Tuesday, July 10, 2012

Oh I see you're using an unsecure Wi-Fi network... and I see your url's, logins, passwords... Tips for keeping your Wi-Fi traffic yours

WindowsNetworking.com - Protecting Against Wi-Fi Eavesdropping

This article will discuss the Wi-Fi eavesdropping issue and share some tips on how to protect the users on your private network and how to protect yourself when using public Wi-Fi hotspots.

Introduction

By default, Wi-Fi is not secure. On private networks, yes you can enable encryption to prevent unauthorized people from connecting and reading the traffic as it travels through the airwaves, but depending upon the security mode you use, connected users may still be able to eavesdrop on each other’s traffic. And although public networks may use web-based authentication (captive portals), most don’t use actual encryption. Thus anyone nearby can eavesdrop on the hotspot traffic, even if not a paying customer.

Here I’ll discuss this Wi-Fi eavesdropping issue and share some tips on how to protect the users on your private network and how to protect yourself when using public Wi-Fi hotspots.

What Eavesdropping Can Reveal

To better understand Wi-Fi eavesdropping, you should know what one might be able to do with the Wi-Fi traffic they capture from the airwaves. They could capture your passwords and content for services or sites you sign into that aren’t using SSL encryption, most commonly your POP3/IMAP email and FTP connections. They could also hijack your logins to unencrypted sites like Facebook and Twitter. And on private networks, they may also be able to capture file transfers.

..."

I was out of town last week and the hotel Wi-Fi, while free, wasn't secured in any way. You see, I have a fear of unsecured public Wi-Fi networks and just couldn't get over it. Sure I use SSL everywhere I can, but I also use a number of app's where I don't know if THEY are using SSL. Luckily I had my Mi-Fi with me and that worked like a charm (but isn't free).

I've been thinking that I need to look into a VPN service and with this past week's experience, this article is very timely.

No comments: