Twenty years ago, people were amazed to see cell phones in the local coffee shop. Now, along with those, you see laptops and people quietly surfing the Internet, reading and sending e-mails and buying things online while they enjoy flaky biscuits and Cafe Mochas. Coffee shops, airports, lounges and, of course, Web cafes, all offer web access via wireless local area networks (WLANs). They bring in customers and keep them ordering as they work and play on the Internet.
Sounds like a good deal, right? For the most part it is, but there is a downside. There is a distinct possibility that one of your fellow laptop-toting coffee drinkers will be a hacker. An even-greater possibility is that a hacker is nearby, well within the operating area of the WLAN, breaking into hard drives, listening in on chat sessions, reading e-mails, gathering financial information like credit card numbers and trying to infect other computers with viruses or spyware. Surprised? If so, you aren't alone. When it comes to the Internet, people are remarkably casual regarding their personal information in spite of a concerted effort to publicize the dangers of identity theft. The general attitude seems to be that "as long as my laptop has a firewall and antivirus software, then I will be fine."
If only that were the case! The fact is that these things can and do help, but they are not foolproof. As we enjoy greater and greater convenience and connectivity, we place ourselves in greater danger of of identity theft, especially in a public place like a coffee shop or the airport. Never imagine, when you are in public with your computer that anything you are doing online is either private or safe. It takes very little time for a hacker working on a public WLAN to get into what you are doing and begin taking information.
How it all Works
To use a WLAN, you have to connect through an access point. You have seen access points whenever you connect to a network, though you have probably not noticed since the finding of an access point and the connection to it are usually handled automatically by your computer. So, unless you have had some problem with it, odds are it is not something you have ever had to look at. In some places, there is only one available access point—presumably yours—and in other places there are several that will show up as available. Your computer looks for the right one, provides your credentials and you are connected. Properly protected against viruses, intrusion attacks against your computer are more difficult then they might otherwise be, and if the network you have connected to offers its own defenses, that is even better. Still, all this does nothing against the attacks you can face while using your laptop on a public WLAN.
Types of Attacks
According to Lisa Phifer, owner of Core Competence, Inc., wireless attacks come in four different ways: Access Control, Confidentiality, Integrity and Authentication. Access Control attacks invade a network by using wireless technology while getting around WLAN security. Confidentiality attacks intercept private information sent online, such as credit card numbers. Integrity attacks mislead the victim into thinking that they are communicating with a trusted person and this, in turn, keeps the victim online long enough for data to be stolen, corrupted or both. Finally, Authentication attacks are used to steal user identities and credentials (usernames, passwords, etc.) to allow access to private networks.
It was once said that the only truly secure computer is one that is off and unplugged, fully disconnected and then locked away in a bunker that is then sealed and buried. That is a rather pessimistic view of things, but it does illustrate the frustration many feel about computer network security, especially in this day and age of laptops. Still, these are two key actions that you and your IT department can take to make sure you are as safe as you can be.1. BEGIN WITH THE BASICS.
Make sure the firewall on your laptop is configured to reject incoming queries and that your anti-virus applications are up to scratch. That is the first step of any computer security scheme.
You should also make sure your employees' laptops are protected so they can safely communicate with the corporate network back home. Traditionally, data is secured by using encryption schemes like Secured Socket Layers (SSL), Transport Security Layers (TSL) and secured HTTP connections (usually identified as https). These will create a secure link between the two computers. These encryption methods generally do a pretty good job handling most day-to-day transactions like your eBay bids and PayPal payments as long as you know and trust the access point you are using, such as the one at your home or office. 2. VIRTUAL PRIVATE NETWORKS.
By using very powerful encryption technology, a Virtual Private Network creates a kind of electronic tunnel, running from a trusted access point at one end, through the corporate firewall and into your secure network on the other end. This powerful tool is a step up in security from the SSL, TSL and HTTPS methods and can do a lot for your security efforts. What's more, with prices ranging from less than $300 to over $20,000 for the combination of hardware and software, you can find an option that is both affordable and usable for companies of any size. There is one more thing, however, without which no amount of security technology will prevail.
The Human Factor: How to Stay Safe
Perhaps the greatest threat to security is your wayward computer user himself. It is because they do not know the dangers that lurk in Internet cafes and around airport hotspots. Your efforts must begin with education, with knowing the difference between being prepared for trouble and not getting into trouble at all. That means staying away from strange access points the same way you would stay away from strange alleyways. Many users happily connect to any access point just to get the free Internet access. Since this is the type of behavior that hackers count on, it needs to stop. There are other actions you can take as well:
- Disable the automatic connection features and connect manually to your access point.
- Users should connect only to access points that are current, known and trusted such as home and office access points. In hotels, if an Ethernet connection is offered, use that rather than the wireless connection for added security.
- Avoid "Default" access point identifiers, also called server set identifiers (SSIs).
- Your employees should also have access to known, secure wireless hotspots to use as access points.
- When on a WLAN, avoid online activities that hackers thrive on, such as:
- Logging on to check e-mail
- Filling out online forms
- Online banking
- Making online purchases
What does all this mean? In essence, it means that your people should not act like typical users. They have to exercise some common sense and stop doing things that a hacker would be interested in. They also need to ask themselves a question: "Am I on a secure access point or is it wide open?" The answer to that one question should dictate their behavior from that point onward. As a general rule, if you are not in a secure environment, avoid doing anything that might expose you or your company to risk. Wireless security isn't just for companies—it protects employees as well. —Charles M. Cooper
For more info, read "The Evil Twin and Other Attacks"
Copyright © 2009 - 2015 America's Best. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.