Whenever we come across a public wireless service provided by either the local coffee shop, or the conference centre we are visiting, it's very easy to just jump right on and start using it just the same as we would if we were at home, or at work. But it's rarely safe to do so.
If the wireless is open to anyone, then usually it's not even encrypted, so anyone (with the right software) can sniff your wireless traffic straight out of the ether. Even if the wireless is encrypted you cannot guarantee the security of your connection, because if it uses a common password, it can be possible for anyone else who also knows the password to just decrypt your traffic as easy as pie.
If you use the connection to check your email, or log into your regular forum haunts (cookies may log you in automatically) then anyone sniffing your traffic, can easily pick up your user name and password, and log in as you whenever they like, allowing them easy pickings to at the least abuse your online identity, and at worst, steal your identity completely.
By taking a few precautions you can ensure the safety of your traffic, while still getting the benefit of free WiFi access.
Don't Forget Your FirewallIf you usually use your laptop at work or home, then it's easy to forget to check that the firewall is covering your wireless connection. Most times when setting up a firewall we just configure it to protect us on a dialup connection, and not our wireless connection, as it makes sharing files and printers easier. But as soon as you connect to an open wireless connection, are you sure you still want to be sharing all of your files with everyone else in the coffee shop? Thought not.
So before you connect, make sure your wireless connection is flagged as protected by a firewall. If you are using windows XP, just looking for the padlock on the icon for your wireless connection in the Network connections control panel, is not enough, as by default the XP firewall only protects you from internet traffic, not local traffic, so you need to secure your XP firewall . If you are using some other firewall (Norton, zonealarm etc) then make sure that the wireless connection is flagged as protected before connecting.
Webmail or POPWhen checking your email it's easy to just start up outlook or thunderbird, and watch all the messages arrive lovely and quickly, but did you remember to check the security settings? Most email providers and ISPs don't require you to use encrypted connections to send and receive email, and some only require secure authentication to send email (as a spam prevention tactic) with no security when checking email.
This means that more often than not, unless you have turned on "secure connection" for both you outgoing and incoming email connections (which your ISP may not support) you are sending both your username, password and the contents of the emails in plain text across the wireless connection. Easy pickings for anyone sniffing your traffic.
The easiest way to ensure that all of your mail is safe, is to use your ISPs webmail as long as it supports a secure connection, and most do. This means connecting to https://webmail.yourisp.com note the https at the start, rather than the usual http. You'll need to check what the exact url is for your ISP, but do it before you wander off to the coffee shop, and add it to your bookmarks/favourites, so you don't have to remember it. Check that both when logging in to your email, and when reading your email, there is a small padlock icon on the bottom bar of your browser. If there is, then you are safe to read your email from prying eyes.
Cookie CrumbsVisiting you favourite websites and forums, often you will find the site automatically remembers your name, and this is a great way for the site to prevent you from needing to log in every time you use the site. It does this using cookies - small files stored on your laptop with information (such as a login name/password or account id) that your browser passes to the site every time you visit it.
This makes your online experience much easier not having to remember login details everywhere, but unless the website is using encryption (ie https and a padlock) then anyone can read those cookies, and borrow them to log in as you as well.
This may not seem like a big deal, if you are just posting to a forum or blog, but what if you visit your favourite shopping site. If the site uses a fasttrack purchasing system, where it remembers your name, address and credit card details, then anyone capturing those cookies, may be able to start buying stuff on your credit card. Not what you want. Also is the password you use for your favourite forum different from the password you use for amazon say? Well that username and password may well be stored in your forum's cookie, which a sniffer could use as a starting point for guessing your logins to lots of other sites, especially ones that remember credit card details.
So how do you solve this, well the safest way, is to delete all your cookies before connecting to a public wireless connection. This means you won't be automatically logged in every time you visit your favourite site, but thats a small price to pay. If you use Firefox, then you can configure it to delete cookies every time you close the browser, so you don't need to remember to delete them. But think carefully before you login anywhere when using an open wifi connection.
VPN TunnelsIf you use your laptop to telework from home, then you probably connect to work using a VPN tunnel. This a secure ( i.e. encrypted ) tunnel that all your traffic goes though from your home internet connection to your work's. Using this VPN tunnel, you can most likely still browse the internet, and maybe able to access your personal email account (at your own ISP).
If you do have a VPN connection, then this is the safest way of using a public wireless connection as all of your traffic, email, surfing, forum logins, shopping sites etc, will go through this encrypted connection, safe from the prying eyes of wireless sniffers.
If you don't have a work VPN, then you can relatively easily set one up on your home pc (assuming it has broadband) or with a cheap VPS. If your main pc is a laptop, then you may not have a pc left turned on at home, or a broadband connection at home for that matter, if so, try and find a friend or relative who does, who can set up a VPN for you to use.
End NotesOver the next few weeks we will be adding more articles to this topic, explaining in more detail each of the methods of keeping your traffic safe when using public WiFi.
|© 2002-2010 wireless.gumph.org|