Summary: When connecting to the internet in an internet cafe, hotspot or other public connection you could be opening yourself up to serious security issues.
I've read your articles about how a secure home wireless network is important. But lets say I'm in a cafe, and I'm connected to their public wireless, is all my privacy compromised? I have a firewall and I suppose that will block any attacks into my laptop, but what about the information I send out such as online banking and the like on that public wireless?
•
You are absolutely right to be concerned.
There are steps that you need to take to ensure both your security and your privacy.
•
There are three things you need to consider when using an internet service away from home: your internet provider, your internet connection, and your computer.
Your ISP can monitor everything you do. I'm not saying that they are, but they can.
Whenever you're using a wireless hotspot such as in an internet cafe, or even a wired connection in a hotel or somewhere else, they are your ISP for that connection. Again, I'm not saying that the coffee shop, hotel or their wireless provider is spying on you, but I would take care to make sure you trust the provider you're using. If you're at "Joe's Cafe" and it's Joe's teenage son that's just slapped a wireless access point on their DSL connection - yes, he could certainly be monitoring what you're up to if you're not careful.
But that's not really the biggest threat. So while you should of course exercise caution, for this discussion I'll simply assume we can trust whomever's providing the internet connectivity.
The people we shouldn't trust are the other users within range of that wireless connection.
Anyone within wireless range of your laptop could be monitoring your internet usage.
Scary, huh?
So, here's what you need to do:
-
Use a firewall! Sounds like you're already doing this, but for everyone else, this is critical. And it doesn't have to be difficult; for example, I simply enable the built-in Windows firewall when I'm in an open WiFi situation.
Yes, there may be a router or firewall at the hotspot protecting you from threats from the internet, and that's fantastic. It's also not at all what I'm talking about here. In an open WiFi situation and in any "internet provided" situations like hotels, you need to protect yourself from everyone else that's on the same side of the router as you are. They can see and connect directly to your machine unless you have enabled your firewall.
-
Use httpS! That's https; note the "s" at the end. An https connection is encrypted. That means that while someone can see that you're accessing a particular web site, if you're using https they cannot see any of the data you send to or receive from that site. This is the only safe way to do online banking. If you can't connect via https, or the "s" disappears at some point in your exchange with your bank, then stop immediately. If it's not https it's not secure and anyone in the room could be monitoring what you're doing.
-
Secure your Email! Email is perhaps the biggest open security hole in these situations. If you use a POP3/SMTP email client, the default configuration for most is totally unsecure. I could sit in a corner of the internet cafe and not only read your email with you, but also steal your account name and password. It really is that unsecure.
With POP3 and SMTP you should contact your email provider and see if they support SSL connections. If they do, it's a slightly different configuration in your email program but once done all of the communication between your email program and email servers are securely encrypted.
Online or web-based email services deserve special consideration. Most do not support https connections. The one exception is Gmail, which will use https if you make sure to login through an https connection, and have the "always use https" option selection in Gmail's options.
-
Consider a VPN. Not all sites support https as it takes extra work on their part. For example, there is no https version of ask-leo.com; you can only access it through unencrypted http, and that's the norm for most sites that don't process confidential information. But that means that someone could still be watching where you go. If you don't mind them seeing that you're visiting ask-leo.com, or what you might happen to search for on Google, or whatever other sites you're visiting in the clear, then you don't need to do anything.
And not all email providers will provide secure connections.
However, if you're a "road warrior" and spend a lot of time in internet cafes, have an unsecure email configuration, or browse a lot of sites that you'd rather not be so easily sniffable, you might consider a VPN (Virtual Private Network) service. I've never used one personally, so I can't recommend one specifically, but there are several. http://www.hotspotvpn.com/ is one example. Using these services you create an encrypted connection to the service and route all your internet traffic through them. When you do this, the folks in the cafe see only encrypted data which they can do nothing with.
-
Realize that a "login intercept" protects them, not you. In many free WiFi situations the first time you use the service no matter where you try to go you're first intercepted and sent to a page where you're required to "login" or otherwise accept the terms of service. This page does not protect you at all. It has nothing to do with security, wireless or otherwise. It's nothing more than a bit of legalese to protect the internet provider.
So, how big is the risk, really?
It depends.
I would expect busy hotspots near sensitive areas to be a fairly reasonable risk. Busy coffee houses, open airport WiFi, libraries and the like seem like "target rich environments" for the potential hacker. These are certainly places where I'd make sure to take these safety measures myself.
Less busy hotspots? Perhaps not so much.
But it is possible, and more frighteningly, it's not all that hard for someone who's technically savvy.
(This is an update to an article originally published February, 2008.)
Related:
-
Can hotels sniff my internet traffic? More and more hotels are offering both wired and wireless internet, but along with those connections comes a security risk most folks don't consider.
-
Internet Safety: How do I keep my computer safe on the internet? Internet Safety is difficult and yet critical. Here are the seven key steps to internet safety - steps to keep your computer safe on the internet.
-
How do I know if I have WPA or WEP I can use when traveling? Wireless encryption hardware support is actually only half the battle. Knowing whether or not it will be used is the other. And it likely will not.
Article C3269 - November 12, 2009
Leo if your piggybacking on someone else's connection and you are on a httpS website can that info be sniffed or is it still secure?
14-Oct-2008
Aslo it is strongly recommended using VPN when you are browsing in a public wi-fi zones, internet cafe..etc
Posted by: Alex at October 17, 2008 12:52 PMI use personal vpn service (128byt encrypted) called VPN Privacy. Very fast and convinient.
But I use uk vpn and so happy !
Posted by: Nick at December 16, 2008 10:24 AMHotspot connection and its signal matters a most and thius respect i can assure you from my pat experience that wifirush service,wireless connection and hotspot is one of the best in the market. I promise you, wifirush latest technology keeps you free from security threats and constantly encourages you to use it for your business purpose at your best level.Visit http://wifirush.com/services_flash.html for more information to get new taste of hotspot.
Posted by: Peter at July 20, 2009 10:46 PMI always use https when I'm at unsecured wireless networks, but I'm worried that someone can still see what I'm doing. I make sure the website uses AES 256 bit encryption but I don't think that's enough for encryption. Is it possible for someone to decrypt the https connection?
16-Aug-2009
Posted by: Leroy at August 16, 2009 5:11 AM
Leo, every week I read and get a lot of excellent advice on your column. But you can get CLEAR signals a lot further than 100 meters away. I have my own connection (Verizon Wireless), but the person who rented this place before me mounted a wi-fi antenna on top of the unused chimney (a huge square one), the library is eight blocks away, and I can pick up an excellent signal from here. Along with about 20 or so unsecured networks. The landlord told me to use it, he installed it and used it for 4 years with no trouble. But I'm afraid for the reasons that you mentioned to use it. I just can't believe that all these people in 2009 leave their networks unsecured. Too lazy to set up the security on their routers, just plug and play.
Posted by: Charles Tilley at October 28, 2009 10:50 PMThe Webmail service FastMail.fm offers https, as well as one-use passwords.
Posted by: David at November 13, 2009 2:51 AMCould LogMeIn (their free version) be used effectively as a VPN? I log on at their site and I then connect to my home computer and remote control it to do all of my Internet business. Is this an effective way to keep people from seeing what I'm doing when I'm accessing the Internet at a hotel?
16-Nov-2009
Posted by: Craig at November 15, 2009 5:20 PM
Good advice as always, Leo. I'd like to add that even though you have a Firewall running, make sure that you lock it down by disabling Exceptions when you are using a public LAN. I just got attacked that way in a library!
Posted by: John at November 17, 2009 8:38 AMWhen away from home I would like to use internet cafe's for the odd email, and check my bank accounts, but I am afraid to do so. Is there any way I can protect myself from my security being breached? I do not use a laptop with a wireless connection.
Posted by: DavidBrilliant at November 21, 2009 9:51 AM