TechRepublic Resource Guide

Similar documents
SECURITY ON PUBLIC WI-FI New Zealand. A guide to help you stay safe online while using public Wi-Fi

How to Stay Safe on Public Wi-Fi Networks

Wi-Net Window and Rogue Access Points

Main area: Security Additional areas: Digital Access, Information Literacy, Privacy and Reputation

Accessing CharityMaster data from another location

WHITE PAPER. A Manager s Guide To Wireless Hotspots How To Take Advantage Of Them While Protecting The Security Of Your Corporate Network

Wayward Wi-Fi. How Rogue Hotspots Can Hijack Your Data and Put Your Mobile Devices at Risk

5 IT security hot topics How safe are you?

An introduction to wireless security at home, on the road and on campus. Sherry Callahan and Kyle Crane

Staying Safe on the Internet. Mark Schulman

How to Build a Culture of Security

LESSON 12: WI FI NETWORKS SECURITY

Making life simpler for remote and mobile workers

Quick Heal AntiVirus Pro Advanced. Protects your computer from viruses, malware, and Internet threats.

Complying with RBI Guidelines for Wi-Fi Vulnerabilities

Wireless LAN Security (RM12/2002)

Duo Travel Guide. duo.com

School of Computer Sciences Universiti Sains Malaysia Pulau Pinang

What every attorney should know about E-security Also, ESI

Wireless Network Security

Cyber Security Guidelines for Public Wi-Fi Networks

Best Practices for Keeping Your Home Network Secure

INCOGNITO TOOLKIT: TOOLS, APPS, AND CREATIVE METHODS FOR REMAINING ANONYMOUS, PRIVATE, AND SECURE WHILE COMMUNICATING, PUBLISHING, BUYING,

5 Tips to Fortify your Wireless Network

PMS 138 C Moto Black spine width spine width 100% 100%

Table of Contents. User Guide

Technical Overview of DirectAccess in Windows 7 and Windows Server 2008 R2. Microsoft Windows Family of Operating Systems

Multi-Layered Security Framework for Metro-Scale Wi-Fi Networks

E-companion. Quiz for IT-knowledge

Quick Heal Mobile Security. Anti-Theft Security. Real-Time Protection. Safe Online Banking & Shopping.

Quick Heal Total Security for Android. Anti-Theft Security. Web Security. Backup. Real-Time Protection. Safe Online Banking & Shopping.

By Richard Boire March A Practioner s Viewpoint on Data Mining & Privacy Part 2

Integrated Access Management Solutions. Access Televentures

Quick Heal AntiVirus Pro. Tough on malware, light on your PC.

Wireless MAXg Technology

G/On OS Security Model

Technology in Action

If you have multiple computers in the same place, you may find it convenient

Department of Electrical Engineering and Computer Science MASSACHUSETTS INSTITUTE OF TECHNOLOGY Fall Quiz II

Troubleshooting and Cyber Protection Josh Wheeler

Mobility, Security Concerns, and Avoidance

Comptia.Certkey.SY0-401.v by.SANFORD.362q. Exam Code: SY Exam Name: CompTIA Security+ Certification Exam

تاثیرفناوری اطالعات برسازمان ومدیریت جلسه هشتم و نهم

How do you connect to the Internet (WWW)? Internet connection alternatives:

Cybersecurity For The Small Business & Home User ( Geared toward Windows, but relevant to Apple )

Chapter 16: Advanced Security

Securing the SMB Cloud Generation

The security challenge in a mobile world

5. Execute the attack and obtain unauthorized access to the system.

Data Retrieval Firm Boosts Productivity while Protecting Customer Data

Internet Quick Start Guide. Get the most out of your Midco internet service with these handy instructions.

Laptop computers started as very expensive

SO YOU THINK YOU ARE PROTECTED? THINK AGAIN! NEXT GENERATION ENDPOINT SECURITY

What is a mobile protection product?

Renovating our security management: New ways to protect your infrastructure

Wireless Security. Training materials for wireless trainers

Multilayered technology, machine learning and human expertise working together to provide comprehensive security for all platforms.

FAQ: Privacy, Security, and Data Protection at Libraries

Internet Quick Start Guide. Get the most out of your Midco internet service with these handy instructions.

Quick Heal Mobile Security. Free protection for your Android phone against virus attacks, unwanted calls, and theft.

Multilayered technology, machine learning and human expertise working together to provide comprehensive security for all platforms.

PROTECTING THE ENTERPRISE FROM BLUEBORNE

Top 10 Application Security Vulnerabilities in Web.config Files Part One

Table of Contents. Blog and Personal Web Site Policy

Payment Card Industry (PCI) Data Security Standard

Security Enhancements

Security Using Digital Signatures & Encryption

Critical Infrastructure Protection for the Energy Industries. Building Identity Into the Network

and the Forensic Science CC Spring 2007 Prof. Nehru

The Internet of Things. Steven M. Bellovin November 24,

CompTIA E2C Security+ (2008 Edition) Exam Exam.

RouterCheck Installation and Usage

Frequently Asked Questions

SurfSolo VPN VPN PRIVACY TUNNEL. SurfSolo VPN. User Manual. Version 1.0. User Manual v.1.0 Page 1

Securing Wireless Mobile Devices. Lamaris Davis. East Carolina University 11/15/2013

How to set up your wireless network

CYBERSECURITY RISK LOWERING CHECKLIST

Wireless Fidelity Real Time Security System

Product Overview Version 1.0. May 2018 Silent Circle Silent Circle. All Rights Reserved

Your security on click Jobs

Remote Connection to Your Computers

Top 10 Considerations for Securing Private Clouds

Home Computer and Internet User Security

Information Security in Corporation

Chapter 1 Describing Regulatory Compliance

Access Connections 5.1 for Windows Vista: User Guide

SECURING YOUR BUSINESS INFRASTRUCTURE Today s Security Challenges & What You Can Do About Them

Who We Are! Natalie Timpone

FIREWALL BEST PRACTICES TO BLOCK

A Measurement Companion to the CIS Critical Security Controls (Version 6) October

Value of Windows Telesales Script

Networking is neat stuff: The ability to copy or edit a document that s

Blackjacking. Daniel Hoffman. Security Threats to BlackBerry Devices, PDAs, and Cell Phones in the Enterprise. Wiley Publishing, Inc.

Cyber Security Basics. Presented by Darrel Karbginsky

Wireless Security and Monitoring. Training materials for wireless trainers

Mobile Device Management: A Real Need for the Mobile World

GUIDANCE ON ELECTRONIC VOTING SYSTEM PREPARATION AND SECURITY

USER GUIDE BUSINESS SERIES. Wireless-G VPN Router with RangeBooster. Model: WRV200

EECE 412, GROUP 10 REPORT. Security Analysis on the Malicious Use of Public Wi-Fi (December 2010)

Network Defenses 21 JANUARY KAMI VANIEA 1

Transcription:

TechRepublic Resource Guide Wi-Fi Security for Road Warriors Contents 10 Wi-Fi security tips for road warriors.2 Road warriors have to be creative. Besides their normal work, they are asked to maintain an almost continuous electronic presence while away from their office or home -- and that can mean dealing with unknown and possibly hostile Wi-Fi networks. Michael Kassner offers some simple tips to help mobile workers secure their computers and information no matter where they go. Wi-Fi security for the road warrior; revisited...4 Learn about the differences between perceived and real security issues surrounding the use of puclic Wi-Fi. Wi-Fi security for road warriors: AirDefense style.6 Discover how to effectively monitor applications to ensure security while using public Wi-Fi. Sponsored by: Page 1 of 7

10 Wi-Fi security tips for road warriors Road warriors have to be creative. Besides their normal work, they are asked to maintain an almost continuous electronic presence while away from their office or home -- and that can mean dealing with unknown and possibly hostile Wi-Fi networks. Michael Kassner offers some simple tips to help mobile workers secure their computers and information no matter where they go. Wi-Fi security is a popular topic these days, and the "best approach" is being vigorously debated on many forums, including TechRepublic's. One fact I discerned from reading the various forum posts is that there are many opinions as to what's required to securely associate with unknown and possibly hostile Wi-Fi networks. With this in mind, I'd like to look at Wi-Fi security concerns from the viewpoint of the road warrior. Since road warriors deal with unknown and usually wide-open Wi-Fi environments, a solution that works for them will offer some benefit to everyone. Here are 10 security tips that should allow the road warrior to have a secure encounter of the best kind with unknown Wi-Fi networks. 1. Turn off the Wi-Fi client adapter when you're not using it The reasons for this are twofold. First, it conserves battery life always a concern for road warriors. Second, it's the simplest way to prevent penetration attacks using a procedure named "Microsoft Windows silent ad hoc network advertisement." Basically, the attack takes advantage of the fact that Microsoft Windows Zero Configuration is set by default to allow anonymous ad hoc connections. For more details, check out my blog post "How to prevent automatic association with ad hoc networks." 2. Verify that the SSID actually represents the provider's Wi-Fi network Verifying the SSID will help prevent associating with an evil twin. Evil twin is patterned after the man-in-the-middle attack where a hacker sets up equipment to falsely represent the facility's Wi- Fi network. In elegant simplicity, the user unknowingly associates with the fake network, allowing the hacker to obtain every byte of traffic that is sent or received. 3. Make sure a software firewall is running on your notebook Microsoft Windows XP and Vista already incorporate a firewall, but in both cases, it's inadequate. There are many good freeware firewall applications that are more competent, providing the additional protection a road warrior needs. I use Online-Armor, a somewhat new application that's been getting good reviews. 4. Disable Window's file and printer sharing By default, file and printer sharing is disabled, but many users enable this feature to share printers or files while on a work or home network. Having this feature enabled while on the road is just asking for trouble. It allows unauthorized access to your files by anyone who happens to be on that particular Wi-Fi network. The Microsoft Knowledge Base article "Disable File and Printer Sharing for Additional Security" explains how to determine whether file and printer sharing is enabled and outlines the required steps to disable the feature. 5. Avoid sensitive online transactions when using open Wi-Fi networks This is self-evident, but I felt it important enough to mention. 6. Keep your notebook's operating system up to date Along with your OS, make sure your antivirus, firewall, Web browser, and Wi-Fi client applications are current as well. By doing so, you'll eliminate many attack venues caused by application vulnerabilities. Page 2 of 7

7. Secure any personal, banking, or credit card details Allowing the Web browser to remember personal information is another avenue hackers can use to easily retrieve sensitive material if the notebook is lost or stolen. I've been using Bruce Schneier's Password Safe for many years. It requires you to remember only one access password, which is useful even if you are not a road warrior. 8. Use secure and anonymous Web surfing techniques This is very important if a VPN service is not available or the VPN will not set up correctly. There are various Web services that provide SSL VPN solutions by creating an encrypted tunnel from the notebook to their secure server. This eliminates a whole slew of possible issues. Some of the more preeminent services are Megaproxy and TOR. I use a slightly different approach based on USB flash drive technology. IronKey is a secure USB flash drive with FireFox and TOR technology pre-installed. If Internet access is available, the device automatically configures an SSL tunnel to secure IronKey servers. See "IronKey: Simple, safe, and secure surfing over Wi-Fi" for more details. 9. If required, use VPN technology The problem with the previous tip is that it applies only to Web-based applications. What about e- mail applications, like Outlook? This is where the full-blown VPN comes into play. Most business road warriors use this approach exclusively. The VPN tunnel allows the road warrior to remotely become part of the home or office network. Then, all the normal business applications, file sharing, and Internet access are handled by the company's network. There are many hardware and software VPN applications to choose from. My choice would be OpenVPN. 10. Use remote access applications for security Not having any sensitive data travel over questionable networks to your notebook is a unique solution. This is possible by using a service like LogMeIn, which allows the road warrior to remotely control a home or office computer through an SSL tunnel. Web surfing, e-mail, and other applications are active only on the remote computer. So no data is being transmitted to the road warrior's notebook, unless so desired. Final thoughts Road warriors have to be creative. Besides their normal work, they are asked to maintain an almost continuous electronic presence while away from their office or home. These simple tips can help secure their computers and resident information no matter where they go. Page 3 of 7

Wi-Fi security for the road warrior; revisited Learn about the differences between perceived and real security issues surrounding the use of puclic Wi-Fi. I recently penned a 10 thing post called 10 Wi-Fi security tips for the road warrior and TechRepublic member DonnaKline responded with an excellent observation: The point of varying the level of security required by location might have been stressed more, especially for those of us who are less sophisticated about tech issues. For example, there may be more risk using the wifi in an airport lounge than in an upscale business traveler hotel, which hopefully will be more careful about security issues. I appreciate DonnaKline s candor in pointing out certain ambiguities surrounding perceived versus real security when using public Wi-Fi networks. Let s see if we can clear some of them up. Defining public Wi-Fi To make sure we re all on the same page, let s first define public Wi-Fi networks as those that allow unrestricted access. That s a simplistic definition, but what s typically available at venues like airports, hotels, and hotspots. Since unrestricted access eliminates the ability to encrypt Wi-Fi traffic, it also means there s no real security. Is there more risk at airports? So, is there more risk to using public Wi-Fi access at an airport lounge when compared to an upscale hotel? I would say yes, but not for technical reasons. People who steal information and identities want to do so using the least amount of effort. That means airports, simply because there are more targets of opportunity. I certainly see this whenever I m traveling. At any given airport, it s very easy to capture copious amounts of unencrypted digital traffic. I hope that explanation made sense, but I m concerned that many people share DonnaKline s viewpoint. With that in mind I would like to discuss some high level Wi-Fi security concepts. Theoretically, achieving information security and lowering risk is simple. If the information is undecipherable to everyone except the intended viewer, it s secure. In real life information security is anything but simple. That s why an informed Wi-Fi user is the most powerful security tool available. Three distinct security zones I find it helps to divide the path that digital traffic travels along into distinct security zones. By doing so, attention is focused on the entire connection, not just the initial Wi-Fi portion. To keep it simple, I use the three following zones: Wi-Fi security zone: This zone is the one most people are aware of, as it is first step to gain access to the Internet. Wired security zone: This zone is the in house infrastructure that acts as a go between for the Wi-Fi network and the Internet. Internet security zone: This zone is the conglomeration of linked networks that can traverse significant geographical areas. OK, I should just say the Internet. To many, realizing that all three zones are important for secure transmission of their information is a new concept. The following example clearly points this out. My financial adviser, who is near and dear to me, argues that Internet access at her favorite coffee shop is secure since she has to Page 4 of 7

enter a new WPA passcode each time she visits. Using my security zone concept, we can see that the Wi-Fi security zone is covered, but how secure is my advisor s information as it traverses the wired and Internet security zones? To explain, that particular coffee shop could be capturing customer s personal information as it passes through the wired security zone. I m not saying that it s being done, but it could be. It s also possible for people who steal information and identities to setup capture equipment in the coffee shop without the owner s permission. Now that my financial adviser understands that there are different security zones, it s easier for her to make an informed decision about what security measures to use. Proper tool for the job Good news for road warriors is the availability of security tools that will protect information traveling across all three security zones or any combination thereof. From a security expert s viewpoint, utopia would be everyone using an IPsec VPN (pdf) at all times. Nice, but let s get back to the real world. Security does not come free and it s the user that carries the additional burden created by increased security. Let s continue using my financial adviser in the two following examples, which depict situations where both security and convenience are considered: Highly sensitive traffic: My adviser needs to access the office database from the coffee shop. Since the data is very sensitive, the security tool used should produce the maximum amount of security. That would be some sort of VPN application. So she enables the computer s VPN client, creating a digital tunnel that traverses all three security zones connecting to the VPN server at the office. Once the VPN tunnel is setup, digital traffic is encrypted and sent through the tunnel. If any of this traffic was captured by an attacker it would be complete gibberish and virtually impossible to decipher. That s about as good as it gets and most security experts would be happy. Anonymity and local security: Next, my adviser wants to surf the Internet. Checking out some vacations spots, now that April 15 has past. She d rather not use the VPN, since it s piped through the office s Internet access and may create an unnecessary bottleneck. Only thing, there s this rather odd looking guy using a notebook with a strange antenna attached to it sitting in the next booth. What if he s snooping? Does he know the encryption pass-code? Wait a minute, I convinced her to get an IronKey for safe portable file storage. Luckily, it s configured to connect to a SSL proxy server. Using that to access the Internet, my adviser has the Wi-Fi, wired, and a portion of the Internet security zones covered. No worries about that guy snooping and it s simpler than a VPN connection to use. Final thoughts The two examples are only meant to show what s possible, not to advocate specific devices or methodology. That s unrealistic, since each encountered situation is unique. It is my goal to help enlighten and make it easier for road warriors to determine the best security option for a given situation. I hope that this post and the information in 10 Wi-Fi security tips for the road warrior will be good additions to the road warrior s security tool kit. Page 5 of 7

Wi-Fi security for road warriors: AirDefense style Discover how to effectively monitor applications to ensure security while using public Wi-Fi. For the past few months, I ve been working on an informal series about the trials and tribulations of using public Wi-Fi networks. From the positive responses, it appears that the security tips have been helpful. With TechRepublic road warriors now savvy about Wi-Fi security, I should be happy. Well almost, there s one essential element left to take care of. Everything in the series thus far has been concerned about implementing security. What s still needed is a very alert monitoring application that sits in the background making sure everything is working properly. Road warriors have enough to deal with, so let s put this particular concern in the very capable hands of AirDefense and their free application called AirDefense Personal Lite. How does it work? AirDefense Personal Lite runs on Wi-Fi enabled computers, monitoring for malevolent activity (hacker pen tests), inadvertent wireless activity (ad hoc association), and Wi-Fi device and application misconfiguration (security lapses or noncorporate policies). If Personal Lite detects an anomaly, it immediately notifies the user that something is amiss. The following image depicts an alert notifying the user that encryption is disabled. The application can also be configured to automatically disable the Wi-Fi connection if a certain predefined condition is encountered. This really helps mitigate user-invoked security problems and, even more importantly, attack vectors being explored by hackers. The following image depicts some of the many configuration settings that are available. Page 6 of 7

The myriad of configurable parameters available is not what I would consider normal for freeware but is to be expected from AirDefense. AirDefense Enterprise AirDefense also has an enterprise version that allows integration and is controlled by AirDefense s Personal Central Manager. By using the enterprise version, several additional benefits become apparent: Extends the wireless security perimeter to mobile users: 24 7 protection inside the enterprise and on the road. Ability to define and enforce wireless security policy (corporate or regulatory) on laptops. Detection and enforcement of Windows Zero Configuration Client settings. Final thoughts I use Personal Lite on all my notebooks and recommend it to anyone who uses Wi-Fi. Being able to detect erroneous configurations, malicious threats, and effectively stopping them gives a certain peace of mind that road warriors will appreciate. Page 7 of 7

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback