail is safe, is to use your ISPs webmail as long as it supports a secure connection, and most do. This means connecting to https://webmail.yourisp.com note the https at the start, rather than the usual http. You'll need to check what the exact url is for your ISP, but do it before you wander off to the coffee shop, and add it to your bookmarks/favourites, so you don't have to remember it. Check that both when logging in to your email, and when reading your email, there is a small padlock icon on the bottom bar of your browser. If there is, then you are safe to read your email from prying eyes.

Cookie Crumbs

Visiting you favourite websites and forums, often you will find the site automatically remembers your name, and this is a great way for the site to prevent you from needing to log in every time you use the site. It does this using cookies - small files stored on your laptop with information (such as a login name/password or account id) that your browser passes to the site every time you visit it.

This makes your online experience much easier not having to remember login details everywhere, but unless the website is using encryption (ie https and a padlock) then anyone can read those cookies, and borrow them to log in as you as well.

This may not seem like a big deal, if you are just posting to a forum or blog, but what if you visit your favourite shopping site. If the site uses a fasttrack purchasing system, where it remembers your name, address and credit card details, then anyone capturing those cookies, may be able to start buying stuff on your credit card. Not what you want. Also is the password you use for your favourite forum different from the password you use for amazon say? Well that username and password may well be stored in your forum's cookie, which a sniffer could use as a starting point for guessing your logins to lots of other sites, especially ones that remember credit card details.

So how do you solve this, well the safest way, is to delete all your cookies before connecting to a public wireless connection. This means you won't be automatically logged in every time you visit your favourite site, but thats a small price to pay. If you use Firefox, then you can configure it to delete cookies every time you close the browser, so you don't need to remember to delete them. But think carefully before you login anywhere when using an open wifi connection.

VPN Tunnels

If you use your laptop to telework from home, then you probably connect to work using a VPN tunnel. This a secure ( i.e. encrypted ) tunnel that all your traffic goes though from your home internet connection to your work's. Using this VPN tunnel, you can most likely still browse the internet, and maybe able to access your personal email account (at your own ISP).

If you do have a VPN connection, then this is the safest way of using a public wireless connection as all of your traffic, email, surfing, forum logins, shopping sites etc, will go through this encrypted connection, safe from the prying eyes of wireless sniffers.

If you don't have a work VPN, then you can relatively easily set one up on your home pc (assuming it has broadband) or with a cheap VPS. If your main pc is a laptop, then you may not have a pc left turned on at home, or a broadband connection at home for that matter, if so, try and find a friend or relative who does, who can set up a VPN for you to use.

End Notes

Over the next few weeks we will be adding more articles to this topic, explaining in more detail each of the methods of keeping your traffic safe when using public WiFi.

Add a Comment

  
© 2002-2010 wireless.gumph.org

Valid HTML 4.01! Valid CSS!