« Apple Releases Patches | Main | Great Internet Firewall of China »

Keeping up with your email is now absolutely essential no matter where you are, which means sometimes jumping on free WiFi connections in airports or coffee shops or at conventions. But how big of a risk is it?

If you use unsecured WiFi without encryption, it’s not a matter of if, it’s a matter of when. You’re computer is broadcasting data that can compromise your system as well as your company’s. Hacker’s have sniffer tools that can pick-up passwords or reveal who you are and very possibly gain access to corporate applications.

Most security experts will tell you to “Just say no” to unsecured WiFi. They will go on to say that you should only use WiFi networks to simply surf the net, doing things like checking the news or sports or weather.

But if you absolutely must use WiFi, what follows is a list of seven tips to safer WiFi taken from Dark Reader:

1. Disable unencrypted POP3 and IMAP email.

POP and IMAP send login data in clear text, which is like raising a flag with your login and password on it. Also, it is email that is most likely to get you into trouble with WiFi.

Therefore you either have the option of encrypting it, or using Google’s Gmail, which features encryption using Transport Layer Security (TLS).

"You should not use email that uses POP with a clear text user name and password exchange," says Amit Sinha, CTO at AirDefense Inc. "Any clear text message pops right up, so if a hacker is connected to the same AP as you, he can do a quick ARP spoof and redirect all your traffic through his machine." Also, "instead of using HTTP, use HTTP-S, and SSH instead of telnet, and secure FTP instead of FTP."

The fact is, wireless turns everything into one gigantic connected hub, and anyone in the hub is going to have access to everything else.

2. Add an extra firewall, or other security tools

It is rather easy to add another layer of security to your laptop with tools like ZoneAlarm, which blocks all internet activity until your connected to a known VPN network. Also, Air Defense Personal is a Layer 2 firewall that works with the laptops current firewall and stop hotspot-type attacks like the evil twin attack.

Many users have no idea that their laptop continually searches for networks it has connected to previously, even when you are offline, which makes you an easy target. An extra firewall can protect you from that.

Some say adding a firewall isn’t the answer, because it doesn’t protect you from information you’re sending out willingly. Yoggie Security Systems, an Israel-based company, has a USB-based wireless secure-network-in-a-card for laptops. It serves as a VPN gateway, firewall, IDS/IPS, antivirus, anti-spyware, and anti-spam system and costs $220.

Still, many say the only change you can really make to make WiFi safe is your behavior.

3. Encrypt all communications – including using a VPN connection.

Basically, you need to end the idea of plain-text traffic. Encryption is no long considered optional but essential to survival in a wireless space. These can be either SSL or IPSec-based VPN connections.

A VPN connection narrows the window of a WiFi attacks, which means it doesn’t completely secure you. Also, VPN isn’t easy to run, although Google offers a free VPN service option.

Says AirDefense’s Sinha, What you're doing is setting up a secure tunnel after you connect with the wireless network. So you might still be susceptible to man-in-the middle or session highjacking attacks. But you've still raised the barrier higher so that the hackers will go to the lower-hanging fruit."

4. Use a broadband wifeless card instead of WiFi

Both Verizon and Cingular now offer broadband wireless service cards to plug into your laptop, which is what most security experts use. These services aren’t cheap, though, and oftentimes are slower. But they do reduce the risk of getting hacked, for now. Many believe they will pose a greater target in the future as more users switch to them.

5. Close your chatty applications

You should shut down all the applications you don’t need when using WiFi. But that, even for security experts, is hard to do.

The trouble is, many desktop agents, such as email client, or Oracle, immediately start reaching out to the server once connected. And if you have database credentials caches on your laptop, Oracle will try to connect to the database server back home, which means that data gets broadcasted.

Microsoft Outlook is especially difficult to silence. Errata’s CEO Robert Graham says, "If you're on a Web page that's actually an email link, Outlook starts trying to send POP and your password across the wire," Graham says. "You really can't turn it off." The only app he trusts on WiFi is Google’s Gmail.

6. Don’t use the same or similar passwords for critical and noncritical applications

While this may sound easy, this is a oft-made mistake.

"We're out there watching people on WiFi with MySpace and ESPN.com accounts, and all the other little credentials saved in their browser," Graham says. "When they do an auto-login, we see them using the same account and password, and it's showing that in clear text."

Then, a hacker will try the same login or password on a more sensitive site, and voila!

7. Disable your wireless when not in use

Even if not in range, your laptop is constantly reaching out for a connection and the danger is an attacker could trick your machine into accepting his connection to a malicious access point.

While most WiFi threats are short-lived, and an attacker must be physically nearby to engage, there is also the danger of getting malware planted on the machine, so use WiFi carefully.

Posted by pschooff in Better Protection |Digg This|Add to del.icio.us

Trackback Pings

TrackBack URL for this entry:
http://www.ebizq.net/mt/mt-tb.cgi/1571