GottaBeSecure: WiFi and the Rookie (Part 1 of 5)

Ahhhh, the joys of the mobile office checking email on a sunny morning from an outside table while enjoying a steaming cup of fresh coffee. Or maybe you’re squeezing in a little work at the car dealership’s service center, taking advantage of the complimentary WiFi while the mechanics work on your car. Wireless networking combined with laptops and ultra mobile PCs have opened a whole new world of productivity for telecommuter and other road warriors. Unfortunately, they’ve also opened a Pandora’s Box of security issues ready to be exploited by eager hackers and cyber criminals. In this five-part series I’ll examine the basics of mobile network security, active network threats, the very real problem of laptop theft, and finally the growing problem of data seepage.

The hidden downside of using public WiFi networks is that your personal information or sensitive corporate data may be vulnerable to interception. And intercepting that data just got easier! A new security tool called ““Ferret,” demonstrated at this year’s Black Hat security conference in Las Vegas, allows Windows users to snoop on all the information passing through the airwaves at the local coffee shop or public hotspot. Wondering what web sites the guy in the corner is surfing? Want to know what information you’re leaking to the entire coffee shop? Tools like Ferret (or any network analyzer or ““sniffer”) allow you to see just what’s happening on the wireless network. These tools can capture web requests, emails that are sent or received, and can even capture some usernames and passwords (provided the username and password were not encrypted when sent).

Maybe you’re wondering whether fee-based (or subscription) wireless networks are safer than free public WiFi? Nope. All ““open” WiFi networks (networks that don’t require a network key to connect) expose data to interception because they don’t encrypt transmissions to and from the network (networks with WEP, WPA, and WPA2 do encrypt traffic, which makes data interception significantly harder).

So, should you avoid connecting to open WiFi networks at the library, coffee shop, or airport? Not necessarily. The wireless network is only half of the equation. Your data’s security also depends on whether or not your application is using an encrypted (secure) protocol. This chart below illustrates various activities on an open WiFi network:

 

 

 

 

What’s a security-conscious road warrior do? Whenever possible, use encrypted connections to web sites using Secure Socket Layer (SSL) or Transport Layer Security (TLS). These ““secure” connections are shown in your web browser with ““HTTPS://” in the address bar and a closed padlock icon. Of course, not all web sites support secure connections. But if you’re sending or receiving sensitive information (like corporate email or financial data) you had better be using a secure web connection or find out why the web site doesn’t support them. And here’s a low-tech tip: when you’re not actively using your wireless connection, turn it off. Your laptop or ultramobile PC is constantly sending out information than can be valuable to an attacker (more on this in Part 5 of this series). Many laptops have a hardware switch to turn off the wireless adapter when it’s not being used. Alternately, you can disable the wireless adapter in Windows with a simple right-click on the wireless network icon.

Wireless networking can be a huge help to your productivity, but using WiFi securely takes advance planning and some degree of discipline. Make sure you follow these three tips when using WiFi networks:

1. Treat every wireless network as a hostile environment. Assume someone is waiting to intercept your data.

2. Use encryption to prevent data interception. SSL and TLS are terms you need to know if you’re planning to do company business on a wireless network.

3. Keep your wireless network adapter turned off when not in use. It’s amazing how many laptops are leaking information or accepting incoming connections during a typical airline flight. If you’re not using your wireless, turn it off.

Next week we’ll build on the foundation we laid today and discuss some of the other network applications and protocols that are attractive targets for hackers. We’ll also look how to thwart the hackers in their attempt to collect your private or sensitive data as it travels across the Internet from your mobile computing platform.