Safe with public Wi-Fi networks

Network administration - Nothing is private with an open Wi-Fi network, but you can still use a number of ways to increase security, which can be warnings to avoid, maybe Technical measures to help protect you are safer.

Nothing is secret in an open Wi-Fi

Today most users who have a bit of computer knowledge know how (and why) to protect their home wireless routers. Windows 7 and Vista now have a dialog box to alert when users connect to unencrypted wireless networks.

In cafes, lounges at the airport or library, users can connect without much hesitation if using an unencrypted wireless connection just to check the result of a match or status ergonomics of flight may be acceptable. However, if you use such a connection to read email or perform some actions on the web that require login, it is an unacceptable action.

So why don't all businesses encrypt their Wi-Fi networks? The answer lies in the key distribution system according to IEEE 802.11 specifications: To encrypt network traffic, network owners or managers need to choose a password, this password is also known as 'network key'. . This new standard requires each password for each network, this password is shared with all users if the owner has chosen a security level that is less secure, which is an outdated WEP standard without standard selection. WPA is more secure or WPA2.

Safe with public Wi-Fi networks Picture 1

At home, all the user has to do is set up once, then notify family members password, then you can surf the web using wireless network anywhere in the home without having to worry much about safety. However, in the coffee shop, the shop's staff will have to instruct each customer the wireless network's password and may even have to troubleshoot the connection - obviously it's not a small thing that employees in the bar will enjoy. In this situation, make sure a blank password for ease of use will be selected.

Although even with an encrypted network, you cannot be absolutely secure. When your computer knows the password, the communication will only be safe for people who are not on the network; all other customers in the coffee shop can see your traffic because they also use the same password you are using.

Personal work is a competitor's job

What if you think your data is not important for someone to look at? Maybe you just browse the web, do not log in to email systems or web applications that require passwords. Then are you sure you are safe? Not really.

Imagine you are in an airport Wi-Fi network while returning from a product presentation. Instead of checking hundreds of emails waiting, you can only decide to browse the competitor's website, to search for other ideas or perhaps decide to study the goals to be achieved.

However, in the background , your email client still finds an Internet connection and downloads the email. Your colleague at the headquarters office sees your IM status displayed as 'online' and sends you a message with confidential content.

Safe with public Wi-Fi networks Picture 2

There is no need for complicated equipment other than a software that can analyze wireless data packets, an attacker near you can glean competitive intelligence based on the websites you visit and also IM or notes reflect issues about your relationship with important partners. In short, other people will be able to read your mail first, even if you don't take any action.

Use SSL for Webmail

First, to cope with mail snooping, use a Webmail system that uses HTTPS protocol throughout the session. Most Webmail systems today use HTTPS when requesting you to log in, so your password will be transmitted securely. However, after authentication, they are often transferred back to the HTTP protocol to reduce the load that must be processed on the servers and perform some other action.

That means that someone on the same wireless network (either unencrypted or with a shared password) can read the contents of your email. In some cases, they can steal session cookies and log into your Webmail session without a password.

Safe with public Wi-Fi networks Picture 3 Two notable exceptions are Gmail and your corporate email system (such as Outlook Web Access). Earlier last year, Gmail switched from using HTTPS only when signing in to use HTTPS throughout the Webmail transaction process.

Previously, Google Apps users can also select this feature, but it is currently set by default but still has the ability to choose (in case someone doesn't like security). This change, combined with Google's new suspicious login detection algorithm, makes Gmail a better provider than other free Webmail competitors. If you're looking for a reason to switch from your AOL, Hotmail, or Yahoo accounts, you've found it.

Your company's Webmail system can also be protected by HTTPS at the whole transaction process, this is the default configuration for most systems. However, if you check email for your work using internal software (Outlook, Thunderbird, Mac OS X's Mail) instead of HTTPS Web-based e-mail, then you can or not use encryption.

Charged Hotspots: Not necessarily safe

While researching to write this article, we have found a misconception that we still have before that, commercial hotspots require an hourly or monthly fee (like AT&T, Boingo, GoGo, T-Mobile) will be safer than free hotspots because they use passwords and charges.

Safe with public Wi-Fi networks Picture 4

However, in fact, these hotspots are almost unencrypted and they use what is called "captive portal" that only blocks Internet access until you enter the user password. Although this portal is usually distributed via HTTPS (to protect credit card information or passwords), all authenticated traffic is not encrypted in the wireless network.

As a result, you have to pay a fee with a very low level but really not safe. In fact, due to the inherent nature of radio wave propagation, someone, whether or not a subscriber, can still view the unencrypted traffic you send by simply joining Wireless network with SSID.

It also means that outsiders can easily observe and capture the HTTP Websites you access, any unencrypted POP3 e-mail, or the FTP data transfer you make. Hackers with a bit of experience can even change their wireless cards to fake your wireless card identity and can access it for free through a commercial hotspot where you are subject to payment. charge.

Use your VPN

If the company provides a VPN (virtual private network) connection to access the Internet, you should use this function when accessing the Internet from Wi-Fi hotspots that are registered or free. By enabling the VPN function on your laptop, you will ensure all your communications are high-level encrypted and tunneled from Wi-Fi hotspots, via the Internet to your company's data center, where it is. decoded and sent to the company's Internet connection.

This is a safe method for accessing company resources (intranet, email, database) because you will have a separate tunnel to connect to your company. In some VPN configurations of many companies, you can browse the Internet to access company resources.

Such a technique may be slower than a little unencrypted web browsing, but the security you have is an important issue.

If the company does not provide VPN services or has a " split tunneling " VPN (where only requests sent to company resources go through encrypted tunnels, all other traffic is transmitted without code. Directly to the destination), no worries because you can still be protected safely.
Safe with public Wi-Fi networks Picture 5 Try HotSpot Shield, AnchorFree's VPN service. This is a company that provides VPN software that you can install on your laptop in advance for use at public Wi-Fi hotspots.

When activating software and services, it encrypts your traffic and sends it through a tunnel to the HotSpot Shield data center, then sends it to the Internet, just like a company's VPN server is still perform. HotSpot Shield even has mobile VPN settings (no download required) to protect your web surfing on iPhone phones with the bundled Cisco VPN client software provided by Apple.

By using such a service, you can create a secure connection. Your traffic will then be sent as unencrypted to the final destination on the Internet, as if you were browsing from a laptop plugged directly into the corporate data center.

Safe with public Wi-Fi networks Picture 6

This method does not guarantee absolute security because the encryption tunnel is not able to control all the ways you access the web. Even so, it is definitely more secure than a non-VPN setting.

Summary of safe Wi-Fi access

Can be summarized as follows:

1. If your company has a VPN that you can use to surf the web, use it.

2. If you can't use a corporate VPN, use HotSpot Shield instead

3. Don't equate to Wi-Fi Internet subscription for a fee with secure browsing.

4. On unencrypted wireless networks, anyone can see where you are visiting (except on HTTPS websites).

5. On encrypted wireless networks, anyone with a password can see where you are visiting (maybe some people in your home or maybe hundreds of people at the airport).