Symantec.com > Norton > Products & Services > Article Library > Wi-fi Security for the Public Hotspot
 

Norton Article Library

Wi-fi Security for the Public Hotspot

January 2, 2006
Summary Hotspots are getting more popular but security is sorely lacking. Public hotspots are a virtual playground for beginning hackers and a gold mine for sophisticated veterans.

Introduction

A public hotspot is a wireless network set up for shared Internet access. The hotspot host buys a wireless access point, connects that device to the Internet, and broadcasts its signal within a public place. Anyone with a wireless card within range of the host's access point can access its network and use the Internet.

Most proprietors make it quick and easy to use their hotspots. In order to minimize login requirements and avoid encryption compatibility issues, they disable much of the security built into their wireless devices. This is a notable tradeoff. Without encryption, your plain text data passes unprotected through the air.

Hacker’s delight

  • Packet sniffers. These programs allow the interception of wireless transmissions via data packets. Packets are the form in which data is organized and sent across networks. If the packets are unencrypted, someone with a packet sniffer can see the information as plain text.

  • Tools. Even "secure" hotspots can leave you exposed. Tools for decoding encrypted wireless communications are easily found and allow hackers to crack encryption keys.

  • No guarantee. Given their wide open nature, there's no way to guarantee privacy on public hotspots. Everything is potentially available for everyone else to see.

Wi-phishing, or the Evil Twin

As with ordinary phishing, wi-phishing puts your identity in danger. Wi-phishing, or The Evil Twin, is a process in which individuals spoof wireless networks to deceive users into divulging confidential information.

Here's how. Your coffee shop uses a wireless service provider that charges a connection fee. To connect, you must provide a credit card number and certain personal information. In a wi-phishing scam, someone pre-empts the hotspot's wireless signal with one of his own, spoofs the legitimate network name, and replaces the sign-up page with a look-alike. You end up supplying your information to the spoofer, not the hotspot provider. Once you're on the spoofed hotspot, you may be redirected to other fraudulent pages.

Security Tips

  • Turn off your wireless card when not in use.
  • Change your network configuration to manually select each wireless network it joins.
  • Turn off file sharing while at a hotspot. If you have highly sensitive or personal data, consider storing it elsewhere.
  • Limit email and IM to casual communication. If you use IM or email at hotspots, never send anything that should not be made public. Consider setting up an extra Web-based email account for hotspots.
  • Don't surf Web sites you wouldn't want a stranger to know about.
  • Avoid banking or trading online from a public hotspot.
  • Be sure that you're logging into a legitimate hotspot network. Check with the provider to confirm the network name and login page appearance.
  • Use strong personal firewall and virus protection to protect your laptop and data. We recommend using Norton Antivirus and Norton Internet Security to protect your data from hackers, viruses, spyware, and spam.

Conclusion

The bottom line: Save all your private communications and transactions for a more secure environment and treat public hotspots like the transparent environment they really are.

Related Links

Related Articles