Public Wi-Fi Best Practices

doughnutdestroyer · 2015-03-26T11:28:54.000Z

I thought this might be beneficial to everyone. Especially those just starting out in the industry.

http://baypointetechnology.com/best-practices-using-public-wi-fi/

Buy a personal hotspot and never connect to public Wi-Fi again……

Well let’s be honest here, the above tip is the best one anyone could give, however, it’s just not practical for every person to have a personal hotspot. Whether you only travel a limited amount of time through the year or it’s just not in the budget, not everyone has or can afford a personal hotspot. Or who knows, maybe you do have a hotspot but it’s not working properly.

Whatever the situation when you’re “disconnected”, public or guest Wi-Fi can be a very tempting thing. Whether you are just jumping on social media to upload some vacation photos, or perhaps check your work email on the road, there are some serious security risks that go with connecting to these networks. The below best practices should help to alleviate some of these risks.

Always update your device

New vulnerabilities in browsers, operating systems, and applications appear everyday. When a new vulnerability is discovered the device / software manufacturer/developer generally releases a fix right away. That is why it is important to constantly keep these updated with the latest security updates and firmware to prevent people from exploiting these vulnerabilities and using them maliciously against you.

Be Vigilant About Network Names

Hackers have been known to setup networks in public places with no security for people to connect to and they then have free reign over that device. It is very important to stay vigilant about what networks you are connecting to. Obviously if you are in coffee shop you want to look for something that may be labeled “Coffee Shop WiFi”. If you are new to the shop or place you are trying to connect, it’s generally a good practice to ask someone who works there which network to connect to.

Only Use Secure Sites

You really shouldn’t be accessing your banking information or really anything that requires credentials when your on public Wi-Fi. But you connected for a reason and I doubt that it’s just to read CNN’s latest headlines. With this in mind make sure that if you do need to login to your online banking, or even your social media accounts that these are secure sites. How can you tell? Look for HTTPS:// instead of just HTTP:// … The “S” stands for secure. You can also look for the little pad lock symbol next to the URL.

Disable File Sharing

Despite what type of device you are using, most these days generally have a setting within them to turn off file sharing. This is a great idea. If someone does get access to your device VIA the network, don’t make it any easier for them to get access to what you hold most dear.

End Point Protection

You are always going to want to have some sort of up-to-date end point protection in place. There are many out there that are very reliable and also free for consumer use. Also if you’re on a windows device you can enable the Windows Firewall and change your settings to reject incoming traffic.

Add your additional tips below!

oscarvanklaveren · 2015-03-26T11:47:46.000Z

Good tips

tiagoparreira3 · 2015-03-26T12:00:29.000Z

I would just add to it: if you can use a VPN, do it!

chris0984 · 2015-03-26T12:03:48.000Z

Good tips, thanks.

zzaffis · 2015-03-26T12:10:28.000Z

why not use your phone as a hot spot? If you have a smart phone that has been purchased in the last 5 years you should have the ability to set your phone as a hot spot.

Secondly a public wifi can be a perfectly safe place if you take the proper precautions. Simple steps like establishing an SSH connection to a trusted server and proxying your data through it will both encrypt the data, as well as keep the data out of a MIM attackers hands by only relying on the dedicated link to the ssh server.

There are safer ways to surf in public that will keep you out of most of harms way. So long as you are properly educated, and equipped, the internet isn’t that scary of a place.

marc89 · 2015-03-26T13:31:14.000Z

I don’t use public wi fi If I can help it, Have worked closely with some top wireless people and big supermarkets and hotels, the information they anonymously collect about your social media friends and groups, shopping habits (by tracking you through the store etc is mind boggling. They can track you to 30cm at any time in the best setups and can sell store advertising space based upon this data, we can guarantee 20000 18-24 males visit this part of tesco every week: how much would you like to pay to advertise/sell your product here?

Or hotels detecting when you go up to your room and sending you a voucher to get you back in the resort spending. That’s just a few uses of big data. It’s scary. Big brother isn’t just watching in these situations he’s stalking you.

john4120 · 2015-03-26T15:49:45.000Z

A great refresher for everyone about public networks!

nic · 2015-03-26T15:56:27.000Z

karma whore! /s

nono2217 · 2015-03-26T19:43:03.000Z

I have to disagree with this information. For people just starting out in the industry “Buy a personal hotspot and never connect to public Wi-Fi again….” is the best advice.

Doughnut Destroyer:

Always update your device

New vulnerabilities in browsers, operating systems, and applications appear everyday. When a new vulnerability is discovered the device / software manufacturer/developer generally releases a fix right away. That is why it is important to constantly keep these updated with the latest security updates and firmware to prevent people from exploiting these vulnerabilities and using them maliciously against you.

Generally is the key word here. The delay is not something I personally would risk on my security. Even a fully patched and updated system can fall to a long known vulnerability due to corporate red tape.

Doughnut Destroyer:

Be Vigilant About Network Names

Hackers have been known to setup networks in public places with no security for people to connect to and they then have free reign over that device. It is very important to stay vigilant about what networks you are connecting to. Obviously if you are in coffee shop you want to look for something that may be labeled “Coffee Shop WiFi”. If you are new to the shop or place you are trying to connect, it’s generally a good practice to ask someone who works there which network to connect to.

Spoofing a SSID is one of the easiest things someone can do, they can even spoof the MAC of the AP. As long as their signal is stronger guess who you just connected to?

Doughnut Destroyer:

Only Use Secure Sites

You really shouldn’t be accessing your banking information or really anything that requires credentials when your on public Wi-Fi. But you connected for a reason and I doubt that it’s just to read CNN’s latest headlines. With this in mind make sure that if you do need to login to your online banking, or even your social media accounts that these are secure sites. How can you tell? Look for HTTPS:// instead of just HTTP:// … The “S” stands for secure. You can also look for the little pad lock symbol next to the URL.

ZZaffis got this one. Using a VPN is a good idea. but even with a condom would you have relations with a $5 woman of the night? I hope not.

Although I do applaud the write up Public wifi is one of those things that should be nuked from orbit. It is an unsafe way to connect. It is a Marketing gimmick to get people into your business because they can Facebook and what not while sipping or experiencing your wonderful products.
As IT pros we should be discouraging this practice not making up excuses for the masses about how it is just not plausible in every day life to avoid them.

doughnutdestroyer · 2015-03-26T22:25:01.000Z

No9252:

I have to disagree with this information. For people just starting out in the industry “Buy a personal hotspot and never connect to public Wi-Fi again….” is the best advice.

Doughnut Destroyer:

Always update your device

New vulnerabilities in browsers, operating systems, and applications appear everyday. When a new vulnerability is discovered the device / software manufacturer/developer generally releases a fix right away. That is why it is important to constantly keep these updated with the latest security updates and firmware to prevent people from exploiting these vulnerabilities and using them maliciously against you.

Generally is the key word here. The delay is not something I personally would risk on my security. Even a fully patched and updated system can fall to a long known vulnerability due to corporate red tape.

Doughnut Destroyer:

Be Vigilant About Network Names

Hackers have been known to setup networks in public places with no security for people to connect to and they then have free reign over that device. It is very important to stay vigilant about what networks you are connecting to. Obviously if you are in coffee shop you want to look for something that may be labeled “Coffee Shop WiFi”. If you are new to the shop or place you are trying to connect, it’s generally a good practice to ask someone who works there which network to connect to.

Spoofing a SSID is one of the easiest things someone can do, they can even spoof the MAC of the AP. As long as their signal is stronger guess who you just connected to?

Doughnut Destroyer:

Only Use Secure Sites

You really shouldn’t be accessing your banking information or really anything that requires credentials when your on public Wi-Fi. But you connected for a reason and I doubt that it’s just to read CNN’s latest headlines. With this in mind make sure that if you do need to login to your online banking, or even your social media accounts that these are secure sites. How can you tell? Look for HTTPS:// instead of just HTTP:// … The “S” stands for secure. You can also look for the little pad lock symbol next to the URL.

ZZaffis got this one. Using a VPN is a good idea. but even with a condom would you have relations with a $5 woman of the night? I hope not.

Although I do applaud the write up Public wifi is one of those things that should be nuked from orbit. It is an unsafe way to connect. It is a Marketing gimmick to get people into your business because they can Facebook and what not while sipping or experiencing your wonderful products.
As IT pros we should be discouraging this practice not making up excuses for the masses about how it is just not plausible in every day life to avoid them.

If you re-read that first part I did say the hotspot was the best advice…

"Well let’s be honest here, the above tip is the best one anyone could give, however, it’s just not practical for every person to have a personal hotspot. "

This article is for those who don’t have a hotspot for whatever reason, or potentially it’s information that can be passed along to end users who most likely don’t own a hotspot. With that being said, the practice is heavily discouraged (especially to my users!!!).

As much as I agree that public WiFi should be nuked from orbit, it’s not always that simple. There is a business model around it (a huge one at that). If people can’t get their users to start using a ticket system what makes you think they are going to listen to anyone about not connecting their laptop to a hotel WiFi.

I also have made NO absolutes that this will completely protect you because it will not. It’s simply some best practices that can make you less vulnerable to the basics.

Also, welcome to the community… Or is this a sock puppet account? Ohh… Yup… Sock puppet.

Either way I do appreciate the input and that $5 lady comment just had me rolling. Given my choice I’d be right with you to tear public WiFi out of the planet. Maybe that will be next for those camera activists that rip down all the surveillance cameras.

Cheers

scottalanmiller · 2015-03-26T23:31:21.000Z

Hotspots only work where there is cellular service, often have limited bandwidth or has caps and other limitations. I cannot get a working hotspot in the entire province that I live in that is faster than 128Kb/s. That’s pretty silly to use for most things. And a lot of money. And still isn’t very secure.

One could argue that personal hotspots aren’t much different than public Wifi in a lot of ways. I’ve had my 4G hijacked before. I would not be too quick to think that supporting cellular providers is going to magically make you secure.

doughnutdestroyer · 2015-03-26T23:57:28.000Z

Scott Alan Miller:

Hotspots only work where there is cellular service, often have limited bandwidth or has caps and other limitations. I cannot get a working hotspot in the entire province that I live in that is faster than 128Kb/s. That’s pretty silly to use for most things. And a lot of money. And still isn’t very secure.

One could argue that personal hotspots aren’t much different than public Wifi in a lot of ways. I’ve had my 4G hijacked before. I would not be too quick to think that supporting cellular providers is going to magically make you secure.

We really all just need to get rid of electronics all together, and go back to living in smaller self sufficient communities and tribes (I would be so down with that). But until that happens I think it’s safe to say, no one is safe, ever, period… puts on tin foil hat

nono2217 · 2015-03-27T10:53:06.000Z

Doughnut Destroyer:

No9252:

I have to disagree with this information. For people just starting out in the industry “Buy a personal hotspot and never connect to public Wi-Fi again….” is the best advice.

Doughnut Destroyer:

Always update your device

New vulnerabilities in browsers, operating systems, and applications appear everyday. When a new vulnerability is discovered the device / software manufacturer/developer generally releases a fix right away. That is why it is important to constantly keep these updated with the latest security updates and firmware to prevent people from exploiting these vulnerabilities and using them maliciously against you.

Generally is the key word here. The delay is not something I personally would risk on my security. Even a fully patched and updated system can fall to a long known vulnerability due to corporate red tape.

Doughnut Destroyer:

Be Vigilant About Network Names

Hackers have been known to setup networks in public places with no security for people to connect to and they then have free reign over that device. It is very important to stay vigilant about what networks you are connecting to. Obviously if you are in coffee shop you want to look for something that may be labeled “Coffee Shop WiFi”. If you are new to the shop or place you are trying to connect, it’s generally a good practice to ask someone who works there which network to connect to.

Spoofing a SSID is one of the easiest things someone can do, they can even spoof the MAC of the AP. As long as their signal is stronger guess who you just connected to?

Doughnut Destroyer:

Only Use Secure Sites

You really shouldn’t be accessing your banking information or really anything that requires credentials when your on public Wi-Fi. But you connected for a reason and I doubt that it’s just to read CNN’s latest headlines. With this in mind make sure that if you do need to login to your online banking, or even your social media accounts that these are secure sites. How can you tell? Look for HTTPS:// instead of just HTTP:// … The “S” stands for secure. You can also look for the little pad lock symbol next to the URL.

ZZaffis got this one. Using a VPN is a good idea. but even with a condom would you have relations with a $5 woman of the night? I hope not.

Although I do applaud the write up Public wifi is one of those things that should be nuked from orbit. It is an unsafe way to connect. It is a Marketing gimmick to get people into your business because they can Facebook and what not while sipping or experiencing your wonderful products.
As IT pros we should be discouraging this practice not making up excuses for the masses about how it is just not plausible in every day life to avoid them.

If you re-read that first part I did say the hotspot was the best advice…

"Well let’s be honest here, the above tip is the best one anyone could give, however, it’s just not practical for every person to have a personal hotspot. "

This article is for those who don’t have a hotspot for whatever reason, or potentially it’s information that can be passed along to end users who most likely don’t own a hotspot. With that being said, the practice is heavily discouraged (especially to my users!!!).

As much as I agree that public WiFi should be nuked from orbit, it’s not always that simple. There is a business model around it (a huge one at that). If people can’t get their users to start using a ticket system what makes you think they are going to listen to anyone about not connecting their laptop to a hotel WiFi.

I also have made NO absolutes that this will completely protect you because it will not. It’s simply some best practices that can make you less vulnerable to the basics.

Also, welcome to the community… Or is this a sock puppet account? Ohh… Yup… Sock puppet.

Either way I do appreciate the input and that $5 lady comment just had me rolling. Given my choice I’d be right with you to tear public WiFi out of the planet. Maybe that will be next for those camera activists that rip down all the surveillance cameras.

Cheers

oh don’t get me wrong I feel your pain my only problem with the post was insted of getting the IT professionals (I see now spiceworks has over 6 mil of them :/) to stop the use of the public wifi and properly inform their business and their people of the dangers it more or less says… well its okay as long as you do these few steps that actually don’t help in any real way but it makes you feel better. Kind of like hiding you SSID sure makes you feel better but it is not really security.

If you did notice I did applaud the post. I like that someone did bring up the fact that yes we all know public wifi is bad news but our users just keep connecting anyway.

nono2217 · 2015-03-27T11:06:50.000Z

Scott Alan Miller:

Hotspots only work where there is cellular service, often have limited bandwidth or has caps and other limitations. I cannot get a working hotspot in the entire province that I live in that is faster than 128Kb/s. That’s pretty silly to use for most things. And a lot of money. And still isn’t very secure.

One could argue that personal hotspots aren’t much different than public Wifi in a lot of ways. I’ve had my 4G hijacked before. I would not be too quick to think that supporting cellular providers is going to magically make you secure.

I agree this sucks. Going back to my $5 lady comment for some of us this is a cheap, readily available, easy option.
Does that mean we should do it? Is it still dangerous but as long as you wrap it should be fine right? Condoms never break right? Would you totally put your trust in this device that is supposed to protect you by diving full into the lions den?

One could argue that Vegetarians eat fish also. A personal hot spot is nothing like a free public wifi. You have control of the connection. If you do not set it up properly and it gets hijacked that is your own fault. I am sure that there is a helpful post around here somewhere to assist you in the proper setup of said hotspot.

I have noticed that if there is a place with free public wifi you also have cell (GSM) service I am sure somewhere in this world yes there is internet with no GSM but the majority of us will never see that.

scottalanmiller · 2015-03-27T15:12:43.000Z

No9252:

oh don’t get me wrong I feel your pain my only problem with the post was insted of getting the IT professionals (I see now spiceworks has over 6 mil of them :/) to stop the use of the public wifi and properly inform their business and their people of the dangers it more or less says… well its okay as long as you do these few steps that actually don’t help in any real way but it makes you feel better. Kind of like hiding you SSID sure makes you feel better but it is not really security.

Even the most secure businesses in the world still make use of public wifi when necessary. If you avoid public WiFi because it is insecure, where do you stop? All Internet connections are insecure. WiFi might be the worst offender, but it is also the one that keeps us from ignoring the security issues. Often, I feel, people are more secure on WiFi because it is the one time that they are paying attention.

birdlaw · 2015-03-27T18:17:20.000Z

ZZaffis:

why not use your phone as a hot spot? If you have a smart phone that has been purchased in the last 5 years you should have the ability to set your phone as a hot spot.

Secondly a public wifi can be a perfectly safe place if you take the proper precautions. Simple steps like establishing an SSH connection to a trusted server and proxying your data through it will both encrypt the data, as well as keep the data out of a MIM attackers hands by only relying on the dedicated link to the ssh server.

There are safer ways to surf in public that will keep you out of most of harms way. So long as you are properly educated, and equipped, the internet isn’t that scary of a place.

People don’t do that because often times it adds to the cost of service. It also drains battery life, not that you couldn’t plug it into the laptop your using to connect to it.

scottalanmiller · 2015-03-27T18:37:57.000Z

And what hot spot do you buy? Where I worked in Connecticut AT&T didn’t work and Verizon did not work well. When I worked in Dallas, T-Mobile worked best. Here in Spain, T-Mobile is the only real option. But most places in the US, T-Mobile is pretty weak. I’d need a few different ones to get spotty coverage. That gets really expensive, really quickly.

jessepadilla · 2015-03-27T19:03:31.000Z

Double bag it with VPN.

alexakselrod · 2015-03-27T19:09:18.000Z

Only Use Secure Sites

You really shouldn’t be accessing your banking information or really anything that requires credentials when your on public Wi-Fi. But you connected for a reason and I doubt that it’s just to read CNN’s latest headlines. With this in mind make sure that if you do need to login to your online banking, or even your social media accounts that these are secure sites. How can you tell? Look for HTTPS:// instead of just HTTP:// … The “S” stands for secure. You can also look for the little pad lock symbol next to the URL.

Seeing that “S” and a padlock gives you a false sense of security. All its saying that CA said that google.com is google. There are hundreds of CA that issue these assurances. If China Telecom says citibank.com is citibank and asks you you enter the password, and after seeing the padlock would you proceed?

Make sure the SSL cert is issued by reputable CA before blindly proceeding with entering your password.

birdlaw · 2015-03-27T19:13:43.000Z

Scott Alan Miller:

And what hot spot do you buy? Where I worked in Connecticut AT&T didn’t work and Verizon did not work well. When I worked in Dallas, T-Mobile worked best. Here in Spain, T-Mobile is the only real option. But most places in the US, T-Mobile is pretty weak. I’d need a few different ones to get spotty coverage. That gets really expensive, really quickly.

When I say “don’t do ‘this’” I’m referring to using the HotSpot feature on their phone. I actually don’t use a hotspot at all as I don’t really have a need for it. I’m on verizon and when I had a Motorola Droid, the hotspot feature was available at an additional cost. I kind of extrapolated what I knew to what I didn’t know and made a weak assumption that that is always the case.