63 total posts
(Page 1 of 3)
Keeping it private in public
An easy fix for me has been a VPN. It's just one more connection you have to make using your "connect to."
By providing an extra secure tunnel through the web, I feel confident anything I send is secure from prying eyes or worse.
WiFi Hotspots aren't secure, you just have to surf smart.
To answer your questions one by one...
1) Non-secure open WiFi networks are vulnerable not only from an unscrupulous owner, but from anyone else who may be logged on to the network sitting next to you.
2) The access password just lets you use their public open network, either for a fee or for free. It doesn't protect what you are sending after you get past their log-in.
3) Browse encrypted sites, those with https:// in their URL. Look for the key or lock on your browser. For example, go to secure Gmail at https://www.gmail.com. Or use your companies VPN. Or a private VPN solution like hotspotvpn.com.
More by an expert at security, Steve Gibson, at GRC
Encrypted Doesn't Mean Secure
While many people might think that if the see "https://" in the url you are safe. This is not always true; another user can be logged on to the hotspot and act as dhcp, so you'd connect to them, then he'd fire up a password sniffer (such as ettercap)and then see all the password that are transimted to them, even the ones encrypted with SSL, along with other data such as what pages you have opened.
No such thing as safe and public
Simply put, anything you send and receive can be seen by anyone else who has access to the network. The only way to put any level of safety on this is to make it so that what those people see is not anything they can use. In other words, if you are doing anything more secure than watching YouTube videos (anonymously) then you want your entire connection to be encrypted so that nothing they can take from the data you send is useful. In order to do this, you will need to use a VPN that will encrypt all your traffic - and even then it is better to just wait until you can get a trusted land line.
no such thing as safe and public/ i have a side question
when you say "trusted land line", do you mean a wired connection?
I have a wired cable connection and then i also have a wired router so i can use it with multiple computers in my house. is that the most secure way to go? thanks!
Wired Connections are not safer
For example, if you have a cable internet connection and your neighbor has a cable internet connection, any unencryped informaiton that is sent on your subnet is visible to every one else on that subnet. So, it is safer only in the idea that the number of people that can view information is a more static group and other people can only view information via a physical connection of some type. The firewall and NAT operation of most routers will prevent direct access to resources on your local network, but it will not protect information sent without encryption (e.g. email). Internet email is should never be considered secure. If you need to share information put it in a document and encrypt (WinZip w/ AES256 ). The give the end user the password necessary to decrypt via a phone call or in person. Change passwords often.
Public WiFi and security
You can do several things to help secure your computer and secure your passwords while on a public network. The first rule is have a good firewall on your computer. A free one is ZoneAlarm, but there are others. Make sure you are on the highest level of security in the settings when on a shared public network.
The next thing you can do is make sure your transactions on the network are encrypted. Using a Virtual Private Network connection to a known secure proxy server is one of the best ways. Nothing you transmit on the public network would be viewable.
Baring that use https sites that encrypt transmissions only. Most of your banking services use that encryption and secure transmission. I don't recommend this as there are ways around this.
The next level of security is for if you want to go to ebay, or other site that does not encrypt your transactions (A transaction is any click, or typed URL) is to not log in. If you want to monitor something, fine. Don't bid until you are on a secure private network. Read the news, get the weather, but don't log in.
Most people can't remember 100 or so passwords and the same amount of usernames. So, if you are one of those that can't and use say, 2 or 3 max. Most likely you will log on to a site that transmits the username and password in the open, that is when the hacker/sniffer/thief can steal your identity. (Not only on that site, but others where you have the same username and password.)
Remember the shared network can have people with sniffers, and if anything is in the open on that network, it can be viewed. Treat it as such.
I agree with you comments on public WiFi access. The only thing I would add is that Hotspot Shield provides a very functional Free VPN. Granted it serves up pop-up ads,which you can block - but - this is not a major inconvenience, given the security it provides. It can be downloaded at http://download.cnet.com/hotspot-shield/
VPN and secure proxy
I was reading up on how to secure transmissions at a public WIFI and it was suggested that I use a VPN on a secure proxy server. How is this done when I'm staying at a hotel on a business trip?
- Security concerns on public Wi-Fi access
Think of this: Any security system designed by a human being can always be figured out / undone by another sufficiently motivated / funded human being.
While using any public network connection, you should always assume the worst case scenario - even if it's not the reality.
Always have your software firewall shields up on your computer and don't perform any transactions that contain sensitive data (banking, purchases, etc.) when using a public network connection. Save the sensitive stuff for when you're connected to a private network that you know is secure. And if you don't know if your private network at home is secure, you can tell pretty easily by looking at your network connection's icon.
If you're not using any encryption and you don't have a password / key on your network, sure, it's convenient - but it's also ripe for your neighbor to use and who knows who else to connect.
Then, it's just a matter of a surfer out at your curbside, connecting up to your unsecured network looking for juicy tidbits like usernames and account numbers.
I hope this helps!
Jon, if you want to know, free Wi-Fi networks can be hacked easily because they have access to it, but if it has a password, you are more secure. Now, unknown networks controlled by unknown people can take, using some special software, everything you input and do on the Web, but in legitimate networks such as Starbucks, or an airport, there should be no hackers around to steal your info! Cheers!
1: Regurlaly changing a good netwerk-key the same for both computer and router is normally enough log in to something like 192.168.1.1 to be able to change those.
2: Having only your own mac-addresses of the wifi-card as accepted in the router allowed, is the latter action.
3. Logging in in a public network should not do without the two rules above.
Mac Address filtering is USELESS
While mac address filtering can deter an occasional hacker from logging into your network, it can be very easily bypassed. The hacker would scan for nearby computers that are connected to the protected network, then he would record the mac address of your authorized PC, and change his own mac address to be the same as your PC. He could then connect to your network normally.
I'd sure like to know how a 'hacker' could get the MAC addresses of computers that are connected to a network when the 'hacker' doesn't have access to that network at all.
hacking of passwords from wi-fi
On a parallel note, an employee at Starbucks in Bandung has just been arrested for stealing customers' credit card info and using it to buy stuff - so even at a 'name brand' place you are still theoretically at risk.
Maybe the secret is to avoid carrying sensitive info on the netbook you pony around with you. Or be like me and destroy your credit cards, ha.
wifi security not the problem.
This probably has nothing to do with wifi security. Employees can easily steal credit card info when someone makes a purchase at the counter, way easier than trying to hack into the wifi.
Yep, you sure can
First, put a password on every user's log in. Second, make sure you have a personal firewall on and updated. Third, a good, comprehensive Internet Security software is also important to ensure no malware is running to expose the system. Fourth, if you have any shared files, check the permissions to ensure that only authorized users can access it (in particular, do not have it set to "Everyone").
There are even more extreme steps to takes, but that should be all you need.
security in wireless networks in public places
Unless there is evidence that the sites you are visiting are valid e.g. your personally created sign in seal shows up, you are at risk. There are also other ways to get security verification e.g. call the site up and ask on your phone and verify they can send you hidden verification information. 128 bit security is very secure, it is so secure that many valid sites themselves have no way to access your pin or account number when you type it in. Keyloggers only work on the computer you are using so make sure it is yours and make sure it has the latest spyware up to date. Do not type your pin or account number on any one elses' computer unless it belongs to the business you are dealing with (e.g internet bank cafe computers-they are guaranteed to be secure). Always check up on peripheral transactions the next day and read your statements (you should do this anyway). Although nothing is 100% foolproof you can minimize your risk. There is even risk in internet home wireless but it is low. There is also always the risk of physical robbery. We usually don't worry about this unless it happens. Just don't walk down any dark alley's in dangerous places. By the same token treat cybercrime in a similar sense, that is use common sense- if it does not look of feel right don't do it.
Wifi Security - Is there any way to be COMPLETELY secure?
Is there any way to have COMPLETE security when using a WiFi hotspot? I have an internet business and want to find a 100% secure way of using WiFi. I came across WiFi Security Guy (http://7687.WifiSecurityGuy.com) and it appears to be a completely secure way of accessing wireless networks. I used the product for a while and it seems as if the program completely encrypts all data before it is sent out. The website shares the credentials of the person who designed the program and shows that he has years of IT security experience working with banks and classified military data so it seems to be a good solution. Does anybody know of a better COMPLETELY safe way for using wireless networks?
Public Wi-Fi Security
If you know how to workout and install a WEP Key in your modem, then there is no reason to worry about anyone getting access to any personal information. I may be wrong, so if anyone could correct me, I would be thankful
WEP is insecure
We are discussing public WiFi here, not your home WiFi. In addition, WEP is already considered insecure nowadays. It can be cracked by people with moderate computer knowledge. A Japanese even demonstrated cracking a WPA encryption. So use WPA2 whenever possible.
WiFi not secure
While on a cruise, I paid extortion prices for internet in 30 min blocks. On arriving in the Bahamas, I looked for Wi-Fi and connected to a strong signal that was free and not password protected. Moments after I connected to my business computer, another user also connected to my office computer. I quickly called the office and had my password changed. I'm just glad it was my office network (where I could tell when someone else logged in with my ID) and not internet banking that I logged into from this rogue Wi-Fi. I then subscribed to one for 9.95 for unlimited use for 24 hours and had no problem. There is no doubt that unscrupulous persons can offer free Wi-Fi and harvest connection info from users, but as you note, it would not be in the best interest of a business like a hotel or restaurant to do so.
Security concerns on public Wi-Fi access
WEP: Wire Equivalent Privacy; The earliest form of wireless encryption. I uses the same encryption key over and over again and hence was easier to break.
WAP: Wi-Fi Protected Access; Was brought into being in 2003 when it was realized that WEP was not the way to go. WAP's encryption techniques require an encryption on the order of 4x10-20 (4 decimal point followed by 20 zeroes or 4.00000000000000000000) to break and is 21 characters long for encryption. As can be seen this is a much better encryption method. This is a much better encryption Then WEP. But wait there's more. WAP uses TKIP; Temporal Key Integrity Protocol, it changes the encryption key for every data transmission between the computer and the wireless router. This method was a stop gap for the weaker WEP standard.
WAP2 or it might be seen as WAPII: Wi-Fi Protocol Access 2 or Wi-Fi Protocol Access II; Uses TKIP and AES; Advanced Encryption Standard. This is so that WAP2 is compatible with the old and new encryption standards for older wireless routers. WAP2 uses AES for encryption because it is a stronger encryption method. WAP was a stop gap method while the Wireless Alliance came up with WAP2 standards and was released in 2004. WAP2 uses AES method for encryption, it is a standard that is stronger then then RC4 method used by WEP and WAP.
My advice is; If you are just starting out to go wireless be sure the equipment uses the WAP2 standards. If you are going to use wireless public access, make sure the public access uses WAP2 standards.
The problem is people with older equipment (that is older laptops, cards and wireless routers), to take advantage of the WAP2 encryption they would have to update their present wireless equipment. If one has an older laptop (2005 or lower), they would need to get a new USB wireless dongle, on a desktop they would need to get the newer cards and wireless router. A bit of advice if one is going to update their wireless equipment, they should also update their modems. It is indicated that cable and DSL is moving to the DOCSIS 3.0 standard. This is because (especially Cable and DSL) services because for two reasons; upload and download speeds are faster and it is compatible with IPv6 (Internet Protocol version 6). Comcast is one cable internet provider that already uses DOCSIS 3.0 standard.
Ok so everyone is saying check and make sure the public wi-fi is WAP2.
How do i check for this information?
Public Wi-Fi security
I use public Wi-Fi with appropriate security software on. Still, it is better to assume that everything is being looked at by hackers...
Sounds like panic overkill
Passwords can't be stolen if they are done as they usually are, over SSL web. No info over an SSL or VPN can be stolen. So anything important should be done with some sort of encryption. The web is designed that way already using SSL for transactions, etc. A firewall is necessary on public nets, besides that relax.
It all depends
There are things to concider. Some on your part, some on the part of the Wi-Fi you are curently using, some on the part of any other network you may connect to.
On your end:
You positively need an active firewall on your computer. It must be configured to treat any incoming connection as unautorised or untrusted. This will prevent others from looking at/into your computer. A good wirewall will make you browse in stealth mode: All your ports will look as if they don't exist at all axept for expected trafic. You can't hack something that you can't detect nor access.
There are many good to excellent firewalls available, and the best are not always the more expencives: Some free ones are about as good as the most expencive comercial ones. An obscure free firewall can be very secure just because any hacker may not expect encountering it and not have the tools/knowlege needed to circumvent it.
Your browser must be configured to use encryption whenever possible, and the highest protocol available.
Always make sure that your operating system have the latest patches and security updates installed.
On the Wi-Fi administrator part:
Does the wi-fi connection support encryption, if yes, use it, even if it's a weak encryption. This will encrypt the data that you broadcast to the hotspot.
From the sites you use:
If you are entering confidential information on a secure page (https:\\), that information is encrypted/decrypted on your computer and on the remote, secure, server. The transmited data is thus unreadable anywhere in between and safe. The Wi-Fi host, and the Internet, will only see the encrypted data, and so will anybody atempting to intercept it. It can be broken, but, normaly, it would take to much efforts and time to do it compared to the potential benefit. There is a very high probability that any extracted information to have become obsolete before it's been cracked, not to mention that any snooper would have to sort through the mixed up datas from many connections. In that view, the more persons that are using that hotspot, the safer it becomes.
If you access a secure site on a secure hotspot, your data gets encrypted twice using two keys and possibly two algorythms.
Other networks you may use:
Do you ever connect to a network that use beackon suppressing as a "security" measure? That's realy bad!
Why, do you ask?
Simple: It only hides the server's beacon, and that's the less vulnerable part of the network. It forces your computer to broadcast it's information every few seconds. Those informations are NOT encrypted. ANYBODY can record them, and use that information you just given to fake the credentials of that network and pose as it. It can also get used to enter into YOUR network if you use that technique at home by posing as you.
Here, the keyword is to NEVER EVER use beackon suppression, ever.
DISABLE network discovery needed when you access a network that use beackon suppression.
If you do some general browsing that don't involve sending any confidential/sencitive data, you are safe.
The final word is:
For most users, if your computer is reasonably up to date, you are safe.
Don't forget the basic safe browsing precautions.
A little more about suppressing beacons?
Alain, thanks for sharing so much information about wireless security. It shows that you know your stuff. My question is mainly about terminology.
When you write about supressing beacons, is that the same as choosing to not broadcast the SSID at home?
I don't broadcast SSID , and only use my own computers on my home net, and now wonder if I'm making my net less secure instead of more.
Thanks again for your sharing,
Disabling of SSID broadcasting can help secure your network. Apparently, there are tools that can eventually spot your SSID. Since the SSID is contained in the 802.11 association request at the wireless client bootup time to gain access to the network from the wireless access point it can be seen by hackers at this time. Continue to WPA2 encryption for extra security.
Public Access Points are Risky. Period.
Simply put, the news report was wrong. You really aren't any safer using a "trusted" access point unless you're the only one using it.
Think of it this way. Sending messages over Wi-Fi is kind of like sending messages by smoke signal. If you're connected through an open access point, anybody who can see the smoke can read your message.
Adding encryption to the signal would be like using a special smoke that you can only see if you wear special glasses. The problem with a public access point in a coffee shop is that they hand the glasses out to every customer who asks for it. No matter how honest the manager and employees are, you don't know if somebody took the glasses out in the parking lot so they can read everybody's signal.
In other words, a public Wi-Fi access point might as well be an open access point since you have no idea who has the key. You should assume that somebody in or near the shop is reading everything you send out.
You can protect yourself by using encrypted sites, such as VPN or HTTPS, as has been suggested. Even then, it's not entirely foolproof, since there are ways to get around even that. It does take a lot of work, but it's possible.
If you use a public access point, encrypted or open, at a major chain or from an unknown source, assume that everything you send can be seen by somebody. Don't do something like banking from a hot spot. Just stick to checking the news and watching videos. It's just not worth the risk.