Public Network Safety

Introduction

How can you protect yourself if you must use a public Wi-Fi network for work that involves sensitive information (sign-on credentials, banking, etc.)?  A “public Wi-Fi network” is defined in this article as a Wi-Fi network where the general public has free unrestricted access, e.g., hotels, cafes, hospitals, stores, etc. The answer to that question is the purpose of this article.

Awareness

The first step to using public Wi-Fi networks safely is to be aware of the dangers and your surroundings.  There may be someone scanning a public network to get sensitive information for nefarious purposes.  Not only should you be careful using the actual Wi-Fi network, you should also be aware of your surroundings because someone may be trying to look over your shoulder as you type your username and password for a resource or website. So, always be aware of the potential dangers and prying eyes when you use a public Wi-Fi network.

What are some dangers in using public Wi-Fi?  AS we said previously, there may be people scanning the network traffic to hopefully retrieve credentials that may be used later to access that particular resource.  People may be looking at what you type to get credentials and the like.  Of course, there is also the possibility that someone is waiting for an opportunity to steal your laptop or mobile device.  So, be mindful that there are dangers when using a public Wi-Fi network and take action to mitigate those threats.

Avoid Accessing Sensitive Sites

It is a best practice to NOT access sensitive sites such as bank accounts or even shopping while connected to an unsecured public wi-fi.  If you must access such resources, then consider very seriously using VPN services, which I will discuss later in this article.

No Auto Connection

Do not configure connections to public wi-fi to be automatic.  Always manually connect to a public wi-fi so that you are aware that you are connected to it.  This limits the exposure your device has on a public network.  With that said, it is best to disconnect from that network when you no longer need it.

Do Not Leave Your Device Unattended

This seems obvious, but there are people who will leave their laptops unattended in a public setting for a short period of time.  You may think it ok to trust the person sitting next to you to watch your laptop, but that may not be the case.  They may steal it or steal information from it.  Never leave your computer or mobile device unattended in any setting (except perhaps your home).

Be Sure Encryption (SSL/TLS) Is Used.

If you must access resources or websites that are sensitive in nature, then be sure that you use an encrypted connection between your computer and the target resource.  You probably know this as SSL or TLS.  If you visit a website and the address (URL) contains https://, then the data transmitted between your browser and the target server is encrypted and therefore, cannot be read by someone scanning the public network.  They may be able to capture the data, but they will not be able to read it.  This is critical to being safe on the internet.  Ensure that you are using a secure (encrypted) connection when accessing sensitive resources on a public Wi-Fi network.

An increasing number of websites are using encryption to protect data that is transmitted between your computer and their server.  As a matter of fact, it is becoming increasingly advantageous or even necessary that websites use encryption (SSL/TLS) to get a better rating by Google and other search engines.  This promotes a better user experience by providing a secure connection when using the website.

Use a VPN Service

Use a virtual private network when using a public Wi-Fi network.  A VPN provides a secured connection while using the internet.  A VPN can be used to access the network at your company or to surf the web safely by using a third-party VPN service.

All data on a VPN network is encrypted, and they provide a level of privacy and anonymity. There are many VPN services available with various plans and prices.  Just search online and do your due diligence.

When searching for a VPN service, be sure to test it before you have to use it on a public Wi-Fi.  You can use it on the Wi-Fi network in your home or office just to see how it works and to get used to the software.  There may be some cases where the VPN service may not work very well.  For example, I had issues with using a VPN service in a hospital that required you to log in to use the free Wi-Fi network they had in place for visitors and patients.  However, when using it at the car dealership where I get my truck serviced, there was no problem using the VPN service to surf the web and get some work done while waiting for my truck to be serviced.  I will try other VPN services just to see which one is better for me.  Some give a free trial period so that you can experiment.  Take advantage of that.  Of course, if you need assistance, then please feel free to contact me and I’ll be glad to help.

Use Mobile Hotspot Feature

A very viable option for surfing safely when only public Wi-Fi is available is to use the mobile hotspot feature of your mobile device.  This will allow you to share the mobile network (e.g., 4G) with your laptop or Wi-Fi-Only tablets.  Of course, your mobile signal strength should be strong enough with enough bandwidth to handle the load you may put on it.  Keep in mind that you are using your mobile data bandwidth when using the hotspot feature.  I would not recommend using it to stream media or other bandwidth-intensive resources.

Now just because you have the mobile hotspot feature on your mobile device, it doesn’t mean that it is truly secure.  This is because some security settings may not be optimal.  Here are some things that you should do to configure your mobile hotspot for secure usage by you (and not others).

1. Enable WPA2 or the latest encryption on your mobile device. Your mobile device may be configured using an old and outdated (unsecured) encryption standard such as WEP.  WEP is easy for a hacker to crack and you should, therefore, opt to use a more up-to-date secure encryption standard such as WPA2-PSK.  This will help ensure that you have as secure a connection as possible with your mobile hotspot implementation.
2. Change the default name of the mobile hotspot network (SSID) set by your provider (e.g., Verizon). Set the name as a random or seemingly random set of letters and numbers.  It is best not to use actual words in the name.  Hackers can brute force the network if yo do not change the default values (SSID and network password).
3. Change the default hotspot network password in your mobile device and make sure that it is a strong password. Hackers can try to connect to your hotspot network by trying default SSID (discussed in the point above) and the default hotspot network password (key).  Make the password hard to guess and do not use real words.  For example, don’t use the name of your dog, your name, a birth date, your children’s names, etc. in your password.
4. Enable and configure any port filtering or application blocking features. For example, if you are only going to use your hotspot for accessing resources/sites on the web, then you do not need applications such as FTP, SSH, email (SMTP), etc. enabled in your hotspot. I recommend that you become familiar with the settings of your mobile device’s hotspot so that you can configure it optimally for security and ease of use.
5. Limit the number of devices that can connect to your hotspot network. If you are the only one that will be using it, then you only need your hotspot network to be configured for a maximum of one or maybe two devices.  This will prevent others from connecting to your hotspot network while you are connected.
6. Configure your hotspot to allow specific devices to connect. If your hotspot has a way of managing what devices can connect to it, then configuring those allowed devices will add an extra layer of security on your hotspot network.  You would limit what devices can connect by entering their MAC addresses.  Each network device has a unique MAC address.  It will look something like 7C:56:96:EC:32:89.  You can get the Wi-Fi MAC address for your device by viewing your device’s information or status.
   Keep in mind that when you limit the devices that can connect, only those devices will be able to connect to your hotspot.  You will need to add more devices if you want another tablet, for example, to connect to your hotspot or if you replace your tablet or mobile device that was used to connect to your hotspot.
7. Do NOT share your hotspot password. If you find that you use the same public wi-fi often, then you may want to change your wi-fi password often.
8. Turn Your hotspot OFF when not in use. If your hotspot configuration allows a timeout, then set it.  In any case, be sure to turn your hotspot off when you no longer need it.  This will of course, keep anyone from hacking into it since it is OFF.

Your Personal Information

Be careful, and perhaps suspicious, about the amount of data required to join a public wi-fi network.  Sometimes an organization may want your email address, name and other contact information to join their public wi-fi network.  Use your own discretion as to how much information about yourself you feel comfortable providing.  If you trust the organization (and have confirmed the name of their public wi-fi), then you may decide to give up that information, e.g., a hotel or restaurant that you frequent.

Turn File Sharing and Discovery Off

When you join a network for the first time on a Windows system, you may be asked if you want your computer to be discoverable on the network.  Answer “No” for a public wi-fi network.  Also, ensure that file sharing is turned off.  This will help to protect your computer from unauthorized access.

Make sure that the network type used for the public wi-fi connection is “Public” (on Windows systems).  This will tell Windows to configure things with more security than if you were on a trusted network such as a home or office network.

Read The Screen

Sometimes an organization may require you to agree to certain terms in order to join their public wi-fi network.  Be sure you are aware of what you are agreeing to because it may be more than mere access to the wi-fi network.  Go through the terms before you agree to them. This is especially true if you are required to provide personal information in order to join.

Confirm The Wi-Fi Network You Are Joining

Don’t assume that an unsecured wireless network is a network provided by the organization (e.g., hotel).  Anyone can provide a wireless network to join causing you to perhaps join a hackers network instead of the one you think you are joining.  For example, confirm the name of the wireless network that a hotel makes available to you along with the password before joining their purported wi-fi network.

Keep Your Antivirus/Firewall Software Up to Date

You should always have internet security software installed and updated on your devices (even mobile devices).  Of particular concern is the firewall software that is included in internet security software.  Internet security software will help to protect you as you surf the web and access various internet resources.

Conclusion

There are many things that you can do to use a public wi-fi network reasonably safely as discussed in this article.  The important thing to realize is that you have to be diligent when using public wi-fi networks.  Avoid using it for accessing a sensitive resource such as online banking. Protect yourself and your data at all times when using a public wi-fi network and don’t take it for granted that the hotel’s wi-fi network is secure.

Feel free to contact me if you have any questions about using wi-fi networks safely.