By Aaron Oliver
Wireless connectivity seems to be everywhere these days. Most businesses are offering or touting free wireless connections. Because of this it makes it easy for the professional workforce to work from virtually anywhere, and we have grown accustomed to toting our laptops and tablets around with connectivity anywhere we go. You go for coffee or dinner and jump on the free Wi-Fi connection at the restaurant or cafe because it is faster than your mobile connection, and it saves you money on your mobile data package.
When businesses decide to offer free wireless, how do you think they accomplish it? Do they hire the best contractor or consultant? Sometimes yes, the business owner calls the correct person or company to come out and install a secure protected wireless network. However, often small businesses and cafes will call "their guy" who has setup multiple wireless networks and “knows all about them.” They go and buy a residential router form Walmart and plug it into an internet connection, and boom, that business now advertises "free Wi-Fi". The business owner has no idea that they have deployed their new free Wi-Fi without any kind of security or enterprise level features that they should be concerned about having.
Most of us see a wireless network and never give it a second thought, we hit the connect button with whimsical disregard for the dangers that could be lurking in the air just waiting to ensnare your connection and capture everything you do. There is little way for most end users to determine from the wireless network name alone if the proprietor of the establishment offering the connection decided to have their network done right, or called their "guy" to implement a cost saving solution with zero security measures. It is also hard to tell if someone looking to do something shady has planted or plugged in a rogue wireless network with a Wi-Fi name that sounds like it would be for the business you’re visiting just to get you to connect and then attack your system in some way.
As an example, you as a business professional with your laptop walk into the "xyz cafe" and decide to connect to one of these basic wireless networks to get a few things done while on the go. While in the same cafe is someone with a little "know how" and some malicious intent is connected to the same wireless network. This person could initiate a "man in the middle" attack forcing all your traffic to go through their computer allowing them to capture all your website traffic. In this scenario, this person with malicious intent could capture your passwords for god knows what and possibly even browse your computer copying or stealing your documents, pictures, and files. Even worse is that a piece of spyware or malware could be deployed that allows continued access to the computer for a hacker who wants to see what you have access to when you’re back in the office or your home.
So, I know this article could be very scary for some, but that is not my intent, my intent would be to inform you of the possibility of potential breeches that can occur when using a public WIFI connections. While there are risks, there are also ways to mitigate the risks. The first or easiest is to make sure you have your computer’s firewall or antivirus's firewall features enabled when using public networks. Another way to reduce the risk is to connect to your company’s VPN when on public wireless connections so that all your traffic is encrypted and sent through your company's internet connection to keep it safe from potentially prying eyes. There are also some third-party proxy tools that will allow you to do the same thing if your company does not have a VPN connection setup for you to use. Below are a couple of links to a few of these paid services as an example of a cheap way to buy a little piece of mind.
Aaron Oliver is a Senior Network Engineer at ThrottleNet