Tips for End-users on Internet Surfing When Using Public Wireless Services
Once your wireless device (such as a notebook
computer or a hand-held PDA device) is connected
to the Internet via a public wireless hotspot,
you are exposing yourself to potential violations
by remote attackers. However, the following security
tips may help you avoid the traps laid by these
- Don't leave your wireless device unattended.
- Protect Your Device With Passwords: Enable
your device's power-on login, system login authentication,
and password-protected screen saver.
- Disable Wireless Connection When It Is Not
In Use: Wi-Fi, infrared, and Bluetooth devices
are constantly announcing their presence if
they are enabled. That means they are waving
their hands to attackers, even though you may
be unaware of it.
- Keep Your Wireless Network Interface Card
Drivers Up-to-date: A network interface card
driver is just a piece of software, and like
any software, is not immune to bugs. Keeping
the drivers up-to-date assures that wireless
devices have the latest protection and support
from product vendors.
- Protect your device with anti-virus software
using the latest virus definitions. This can
minimise the risk of infection by computer viruses
- Encrypt Sensitive / Personal Data on the
Device: Even when an unauthorised user gains
access to your device, encryption will keep
your data away from an opportunistic thief.
- Turn off Resource Sharing Protocols for Your
Wireless Interface Card: When you share files
and folders, your shared resources may attract
attackers attempting to manipulate them.
- Remove Your Preferred Network List When Using
Public Wireless Services: Some operating systems
offer a feature for you to build your own list
of preferred wireless networks. Once you have
this list defined, your system will keep searching
for a preferred network and try to connect to
the preferred network automatically. By capturing
this information sent out from your system,
an attacker could set up a fake wireless access
point, which meets the settings of a wireless
network on your Preferred Network List. In doing
so, your device would automatically connect
to the attacker's fake wireless network.
- Turn off Ad-Hoc Mode Networking: "Ad-hoc"
mode networking enables your wireless device
to communicate with other computers or devices
through a wireless connection directly with
minimal security against unauthorised incoming
connections. This should be disabled to prevent
attackers from easily gaining access to information
and resources on your device.
- Do Not Enable Both Wireless and Wired Network
Interface Cards at the Same Time: When a device
is connected to a wired LAN with the wireless
network interface card still enabled, there
is a possibility that attackers can sneak into
the wired LAN through an open wireless network
if network bridging is enabled.
- Check the Authenticity of a Captive Portal:
Captive portal web pages are commonly used in
public hotspots as a means of user authentication
and for deterrent protection. When connecting
to a public hotspot, the user will be redirected
to a captive portal page. However, attackers
could also set up fake captive portals to harvest
personal information. Therefore, when using
public hotspots, it is important to check the
authenticity of a captive portal by verifying
the server certificate from the website.
- Don't Send Sensitive / Personal Information
When Using Public Wireless Networks: Public
wireless networks are generally considered to
be insecure. You should not transmit sensitive
or personal information over a public hotspot
without proper security controls.
- Encrypt Your Wireless Traffic Using a Virtual
Private Network (VPN): If transmission of sensitive
or personal information over a public wireless
network is unavoidable, a VPN solution can help
ensure the confidentiality of communications
using cryptographic technologies. If you want
to learn more about VPN technologies, please
refer to the article on"Virtual Private
- Disable Split Tunnelling When Using VPN:
It is possible to connect to the Internet or
other insecure networks while at the same time
holding a VPN connection to a private network
using split tunnelling, but this may pose a
risk to the connecting private network.
- Remove All Sensitive Configuration Information
Before Disposal: If you dispose of old wireless
components, it is important to erase all sensitive
configuration information, such as Service Set
Identifiers (SSIDs) or encryption keys, on the
devices to be disposed of.
Though there are a number of other security
measures you can take, these security tips provide
a good start for protecting wireless devices
and your personal information when connecting
to a public wireless networks.