We are continuing our systems and cyber security series. Christopher Wright from Citadel Systems is our cyber security expert.
Recently (Todd here), there was a story on a local news station about the dangers of public WiFi connections. Since I use the WiFi at my local coffee shops, it got my attention.
So, when I was talking to Chris about some of these cyber security issues for the blog, I asked him to address public WiFi connections.
I’m thankful to him for addressing this topic for the blog’s audience.
We’ve all been in situations where we have some time to kill and want to catch up on work, email, social media, or any number of other things. Since we live in this massively connected world you can often find free Wi-Fi wherever you go. Good news, right? It could be bad news in disguise. Most (read: all) public Wi-Fi is provided with no guarantee of security. The idea is to offer the service to all customers, not to protect them.Most (read: all) public Wi-Fi is provided with no guarantee of security. Click To Tweet
Even worse, is the ease in creating a fake and malicious access point. The process to create a fake access point with a laptop, and capture all traffic flowing through it, has been almost completely automated in prominent security testing platforms and devices.
If you don’t know the correct Wi-Fi access point, you’ll likely try to guess. This is what that hacker wants you to do. He/she will create Wi-Fi with a name like the legitimate service or even a more generic ‘Free WiFi’-type name.
Once you have connected to the malicious Wi-Fi the attacker has you. He/she basically has a tap on any connection you make. This is called a ‘man in the middle’ attack. Even the connections that you believe are secure, such as HTTPS connections, are not. The attacker forces your initial connection to be unencrypted, usually using deceptive means to hide this fact, and then masquerades as you to the legitimate website. He/she can then capture usernames, passwords, credit cards, and other sensitive information for future malicious use.
How can you prevent this?
The best way is to bring your own Wi-Fi. Mobile phone providers such as AT&T, Verizon, T-Mobile, and others provide a hot spot feature on many smart phones. They also provide dedicated devices for data connections.
If your company has a VPN solution in place, you should also use this to further secure your connection. You will likely need it to access any internal company systems, anyway. That VPN can also be used over a public Wi-Fi service to provide better security for your connections.
If you must use a public W-Fi connection, make sure you know which one is legitimate. This is easier in places like coffee shops and bookstores since you can usually ask an employee. At larger places like airports, it may not be so obvious. However, it will be worth your while to find the legitimate service or forego any use if you can’t determine which service is official.
Chris is hosting a Cyber Security Town Hall at the Venture Center in downtown Little Rock on Tuesday, March 7th from 5:30-6:30 pm.
“Hear from panel members RJ Martino of iProv, Michael Sullivan of CloudMedia, Blake Townsend of PC Assistance, and Christopher Wright of Citadel Systems.”
Chris Wright is the owner of Citadel Systems, Cyber Security and Systems Engineering Consulting in Central Arkansas focused on Small and Mid-Sized Businesses
Visit his website for more information about Cyber Security Consulting