Sunday, May 16, 2010

Securing Your Wi-Fi Hotspot Sessions

Wi-Fi wasn't specifically developed for public access. Other than certain national hotspot providers such as T-Mobile, wireless encryption (WPA/WPA2) isn't used on hotspots. This Wi-Fi encryption isn't practical for hotspots as it is with private networks in homes and businesses. Plus the sharing aspect provided by Wi-Fi works against us on public networks; you don't want to share files with strangers.

In this article, I'll discuss exactly how to secure your computer and communications while using Wi-Fi hotspots. Though wireless networking technology isn't designed for public use, it can still be safe and secure if hotspot providers and users follow a few precautions:

Use Secure Browsing and emailing practices
Just like when on the web at home or work, you should follow basic Internet security practices while using Wi-Fi hotspots. Many of the Internet protocols and services we use day-to-day are inherently insecure by default.

The login and communications for services such as HTTP web browsing, POP3/SMTP email, IMAP email, Telnet command-line access, and FTP file transferring are not encrypted and are sent and received in clear-text.

At home and work, the communications of these clear-text services can be encrypted and secured from local Wi-Fi eavesdroppers by using WPA or WPA2 encryption.

However, most Wi-Fi hotspots don't use encryption. For this reason, you should follow the practices described in the following sections.

Use HTTPS/SSL for Sensitive Logins and Sites
Make sure that any website you log in to is using Secure Socket Layer (SSL) encryption. The URL address should begin with https instead of just http. Plus the browser should display a pad lock, green address bar, or other notification.

Secure POP3/SMTP/IMAP Email Connections with SSL
If you use an email client such as Outlook or Thunderbird with the POP3, IMAP, or SMTP protocol, you should try to use it with SSL encryption.

Whether or not you can use encryption depends upon your email server or service. If it's supported, you can set it up on your email client. If the server doesn't support it, see if you can access your mail via the web (using HTTPS/SSL), at least when using public networks.

Use SSH Instead of Telnet
If you must remotely connect to a computer or server while on a public network, use a secure remote access protocol such as SSH.

Use SFTP/SCP Instead of FTP
Though it's usually easier to use plain FTP when downloading or uploading files from servers, it's not secure. Similar to the other plain-text protocols, Wi-Fi eavesdroppers can capture the login credentials and the transferred data of FTP connections.

You should use SSL encryption with FTP connections, which must be supported by the server and the client. You might also look into using the SCP protocol.

No comments:

Post a Comment

Dear Reader, if you like My Blog content, feel free to comment on our blog posts.