I have a laptop, just like a lot of business people. 99% of the time I use it at my office or at home. It is the other 1% of the time that is my focus today – using public WiFi hotspots (http://en.wikipedia.org/wiki/Hotspot_(Wi-Fi)) securely.
Wireless Internet connectivity has become ingrained into the way that people conduct business. Laptops and netbooks, Blackberrys and iPhones – everything is WiFi equipped. Mavidea CEO Erik Barnlund and I flew to Orlando for a conference a couple of months ago and during that week, each of us connected our laptops back to the corporate network to keep up on our work. Just because I like to try and keep Erik on his toes, I grilled him on how he was connected to our network, and I love the fact that he was being secure and using a VPN connection. Over the years that we have worked together, some of my security paranoia has rubbed off on him.
Ironically, while we were traveling, I stumbled upon this article from BBC’s Watchdog series – “Is your WiFi secure?” (http://www.bbc.co.uk/blogs/watchdog/2009/10/wifi_hot_spots_not_secure.html) Author Rob Unsworth writes about a flaw from three major UK public hotspot services that could expose tens of thousands of users to hackers. By default all three network are always unencrypted. The exact same problem is also prevalent here in the United States. The wireless Erik and I connected to at the hotel, the conference room, the airport, and even at the coffee shops were all unencrypted. If you think of a unencrypted wireless network as words scrolling by on a TV screen, then a “sniffer” program (freely available and widely used on the Internet ) quickly records everything. Data can then be played back later and analyzed for anything interesting inside. Sadly, unencrypted networks are pretty much the norm because they are so easy to use.
And if the unencrypted networks weren’t bad enough, let’s throw in other problems like man-in-the-middle attacks. With these attack, the hacker tricks unsuspecting end-users into connecting to his hotspot, which looks legitimate and functions normally. Man-in-the-middle attacks are sneaky, using either the exact same name as the real wireless access point, or off by just one letter. Last time a flight routed me through Chicago O’Hare I had a 2 hour layover. The real access point there is called Concourse, but I also saw networks called Concuorse and Concoursse. Either way, if you connect to the wrong network all traffic is recorded as it passes through for sensitive data like name, address, and credit card information.
So what then is a weary (and wary) traveler to do?
- Keep your laptop/netbook/phone secure. These means a current and up-to-date antivirus program, some sort of firewall turned on, and all patches downloaded and applied (if you are a Mavidea STABILITY customer, this is done for you). Most patches are designed to close security holes.
- Connect back to the office (or home) with a VPN connection. VPN stands for Virtual Private Network, and works by quite literally creating a “tunnel” between you and the office. The tunnel is fully encrypted, and any data that you put in cannot be read by anyone from the outside. It makes sense that this is a great way to check email and move files back and forth, but it also is a great way to securely surf the web from a public hot spot. Load up a website, and the data goes from the Internet, back to the office, and then through your tunnel to the laptop, even if you are on the other side of the world. All modern VPNs use AES encryption, which is Department of Defense rated as “Top Secret” so anyone using a sniffer or a man-in-the-middle attack is just going to see a bunch of encrypted gobbldy-gook going by.
And yes, gobbldy-gook (http://en.wikipedia.org/wiki/Gobbledygook) is a highly technical term. 🙂
Next time I am going to examine a couple of the Mavidea recommended ways to get the VPN functionality you need to be secure at wireless hotspots.
