Tips for End-users on Internet Surfing When Using Public Wireless Services

Once your wireless device (such as a notebook computer or a hand-held PDA device) is connected to the Internet via a public wireless hotspot, you are exposing yourself to potential violations by remote attackers. However, the following security tips may help you avoid the traps laid by these attackers:

• Don't leave your wireless device unattended.
  
• Protect Your Device With Passwords: Enable your device's power-on login, system login authentication, and password-protected screen saver.
  
• Disable Wireless Connection When It Is Not In Use: Wi-Fi, infrared, and Bluetooth devices are constantly announcing their presence if they are enabled. That means they are waving their hands to attackers, even though you may be unaware of it.
  
• Keep Your Wireless Network Interface Card Drivers Up-to-date: A network interface card driver is just a piece of software, and like any software, is not immune to bugs. Keeping the drivers up-to-date assures that wireless devices have the latest protection and support from product vendors.
  
• Protect your device with anti-virus software using the latest virus definitions. This can minimise the risk of infection by computer viruses or spyware.
  
• Encrypt Sensitive / Personal Data on the Device: Even when an unauthorised user gains access to your device, encryption will keep your data away from an opportunistic thief.
  
• Turn off Resource Sharing Protocols for Your Wireless Interface Card: When you share files and folders, your shared resources may attract attackers attempting to manipulate them.
  
• Remove Your Preferred Network List When Using Public Wireless Services: Some operating systems offer a feature for you to build your own list of preferred wireless networks. Once you have this list defined, your system will keep searching for a preferred network and try to connect to the preferred network automatically. By capturing this information sent out from your system, an attacker could set up a fake wireless access point, which meets the settings of a wireless network on your Preferred Network List. In doing so, your device would automatically connect to the attacker's fake wireless network.
  
• Turn off Ad-Hoc Mode Networking: "Ad-hoc" mode networking enables your wireless device to communicate with other computers or devices through a wireless connection directly with minimal security against unauthorised incoming connections. This should be disabled to prevent attackers from easily gaining access to information and resources on your device.
  
• Do Not Enable Both Wireless and Wired Network Interface Cards at the Same Time: When a device is connected to a wired LAN with the wireless network interface card still enabled, there is a possibility that attackers can sneak into the wired LAN through an open wireless network if network bridging is enabled.
  
• Check the Authenticity of a Captive Portal: Captive portal web pages are commonly used in public hotspots as a means of user authentication and for deterrent protection. When connecting to a public hotspot, the user will be redirected to a captive portal page. However, attackers could also set up fake captive portals to harvest personal information. Therefore, when using public hotspots, it is important to check the authenticity of a captive portal by verifying the server certificate from the website.
  
• Don't Send Sensitive / Personal Information When Using Public Wireless Networks: Public wireless networks are generally considered to be insecure. You should not transmit sensitive or personal information over a public hotspot without proper security controls.
  
• Encrypt Your Wireless Traffic Using a Virtual Private Network (VPN): If transmission of sensitive or personal information over a public wireless network is unavoidable, a VPN solution can help ensure the confidentiality of communications using cryptographic technologies. If you want to learn more about VPN technologies, please refer to the article on"Virtual Private Network Security".
  
• Disable Split Tunnelling When Using VPN: It is possible to connect to the Internet or other insecure networks while at the same time holding a VPN connection to a private network using split tunnelling, but this may pose a risk to the connecting private network.
  
• Remove All Sensitive Configuration Information Before Disposal: If you dispose of old wireless components, it is important to erase all sensitive configuration information, such as Service Set Identifiers (SSIDs) or encryption keys, on the devices to be disposed of.
  
• Though there are a number of other security measures you can take, these security tips provide a good start for protecting wireless devices and your personal information when connecting to a public wireless networks.