How To Combat WiFi Security Risks When Connecting To A Public Network

combatwifithumb   How To Combat WiFi Security Risks When Connecting To A Public NetworkAs many people now know, connecting to a public, unsecured wireless network can have serious risks. It’s known that doing this can provide an opening for all manner of data theft, particularly passwords and private information.

The specifics of why an unsecure connection can be a problem is more obscure, however – as are the methods that can be used to beef up your security even when using an unsecured public hotspot. Let’s have a look at the exact WiFi security risks of public networks, and the solutions available to counter those risks.

Ah! My Airwaves!

combatwifi1   How To Combat WiFi Security Risks When Connecting To A Public Network

The problem of unsecured wireless networks is a part of the way radios work. Unless specifically designed to do so, a radio won’t broadcast in any particular direction. It will send information across the airwaves in all directions.

As a result, anyone nearby can potentially pick up the data sent by a wireless radio, and if that data is unsecured, it can be read. WiFi security works by encrypting the data sent. It can still be picked up, but can’t be easily read because of the algorithm used to scramble it.

Most people understand this broad summary of the issue, but it’s actually a bit misleading, because it seems to imply that someone can simply open a notepad, connect to a public network, and watch passwords drop in. In truth, obtaining data even over a public WiFi network requires a certain level of knowledge about software such as WiFi scanners, and your average person simply doesn’t possess the necessary skills. Yes, there are tools like the FireSheep extension for Firefox that can hijack sessions easily in theory, but in practice some technical knowledge is usually required to do anything truly malicious.

HTTPS Security Is Your Friend

Attempts to read data can sometimes be thwarted by the first line of defense on a public WiFi network – site or service encryption. For example, when you type in and send your password across a network, it does not need to be, and ideally should not be, sent as “plain text”. It should instead be encrypted via HTTPS or SSL. The same goes for all potentially sensitive information.

combatwifi2   How To Combat WiFi Security Risks When Connecting To A Public Network

Many sites will automatically switch to HTTPS when you visit a page that requires the exchange of potentially sensitive information. Some sites, like Google, Twitter and Facebook, give you the option https gmail   How To Combat WiFi Security Risks When Connecting To A Public Networkto remain in HTTPS at all times. You can decrease your risk when using any public network by making sure that any site on which you are entering potentially sensitive information is secured. Usually this is as simple as watching for the “https” prefix on the URL. If you’re on a public network, and the site is not secured, then just wait until you’re home before entering any important information.

Use a VPN

combatwifi4   How To Combat WiFi Security Risks When Connecting To A Public Network

Although HTTPS can be great, it does depend on the website’s implementation, which is something you have no control over. A poorly designed HTTPS site could have huge security holes – and it’s never wise to assume that a site has great security just because it’s popular.

A VPN is a great way to make public WiFi secure for your use 100% of the time. VPN stands for Virtual Private Network, and it’s a method of creating a secured connection even on a network that is public and unsecured. Instead of connecting directly to the Internet, you connect to a specific server, which is itself connected to the Internet. The connection between your device and the server is encrypted, so the information you send is protected even on unsecured WiFi.

There are quite a few different ways to set up a VPN, but the easiest is to use a free VPN service. Free use of a VPN is usually limited to a certain amount of traffic per day or month, after which you’ll have to pay for more bandwidth. The speed of your connection might also be handicapped unless you pay up.

Tunnel For Safety

combatwifi3   How To Combat WiFi Security Risks When Connecting To A Public Network

Another common method of creating a secure connection even on public WiFi is to use tunneling. Leave your shovel in the shed – this method is a server capable of SSH protocol.

Tunneling is the process of placing a packet sent via a specific network protocol inside another packet using a different network protocol. In the case of SSH tunneling, all packets are placed inside SSH packets, which are encrypted. The packets are then sent to the designated SSH server.

This method can also be used to work around attempts to block access to specific websites, which can be handy if you’re on a WiFi hotspot that’s trying to prevent you from accessing certain content without paying up. You can tunnel either by using a virtual server or by using your own server, which presumably would be left at home.

Conclusion

The best way to make sure your information isn’t obtained when using a public WiFi network is to not send any sensitive information over the network. This is not always practical, however, so the methods above can help provide extra security.

Of the three, relying on HTTPS is by far the worst, because only specific information will be encrypted and that information is designated by the site, rather than the user. Still, it’s better than nothing.

Let us know in the comments if you have any other good WiFi security tips for protecting yourself while on a public WiFi network.

Image Credits: proXPN, vwbike.com

The comments were closed because the article is more than 180 days old.

If you have any questions related to what's mentioned in the article or need help with any computer issue, ask it on MakeUseOf Answers—We and our community will be more than happy to help.

6 Comments -

Jason Williams

I set up a PPTP VPN on my home computer using the instructions I found here: http://www.sevenforums.com/tutorials/4517-virtual-private-network-vpn-enable-incoming-vpn-connections.html

I chose this solution because it’s quick and easy – the server is built in to Windows 7 on my home computer and the client is built in to both Windows XP on my netbook and Android on my tablet and cellphone.

I’ve read that PPTP isn’t the most secure option but I don’t really know enough to know whether I should be concerned by this or not. I’m not doing anything critical here, to be clear, I just want to go a step beyond the norm in protecting my privacy and making myself less vulnerable to session hijacking attacks. Given that there’s really no reason for anybody to target me directly and my primary goal is protect myself from script kiddies with a copy of firesheep or similar, have I done enough? Is there an easy way I could set up a more robust solution?

M.S. Smith

You should be fine. By implementing a PPTP VPN you’re well ahead of the game. I would not be concerned unless you’ve uncovered a secret government conspiracies recently. 

sefcug

I use the $59.99 per year Witopia personalVPN™ – SSL (openVPN)http://www.witopia.net/index.php/products/ and have for the last couple of years.

I have tried a couple of the free options, but found them to be too slow to use all the time.

If I can’t use the VPN for some reason, such as using another PC than my own, I will not even access my email on a public wi-fi connection.

Jack Cola

I wrote some of my own tips for protecting your Facebook and Gmail accounts, it’s well worth the read.

http://www.jackcola.org/blog/137-how-to-protect-yourself-online-while-using-facebook-gmail-and-other-websites

You may also want to check out this series of posts about Information and Network security that I will be writing soon http://www.jackcola.org/learn/information-and-network-security

Also, if you are connecting via VPN, just make sure it’s a trusted one, otherwise it can do you more harm then good. And if you connect to your workplaces VPN, they will probably monitor what you do as well.

Jennifer P

I just did a free 3 day trial of Private WIfi (www.privatewifi.com) and it works great – I am definitely going to subscribe.