Security+ Web Version 2016 | Page 13

By Perry Correll, Principal Technologist, Xirrus It’s no surprise to anyone that Wi-Fi use continues to grow. However, what is hard to believe is that there are so few public Wi-Fi networks capable of serving our needs outside of the home securely—particularly when you consider that as of today, nearly everyone owns a smart phone, 91% use a laptop, and 80% have a tablet. The portability of these items reflects intent of use, which is, of course, mobility. But there is little point in being able to work remotely from a coffee shop, do banking from our phones while waiting at the airport, or make purchases from the comfort of a hotel room when there’s a high risk of having data stolen due to the lack of security when using public Wi-Fi. Xirrus recently polled Wi-Fi users and found that 76% connect to Wi-Fi outside of their home. With the proliferation of wearable devices such as fit bands and smart watches, that figure will only increase with each passing year, thereby presenting additional temptations for hackers. Public Wi-Fi offers the convenience of accessibility, but typically doesn’t encrypt data, which leaves passwords exposed and sensitive data vulnerable to the possibility of capture by those with malicious intentions. It’s bad enough worrying that while sipping a latte, cyber criminals might be trying to steal your credit card data and bank account numbers, but even more daunting to know that corporate espionage is on the rise. Hotel Wi-Fi networks, which are notoriously easy to breach, offer hackers little challenge when it comes to intercepting private or classified information accessed by executives who stay in hotels on business. Now more than ever, large and small enterprises—from coffee houses to airports and hotels—must upgrade their networks to provide better security for their customers. 2. Do not enter credit card details or other personal information on the provider’s network unless you are using an SSL or VPN. Ideally, use vouchers or other information when possible (such as name/room number in a hotel setting). When in doubt, call the provider’s support number and validate the method of connection. 3. Public networks should have device-todevice communications turned off. If you can see other users on the network through, say, AirDrop, Finder or Explorer, disconnect immediately. This Wi-Fi network has a security hole. 4. Check the public IP address of the network (you can do this with mxtoolbox.com) and verify the DNS name to ensure it is in fact the provider’s network. 5. If you want to access sensitive websites – banks, financial institutions, corporate servers, etc. – make sure to run your VPN software in full tunnel mode. Check with your IT department if you don’t know what this means. 6. When it comes to open networks, either never connect, or delete open networks immediately after you’ve used them. Hackers widely use open networks to collect personal info, or worse, to execute a distributed denial of service (DDoS) attack against a mobile device, with the aim of crashing an app and/or possibly the OS. This kind of attack can render the device unusable. 7. If ever in doubt, disconnect, and do not reconnect to the network. Stay secure on public Wi-Fi We offer a few tips on how you can use public Wi-Fi and maintain some level of security: 1. When connecting to public networks, be careful to ensure the SSID name and method of encryption are exactly as advertised by the provider. www.securityplusonline.co.uk/xirrus