Coffee shops, restaurants, airports, and hotels, are just some of the locations that you may find an available public wireless network or a free Wi-Fi hot spot. These free wireless hot spots deliver a high-speed internet connection, but this convenient no hassle access to the internet comes with a lack of security. It doesn’t mean you should avoid accessing a free wireless hot spot, it just means you need to be aware of how to protect your device when you do.
To prove the point that security is your responsibility at a public hot spot I captured the following screen shot from a Wi-Fi user agreement from a local restaurant I often visit. The user agreement clearly states security and privacy is the user’s responsibility.
Click to Enlarge
Other businesses that offer free wireless access have similar verbiage in their Wi-Fi usage agreements. With the user being responsible for the security of their device I have outlined some general security tips that can help protect you when using a free public wireless hot spot.
- Have an antivirus program installed.
- Regardless if you access the internet from a wired or wireless network, your home, work, or Wi-Fi hot spot an antivirus program should always be installed and running on your computer. Antivirus will prevent the unwanted programs from being installed on, or accessing data your computer.
- Make sure the firewall is enabled.
- A firewall acts as a bouncer to either allow or deny access to your computer. The firewall uses rules to control the traffic and prevent an unauthorized person from accessing your computer through an internet or network connection.
- Use a VPN connection.
- Free public Wi-Fi provides no encryption or scrambling of the data as it travels the air waves, so anyone could capture the communications including passwords you are typing in to access websites. VPN will allow you to create an encrypted tunnel through the hot spot network to the VPN server. An encrypted VPN tunnel is the best way to scramble your communications as it travels the network and prevents anyone that may be eavesdropping on the Wi-Fi hot spot from reading your traffic.
- There are a lot of personal VPN services available and a quick Google search will reveal numerous companies that provide the service. Most companies providing personal VPN should offer a free trial of their service along with monthly and annual plans for a fee. If you travel a lot or you are constantly using public Wi-Fi you may find this to be money well spent to protect your traffic when accessing any unencrypted public Wi-Fi network.
- Use HTTPS when available.
- Any website you access that requires some sort of log in should be using HTTPS. HTTPS is the secure alternative to HTTP, and to verify if any site is using HTTPS look in the browsers address bar and make sure the web address of the site starts with HTTPS. Some sites such as Facebook may require the user to enable the HTTPS feature through the privacy settings.
When I travel or access free Wi-Fi I’m usually on my Windows 8 laptop, and while researching this blog post I found some great articles on the Microsoft site discussing Wi-Fi security tips. One of those articles is linked below and provides additional details and instructions to help protect you when using public Wi-Fi.
Four Saftey Tips for Using Wi-Fi
A small office home office (SOHO) wireless router can be setup in just minutes, and can be a convenient and cost effective way to extend your home network. Many people don’t do much in the way of configuration or security on a SOHO wireless router when installing the device. However, just plugging in a wireless router without changing any of the factory default settings presents an insecure wireless network and can serve as an open internet portal to anyone nearby. Not only will it be an open internet connection, but it could open up unauthorized access to the computers on the network and the data stored on them. Anyone with a little knowledge of wireless networks and with the right utilities can sniff unencrypted wireless communications potentially capturing any data including passwords traversing the air waves.
Here is a list of some wireless security strategies that can be configured on most wireless routers. While no one feature will simply secure the wireless network, applying most or all will provide a layered approach to security. Some of these settings require an intermediate to advanced knowledge of wireless routers. For assistance or additional help with these settings consult the user’s manual for your specific wireless router.
- Change the default Admin password used to access the wireless router.
- Default passwords for routers are well known or can be found on the internet with some simple Google searches. If you setup encryption along with some of the other advanced security measures on the router it will all be useless if someone can just log into the router using the default password.
- Enable Encryption.
- Setting up encryption on the wireless network and protecting the traffic from being read by an unauthorized person is the most critical security feature to enable on the router. If someone in range of your wireless network was capturing the traffic encryption will scramble the data so it would appear as gibberish to that person. WEP was the original encryption method for wireless networks, but WEP has several known flaws and therefore should not be used. It is recommended to use WPA encryption or the stronger WPA2 encryption if all your wireless devices can support these levels of encryption. When using the WPA encryption methods a preshared key must be entered on the router and the same key is also entered on all of the clients wanting to join the network. When selecting a key avoid common dictionary words and use a random stream of letters, numbers, and symbols with a minimum of 20 characters in length. A wireless network using WPA encryption provides both security by controlling who can connect to the network, but also privacy by encrypting the communications as they travel across your network.
- Change the default name of your wireless network (SSID).
- The service set identifier (SSID) is the name of the network the wireless clients will use to connect to the network, and like the default password the factory set name given to the wireless network can be found out very easily. When selecting a name for the SSID don’t use anything that would identify who owns the network, such as your name, address, phone number, etc… You also don’t have use anything cryptic for the SSID, and a good choice is something that doesn’t bring attention to the name of the network and lets it blend in with any of the other surrounding networks.
- Enable MAC Address Filtering.
- Every network device is hard coded with a unique physical address called the MAC address. Wireless Routers can be configured with a list of MAC addresses allowed to connect to the wireless network. This sounds like a great setting to control the devices that connect to your network, but a reasonably skilled hacker can use free utilities from the internet to monitor traffic on the network to capture MAC addresses of devices on the allowed list. With the allowed MAC address the bad guy can spoof the MAC address on their device to make it appear as if it is in the allowed list.
- Disable SSID broadcast.
- Disabling the broadcast of the network name and essentially hiding the presence of the network sounds like a great feature, and I have seen some people rely on this feature alone for the security of their network. Similar to the MAC filtering setting mentioned before, anyone with a little bit of knowledge and the right utilities can scan the airwaves and discover hidden network SSIDs, so disabling the network broadcast should never be relied on as a cover all security setting. Don’t use this setting by itself, but combine it with other settings mentioned to have strength with multiple security layers.
- Disable managing the router from a wireless client.
- Force any client to be physically plugged into the router using a network cable to log in to the management interface.
- Enable HTTPS for accessing the management interface.
- Whenever HTTPS is available to encrypt communications it should always be taken advantage of. Using HTTPS to manage the router will prevent the user name and password from being compromised.
- Centrally locate the wireless router in the house.
- If you can locate the wireless router in a central location in the residence it should theoretically provide an even coverage area and control some of the leakage of the signal seen by your neighbors. You can also control the coverage area by adjusting the power setting on the wireless router, but this is a bit more of an advanced setting and not all SOHO routers allow power settings to be adjusted. Setting the power level to low may create dead zones in the wireless network coverage. Consult the user’s manual for your router for specific instructions on adjusting the power level.
- Set time constraints to disable access to the wireless network.
- Set restrictions when no one can use the wireless network without powering down the entire network or affecting the wired connections. For example if no uses the wireless network overnight a time restriction banning clients from connecting from 11:00pm to 6:00am to the wireless network can be configured. Powering down the router during vacations or during extended periods of non-usage can be the ultimate security setting to prevent outside hackers from trying to connect to the network.
- Check for firmware updates on the router.
- Routers have software called firmware loaded on them that control the capabilities of the router. The router vendors will release updates for the firmware to improve functionality or patch vulnerabilities. Checking every so often for firmware updates will guarantee your router has all the latest features and security patches applied.
Plugging in a wireless router and not configuring any of the security settings is the equivalent of leaving your house and not locking any of the doors. Hopefully the overview here will give you some information on how to lock down your wireless network and keep your neighbors from using you as an internet service provider.