Security of Wi-Fi access points: solutions for users
By Eric Geier
07 August 2006
Take steps to protect your personal documents, privacy and identity when using public wireless Internet access.
There are many issues with using public wireless internet access as discussed in one of my previous tutorials, Wi-Fi Hotspot Security: The Issues. However, Wi-Fi access points can still be safe and secure if administrators and access point users implement certain protective measures.
There are several things you can do to protect your personal documents, privacy, and identity when using public networks:
Secure your traffic in real time:
- Use a VPN connection
A virtual private network (VPN) encrypts all data sent from the VPN client (your computer) to the VPN server, and vice versa. In addition to providing a great way to secure real-time traffic over untrusted networks such as Wi-Fi hotspots, VPNs can also allow access to files and services on the VPN server’s network, c that’s why they are often used by businesses. . Keep in mind, however, that there are different variations of VPNs and several different ways to achieve this type of encryption, such as:
- Use a company-provided VPN
- Create and use your own VPN server
- Buy hosted VPN access or software
- Use “clientless” SSL VPNs
- If a VPN connection is not used …
- Secure all the services used
Make sure that all the services you use, such as POP3 and FTP, are secure if you are not using a VPN. Some email hosts provide SSL encryption for email accounts. Otherwise, most email providers offer secure webmail. You can even encrypt Google’s Gmail with the right browser extensions.
- Use SSL (or HTTPS) websites
Do not visit private or sensitive websites, such as bank, email, or web accounts, unless they are secured with SSL and use an HTTPS address, usually indicated by a padlock icon in your browser.
- Secure all the services used
Prevent others from logging into your laptop:
Before connecting to Wi-Fi hotspots, you should turn off sharing of all files, folders, and services that you might not want others to see, use, or edit.
You can view all the shared folders on your PC in Windows XP:
- Access your PC’s control panel
- Open “Administrative Tools”. If in the control panel is in category view, you will have to select the category “Performance and maintenance”.
- Double click on “Computer Management”.
- Click on “Shared Folders” and open the “Shares” folder.
You should see all of the shared directories on your PC. Keep in mind that by default Windows XP adds some shared directories (like for remote administration); However, these must be protected against network access like on Wi-Fi access points. You should refer to the program’s help documentation for more information. Typically, if a share path is a specific home directory, it is most likely a shared folder that others on the same network, such as access points, can view and / or edit.
You can change the folder sharing preferences in Windows XP:
1. Right-click on the folder, for example in “My Computer”, “Windows Explorer” or on your desktop.
2. Select “Sharing and Security”.
3. Change the settings on the “Sharing” tab, then click OK.
- Use personal firewall software
To protect yourself from intruders on Wi-Fi hotspots and on the Internet, you must have personal firewall software installed and active when you are connected. You can either use Windows XP’s built-in firewall utility, accessible through Control Panel, or use third-party software such as ZoneAlarm.
Make sure your operating system is up to date at all times. This ensures that you are protected by the latest patches that can repair security vulnerabilities in the operating system.
Beware of “Evil Twins’ Access Points”
There are several things you can do to help verify the legitimacy of Wi-Fi access points:
- Look for the “Wi-Fi here” signs
You may want to verify that the facility you are in actually offers wireless internet access and confirm key details such as SSID or network name, by looking for signs or asking someone to help you. ‘establishment. For example, you might be connecting to some kind of wireless access point, but the location management might say, “It’s not us: we don’t offer a wireless connection”, which indicates that you may be connecting to a fake access point.
- Make sure SSL encryption is used
All hotspot login or payment pages must be protected with SSL encryption – otherwise, this is a possible fake hotspot. Look for this padlock icon.
- Check the SSL certificate
By examining the details of the SSL certificate used by all the access point’s login or payment pages, you can help verify the legitimacy of the Wi-Fi access point. In Internet Explorer, you can do this in duplicate- clicking on the padlock icon in the lower right corner of the browser.
Beware of public workstations or PCs
- Use as a last resort
While you can take steps to protect yourself on public PCs, you should avoid using them at all as there is a significant risk that keyloggers and other tools will be installed to track every keystroke you make.
- Use personal VPNs
When using public PCs to access sensitive sites, you should use personal VPNs to encrypt the traffic, as the PC can be connected to a wired or wireless network where others can see all the traffic, as easily as if you were using a Wi-Fi network. Fi access point.
However, be extremely careful when using corporate or other VPNs connected to a remote network that allows access to personal data. Any hosted VPN access or software designed for access over public networks uses the same strong encryption (to protect real-time traffic), but this does not allow remote connectivity to files and servers on the network. Therefore, if someone gets your VPN account information, they won’t have access to any files or servers.
- Do not save login information
When logging into your web accounts on public PCs, make sure that you do not save the login information. For example, do not use the “Remember me” option. And manually sign out when you’re done.
Stay tuned for solutions that Wi-Fi access point operators can implement to increase wireless security at their sites.
Eric Geier is an author and consultant in computer science and wireless networks. He works for Wireless-Nets, Ltd., a consulting company specializing in the implementation of wireless mobile solutions and training. Eric is also the author and contributor of several books, including Wi-Fi access points: configuring public wireless Internet access, and e-learning courses (CBT).