Using Public Wi-Fi Hotspots

From Calliespedia

Contents 1 Use SSL Connections 1.1 Valid SSL Certificates 1.2 Form Submittals Through SSL Only 2 Use a VPN Connection 2.1 FreeVPN 3 Turn On Personal Firewall 4 Rogue Hotspots 5 Disable File and Printer Sharing 6 Use the "infrastructure networks only" wireless option 7 Use OpenDNS 8 Wiphishing 9 Bluetooth 10 Self-Updating Software 11 Caffe Latte Attack

Use SSL Connections

When logging into bank and email accounts online, look for the https:// protocol in the address bar of your browser.

Valid SSL Certificates

If accessing a known site, like Gmail gives you a notification about the certificate validity, don't go any further! It's not very hard for an evil hacker to offer you his own self-signed certificate and pretend to be the site you're trying to access.

Form Submittals Through SSL Only

Use a VPN Connection

FreeVPN

Turn On Personal Firewall

Rogue Hotspots

Rogue hotspots are common at airports, hotels, coffee shops, truck stops, and other popular WiFi venues. They may identify themselves as "Free WiFi", but many of them have more innocent looking names.

Disable File and Printer Sharing

Use the "infrastructure networks only" wireless option

Turn off ad-hoc mode

Use OpenDNS

You can use OpenDNS as a pre-emptive measure to guard against DNS poisoning. OpenDNS will also improve your computer's Internet connection performance, and provide other safeguards.

Update: Some trouble using OpenDNS on some VPNs (virtual private networks) has been reported.

Wiphishing

A hacker sets up what is called a “rogue access point” which mimics the characteristics of the network to which users expect to connect. Users unknowingly connect to the rogue access point and the hacker’s network instead of the intended network.

Bluetooth

Bluetooth exposes another route of hacker entry.

Self-Updating Software

Programs that update themselves automatically can be easily hijacked at Hotspots (or any WiFi network) to download malware.

Caffe Latte Attack

1. Narrow the window of opportunity by disabling Wi-Fi adapters when not in use. Many laptops and other devices now have a physical on/off switch for Wi-Fi. Use it.
2. Reconfigure your client to avoid reconnecting automatically to Preferred Networks. That way, you won't be tricked into connecting to any AP without your consent, and you will realize that a corporate SSID showing up in a public hotspot is not legitimate. (This is particularly important for iPhone users and other with devices that lack an on/off switch for Wi-Fi.)
3. If manual connection management is too inconvenient, then run a host-resident Wireless IPS. A host WIPS like those described here can profile SSIDs and APs used in specific situations. For example, a "Work" profile could let you connect to your corporate SSID at the office, while switching to a "Hotspot" profile could make sure that you ignore that corporate SSID outside the office.
4. Install the Wireless Client Update for 32-bit versions of Microsoft Windows XP with Service Pack 2 (KB 917021). This update stops clients from probing for Preferred Networks that broadcast their SSIDs when the configuration option "Connect even if the network is not broadcasting" is disabled.

del.icio.us