Show Menu
Cheatography

Safety Tips for using Public WiFi Cheat Sheet (DRAFT) by [deleted]

How to use Public WiFi safely

This is a draft cheat sheet. It is a work in progress and is not finished yet.

Introd­uction

With the number of public Wi-Fi networks increasing and the number of mobile data transfers keeping pace, the use of public Wi-Fi is a signif­icant and growing security risk. As the number of hotspots and mobile users continue to expand, attacks will increa­singly compromise email accounts, passwords, Social Security numbers, and credit cardholder data. Hackers will eavesdrop on commun­ica­tions, steal corporate inform­ation, gain access to banking accounts, and infect IT systems with malware.

What precau­tions can users take to help secure their use of public Wi-Fi networks? Here are five tips for using these networks safely.

Verify the network

Before going online, verify that the network is the provider’s official system. Don’t assume the strongest signal is coming from the trusted network. If there’s any doubt about the proper SSID, ask. This helps prevent a man-in­-th­e-m­iddle attack, where a rogue access point may capture everything the user does. Sometimes scammers even demand a fake fee for access, thus acquiring both credit card inform­ation and a payment.
The safest way to “verify” a network is to establish a secure VPN back to a known location (such as an office or a home) and tunnel all your traffic through it. If the VPN tunnel can be establ­ished, then you’re likely on a safe network.
https:­//t­ech­net.mi­cro­sof­t.c­om/­en-­us/­lib­rar­y/f­f68­773­0%2­8v=­ws.1­0%­29.aspx
https:­//w­ww.k­en­tla­w.i­it.e­du­/Do­cum­ent­s/D­epa­rtm­ent­s/C­LC/­Wir­ele­ss%­20I­nst­ruc­tio­ns/­Ver­ify­Wir­ele­ssN­etw­ork­Nam­e.pdf

Implement a VPN

A common action is to implement a VPN capabi­lity. The VPN establ­ishes an encrypted tunnel through which they can access company inform­ation, but also surf the Internet and engage in personal busine­ss.** VPN offers a series of controls to protect both the system and its traffic, but requires a VPN applic­ation on each device to encrypt the connection from end to end.

Because of its inconv­eni­ence, many users continue to check Facebook, read the news, and carry out their other personal Internet business without going through the VPN. This is a mistake. As long as they are online, users are exposing their device to hackers on the public Wi-Fi network. If a hacker can get into a machine, they can see every sensitive file, even if it is not open at the time.
 

WiFi Security Breach

Hacker is the Man in the Middle

Avoid Logging in

When on a public network, ideally browse only websites that do not require login creden­tials. However, if you need to log in -- for example, to access personal email -- it is best to go to websites that support the HTTPS protoc­ol, which encrypts the commun­ica­tions between website and browser. Note that images may still be distri­buted via HTTP since links are not typically encrypted.

Use two-factor authen­tic­ation

Two-­factor authen­tic­ation identifies users with a two-step process, combining components from the system and a knowledge factor provided by the user. With these extra steps (which take only a few seconds), most illicit actors can be blocked from the system. If accessing company email and other systems requires two factors, even if a bad guy sniffs a user’s password, the password alone won’t provide access to the company system.

Beware Open SSID

One of the hidden challenges of mobile networks is that once a device has joined a specific network, it will jump back onto that network whenever the user is within range. To prevent this, users should turn off network discovery options like “Remember networks this computer has joined,” or get into the habit of deleting the network’s SSID profile after each session. This way, users can’t be coaxed into accide­ntally accessing a network with a similar name. For example, an iPhone will automa­tically hop onto any network called “AT&T.” Similarly, many notebooks are set up to advertise their internal SSIDs -- which is why you can walk down a hotel hall and see the hard drive in every room.
It’s important keep mobile devices from blindly hopping on networks advert­ising those SSIDs -- and to stop advert­ising their own SSIDs. Whenever a device is used on a public network, sharing should be Off and the firewall On.
http:/­/wi­ndo­ws.m­ic­ros­oft.co­m/e­n-U­S/w­ind­ows­-8/­tur­n-s­har­ing­-on­-or-off