WiFi Hotspot Surfers Beware: Sharks Patrol These Waters
Mar 26, 2008 4:00 AM PT
WiFi features are as standard on today's portable computers as built-in modems used to be. Laptop users have become accustomed to the ability to connect to the Internet from practically anywhere to reach e-mail, Web sites and music download portals. Consumers even use wireless routers to connect to the Internet from anywhere in their homes.
The problem, however, is that many portable computer users are completely clueless about the dangers of unprotected WiFi connections. They think that they can surf the Net with the same impunity as having a wired connection.
"WiFi use poses problems to both enterprise users and private consumers for two reasons. One is the lack of security with public hotspots. There is no encryption by default. The second is accountability. WiFi presents many different ways to connect and needs to be simplified," Dan Hoffman, senior systems engineer of Fiberlink Communications, told TechNewsWorld.
Enterprise WiFi and private users are at increased risk of having sensitive data stolen when they do not connect through VPNs (virtual private networks) and when the laptops they use lack up-to-date security patches. Computing in public area, even when not connected to a WiFi hotspot, makes users vulnerable to security breaches as low-tech as the prying eyes of people looking over their shoulders, Hoffman added.
For example, one method hackers use to steal information from WiFi-connected computers is sidejacking. Sidejackers gain site access to computers that are on shared wireless connections at hotels, coffee shops and other public WiFi locations. Once connected, the sidejacking hacker can infiltrate e-mails, view confidential information and change passwords without the consent or knowledge of the computer owner.
The growing popularity of WiFi connections to the Internet from virtually anywhere -- bus and train stations, airports and coffee shops, for instance -- drastically increases the chances of wireless users finding their data stolen. It's a combination of more people connecting and hacking techniques getting better, Hoffman explained.
With so many people connecting to the same wireless connection, a robust software firewall is essential to protect the computer. Like its hardware counterpart, a software firewall blocks unauthorized access to a laptop from the Internet.
Perhaps the most often missed security measure is to turn off file-sharing applications when accessing the Internet from a public WiFi network. This is an easy security hole to fix. Windows users can go to "My Computer" and "Windows Shared Documents." Then, right click and go to "Security and Sharing" to turn this option off.
"A shared directory that isn't inside a firewall is an open invitation to a hacker," David Kent Jones, author of the e-book "Online Teen Dangers," noted in discussing WiFi risks with TechNewsWorld.
Basic Security Tips
Fiberlink's Hoffman offered WiFi users a set of guidelines to follow to ensure safe wireless connections to public hotspots. These security tips provide even more experienced wireless users a way to better secure data on laptops that are exposed to public WiFi connections.
- Honor the Magic Number: Smart password combinations make the difference between secure and hacked wireless connections. For instance, there are 6,634,204,312,890,625 possible password combinations when using eight characters with the 95 keyboard character combinations. Change the user log-on often for wireless router access to make it difficult to guess. Use a combination of alphanumeric characters and other keyboard symbols. Keep the strong password safe by disabling or declining any password-saving features.
- Know The Power of Three: Hackers use sophisticated blended threats based on a variety of tactics to defeat security. Know your equipment's security blind spots. For example, make sure your laptop is equipped with a blend of security tools. These include antispam, antispyware and a personal firewall. Miss any one of these means forfeiting your security.
- Block Prying Eyes: Recognize that prying eyes are everywhere. Stop thieves from snooping by making sure your IT department helps you encrypt your e-mail. Prevent unauthorized access to your e-mail with SSL (Secure Sockets Layer) encryption of both login file transfer functions. Otherwise, hackers can read your e-mail as the data moves through cyberspace. To further secure connections to corporate servers and applications, use a VPN.
- Recognize That Wired and Wireless Are Not Created Equal: A wired connection (digital subscriber line or even dial-up) is inherently more secure than wireless. With wireless connections, data typically is sent unencrypted through the air between the mobile device and an access point near your room, making it very easy for hackers to sniff the data passively from as far away as the parking lot. Defeat remote snooping by disabling the laptop's capability to automatically connect to signals.
- Don't Trust Your Internet Service Provider: Using a wireless router at home does not make you any safer than connecting on the go. Use the same level of security at home as you do when connected to a public WiFi network. Especially important is password-protecting your home WiFi network.
- Prepare for the Worst: Assume that sooner or later your laptop will be lost or stolen. Implement a password-protected screen lock. Do not store sensitive information such as usernames, passwords, Social Security numbers, bank account numbers or credit card numbers on the device. Companies should activate administrative device-wiping so that an IT administrator can remotely destroy data and applications on the mobile device in the instance that it is lost or stolen. Lastly, keep data backed up on a PC or server in case your mobile device is gone forever.
VPN for Anyone
Aware that more protection might make their services more attractive to users, some service providers have taken steps to strengthen the security of users on their networks. For instance, WiFi service provider AnchorFree started out giving away free WiFi connections to hotspots. Users watched brief advertisements to access a connection. That led to the release of a free download of the company's HotSpot Shield.
"We created it to protect our WiFi connections. It creates a VPN or private tunnel between the laptop and the end point," James Chavez, director of new business development for AnchorFree, told TechNewsWorld.
When the client application runs from the laptop's browser, it creates a tunnel that has never been cracked, Chavez said.
The company released the free product 18 months ago. In a recent week it was downloaded 316,000 times, he added.
How It Works
Once enabled, HotSpot Shield conceals the user's existence on the Internet, according to Chavez. Originally, AnchorFree permitted unlimited use; however, the company now restricts usage to 10 GB of data per month to curtail excessive use that clogs bandwidth.
Users can bypass monthly usage restrictions by participating in various incentive programs.
In addition to allowing individuals to stay secure, AnchorFree gives small businesses a solution that allows them to keep WiFi users on their networks secure. Businesses can offer free wireless access through AnchorFree and then direct their patrons to Hotspot Shield, a value-added tool for greater protection and security while online at a place of business, according to David Gorodyansky, cofounder and CEO of AnchorFree.