With our guide, you can enjoy more security at a WLAN hotspot. It is no secret: Internet access via public and free WLAN networks are not particularly secure. Reports and reports about “dangerous hotspots” have even managed to get into the early evening program of some TV stations. However, most mobile users still remain too light when they are surfing “in the wild”. This makes them easy victims of data sieves. Although the wireless connection to the public hotspot is technically the same as the home wireless router, the security differences are huge. The home WLAN is basically encrypted.
Latest security software
Therefore, only your own and trusted devices are allowed access. In the case of the public hotspot, the opposite is true: anyone can connect to a wireless device if they are within range of the freely accessible wireless network.
Upgrade operating system to the latest version
Many WLAN access points also have setting options that prevent a connection between WLAN clients. They are called "wireless isolation". But this security precaution is often not activated by the operator of the hotspot. As a result, all notebooks, tablets and smartphones registered at the hotspot are located in a large, shared network.
Use HTTPS access for online services
All registered devices in this public WLAN have access to one another. Through specific attack or hacker tools, criminal users intercept other users in the hotspot network. As a "stolen property", for example, access data for any on-line services - from Facebook to eBay to the e-mail account.
Disable services and server applications
Guide: Facebook - correct privacy settings
There are even more common tricks: some attackers simply declare themselves as a seemingly free hotspot. For the ordinary user, it is not clear who is actually behind the displayed name (SSID) of a free hotspot. If the victim makes use of such access, data are collected. Is it actually the WLAN access of the restaurant or is it the inconspicuous guest at the Nachbartisch, which runs a mobile WLAN hotspot with its Smartphone?
If one pseudo-hotspot is activated, the entire data traffic is first run over the smartphone or notebook of the attacker. With apps and tools, the unencrypted data transmissions of the victim can be easily evaluated.
In the following, you will read about all of these and other risks of using public hotspots - and how to avoid them. Just follow the ten security tips, then you can hook into public radio networks without any additional risk.
In public networks, make sure that your virus scanner is up-to-date with real-time protection ("on-access" scanner). This provides additional protection when, for example, an attacker attempts to infect malicious software with the help of fake websites. Irrespective of this, a virus scanner of course is always compulsory for any computer with online access. This is true even if you go to the secure network at home.
Whether you are on the road with a notebook, tablet or smartphone, offer attackers the least possible attack area, and keep your software up-to-date. This applies to Windows and the operating system of your mobile device.
Each operating system has security gaps, but the weak points of the older versions are generally known for a long time and are therefore well documented. With appropriate tools, these vulnerabilities can easily be misused by amateurs and free-riders. Many of these security risks can be excluded by current updates.
Webmail, social networks and other websites of larger online services require the input of access data for use. Apart from the unprotected access via HTTP, they usually also have encrypted HTTPS access. If you want to call a service on an open hotspot, you should always choose the HTTPS web address.
Guide: Google+ - right privacy settings
Personal Firewall Setup
This means: instead of http://www.facebook.com you enter https://www.facebook.com in the browser. To retrieve the e-mail at web.de you use the same as https://www.web.de. Place the protected HTTPS web addresses of your web services as a favorite or as a link in the browser. This does not inadvertently invoke the unprotected HTTP web address. Fortunately, many online services already automatically use the encrypted transmission via HTTPS.
If the folder shares are set up on a Windows computer, the activated personal firewall with the setting "Public network" already reliably protects against unwanted access to the computer.
Emails only via encrypted access
However, you should disable applications that provide a service on the network while using a free hotspot. Such server applications can be found not only for Windows computers, but also as apps for tablets or smartphones. Some UPnP-AV applications for playing music, pictures, or videos on the home network are also a media server for other UPnP devices - with your files!
If you do not want other hotspot users snooping around in their private photos, the media server should be turned off while surfing on public networks. The same is true for mobile apps that allow the user to easily access network data on the smartphone or tablet. It is important to make sure that these apps are disabled while connected to the public hotspot.
A personal firewall protects your own computer (notebook, netbook) against possible attacks in unsafe networks. The current Windows versions are already equipped with a reliable, very easy to use personal firewall from Vista. If the computer is connected to a new network, such as a free hotspot, the "Select a location for the network
Caution with open hotspots: It could be a trap
No online banking via public hotspots
Create a protected "connection tunnel"
Watch out for Social Engineering attacks
At this point, the Windows personal firewall requires a decision as to whether the selected hotspot is a "home network", a "workplace network", or a "public network". In any case, select the "Public network" setting. With this setting, Windows Firewall already protects your computer against attacks by other users who are also logged on to the hotspot network.
Each serious e-mail provider also offers encrypted access to their mail servers. If you want to use your e-mail client at the open hotspot, you should set it up so that the sending and receiving of e-mails only takes place via an encrypted connection.
Guide: The Best Facebook Alternatives
To do this, the port numbers in the account settings of the e-mail client are replaced by port numbers, which ensure an encrypted connection setup. The mail-out server (SMTP) usually has the unencrypted connection via port 25. Instead, enter the SMTP port 465 or 587 in the e-mail client settings, each of which provides a secure SSL connection when sending e-mails.
When connecting to the incoming e-mail server, many mail providers offer IMAP (port 143) as well as POP3 (port 110). For encrypted e-mail reception, you should set port 995 when retrieving via the POP3 protocol and port 993 for IMAP retrieval.
Note: Some mail providers use different port numbers for encrypted access to the mail server. A glance into the help of the respective mail provider creates certainty. If your e-mail provider does not provide SSL (or TLS) secure mail servers, you should not get your e-mails from public hotspots.
Convenient: Many e-mail providers offer their own apps for e-mail retrieval on the smartphone or tablet. These already provide an encrypted connection automatically after entering the access data. Such providers are, for example, GMX or Web.de.
If you always get in touch with the first free hotspot, you can quickly put a pseudo-hotspot on the glue. Users of official hotspots can avoid this by informing themselves in advance about the exact name of the official hotspot in the cafe, restaurant or beer garden. Many operators also use an encryption for their free hotspots, which you have to ask for as a user.
Guide: The Best Whatsapp Alternatives
Such hotspots are basically safer than the unencrypted version, which could come from any guest in the cafe. Pseudo-hotspots can not be completely excluded. Any official access can override an attacker with correspondingly powerful WLAN hardware by a malicious hotspot with exactly the same name.
Professional data storage with the appropriate equipment should even be possible to manipulate encrypted connections. This includes transfers secured via SSL or VPN. Therefore, you should never conduct online banking or other sensitive transactions on public hotspots.
Even the mere control of your account should be better avoided in the public hotspot. The same applies to any exchange of sensitive data and information. Perform this type of communication only in trustworthy networks. A public hotspot does not count there.
Anyone who wants to surf the Internet wirelessly, without the need for a third party or access data, will forward his data stream over an encrypted VPN tunnel. This requires the installation of a client. This builds an encrypted connection to a VPN server on the Internet and directs all online inquiries. The data are transferred securely to the VPN server on the notebook. It forwards the request to the destination address without encryption.
With Steganos Online Shield 365 from the issue-DVD of the PCgo issue 06/2013 ("Extras to the magazine / software to the magazine") you build a secured VPN tunnel to a VPN server. With the ad-free program, you can transfer up to 500 MBytes of data free of charge over the secure data connection.
This is enough for occasional surfing, web mail, or contact management in Facebook. For the unlimited use of the VPN service, Steganos requires around 60 euros per year. Note on use: Once the tool is activated, all other network connections are blocked except for the VPN tunnel.
What can be overlooked: Dangers of public hotspots do not only lurk in the network. Sometimes, a short glance over your shoulder is enough for the data screen to spy on your just-typed password. This method of the data clause is called social engineering. You should never leave your notebook, tablet or smartphone unattended.
Hotspots are often found in crowded squares, where occasional casual dances are also used. That is why, due to carelessness, many expensive devices regularly disappear with the access data, personal documents, photos, and so on. Also, avoid storing sensitive data on your mobile devices.
No comments:
Post a Comment