How to use public Wi-Fi hotspots safely

Consider this: If you or an employee is using free Wi-Fi in some local café, in a matter of seconds a hacker can manipulate your machine into a "man-in-the-middle" scenario, where the device is now a conduit that sends data right to the bad guy.  Once a device is compromised, login credentials (corporate mail server, bank accounts,,, etc.) can be harvested by using SSL Stripping.

Unfortunately, unless trained to detect such intrusions, end users don't notice anything unusual happening on their devices.  To prevent hackers from entering corporate networks via open access hotspots, the following cautionary steps can be taken:

* Use multifactor authentication on VPN connections.  Both Google and Facebook support this.

* When working off-site, use a "no split" connection for VPN access.  This configuration forces all traffic headed to the Internet to go over the VPN and out to the Internet from there.  "No Split" basically means Internet traffic is not split off from the VPN traffic to the office.   This strategy also reduces the possibility of a man-in-the-middle situation.

No-split, however, has an obvious downside: it increases traffic volumes on the corporate Internet connection. For this reason, it should be reserved for use in highly public areas such as airports or when working on sensitive corporate documents. At home, a regular VPN is usually fine especially if users are engaged in a lot of personal Web browsing and not connecting to servers that host confidential information. Obviously it's a practice of balancing risk scenario where the end user needs to consider the environment they are in before deciding to make a VPN connection.

To enforce the use of no-split VPNs, server administrators should ensure that their sensitive servers cannot reach the Internet.  Generally, they are blocked at the Internet router.  Scheduled access can be granted for updates then blocked again once the updates are complete.

* If public Wi-Fi access is necessary, refrain from conducting any financial activities or visiting sites where you need to enter login information. Instead use a cellular connection for bank transactions when it is absolutely necessary.  Pick up a mobile hot spot device from your cellular provider if you need to access protected resources where only public Wi-Fi is available.

Beyond these infrastructure tweaks, here are some additional security tips that bear repeating:

* Use common sense - don't stick USB keys into your computer that you find on the ground.

* Tablets and smart phones controlled by the company should have a lock code, and they should be configured to allow remote wiping.

* When lost or stolen equipment is reported, VPN appliances should be configured to send the IT department notification if device traffic continues.

* Some VPN clients can be configured to auto-connect with "no-split" as soon as the PC is turned on.  This strategy is a second level security step for users who tend to forget about best security practices.

Ongoing analysis will also help expose malicious activity. Administrators should send flows created by VPN connections to a NetFlow/IPFIX analyzer.  Enterprise-level flow collection appliances scour the flows for odd behavior signatures such as:

* Host reputation lookups: Hosts communicating with other hosts with poor Internet reputations

* Observation of TCP flags to uncover various types of network scans

* Comparing current to archived baseline behaviors

* Calculating flow ratios as well as byte/packet counts to unique destinations.

Anomalies carry different weights depending on the severity of the incident.  A host found to be violating one or more algorithm will likely end up with a higher index and ultimately gain the attention of a security professional.  It isn't enough to monitor for threats, we have to assume that threats are always on the corporate network. Since NetFlow can be archived, it's the best forensic tool for investigating anomalies after the event has passed.  No VPN environment should be implemented without the collection of flow data and most major routers and firewalls export NetFlow or IPFIX.

So next time you're enjoying your cup of java and considering connection to a public WiFi, take the cautionary steps to protect your device and data -- your personal and company's assets may depend on it.

Plixer International-- providers of Scrutinizer NetFlow-based network traffic monitoring and threat detection technology -- is a nationally recognized flow technology expert, and a game changer in the world of cyber security, BYOD security, threat detection with flow technology and NetFlow analysis and the author of Unleashing the Power of NetFlow and IPFIX.

Read more about anti-malware in Network World's Anti-malware section.

Join the CSO newsletter!

Error: Please check your email address.

Tags GoogleNetworkingsecurityWi-Fi SecuritywirelessLinkedInanti-malwareFacebook

More about FacebookGoogle

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Michael Patterson, CEO, Plixer International

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place