Sign in with
Sign up | Sign in
Your question

Wi-Fi security issues at free hot spots?

Last response: in Wireless Networking
Share
June 20, 2004 1:59:12 AM

Archived from groups: alt.internet.wireless (More info?)

How can I improve my Wi-Fi security when surfing at free hot spots,
which exist at my local library and also on my local university
campus?

I do have a firewall installed on my laptop and only use HTTPS sites
for credit card, bank, etc info. However my email is HTTP.

any info is appreciated

thanks
Anonymous
a b 8 Security
June 20, 2004 9:30:22 AM

Archived from groups: alt.internet.wireless (More info?)

billpritjr@spamhole.com (Bill) wrote in news:15b4be0.0406192059.6526e559
@posting.google.com:

> How can I improve my Wi-Fi security when surfing at free hot spots,
> which exist at my local library and also on my local university
> campus?
>
> I do have a firewall installed on my laptop and only use HTTPS sites
> for credit card, bank, etc info. However my email is HTTP.
>
> any info is appreciated


It seems that you're doing a lot of *right* things. I have never used a
public hot spot. But if I do, I want to have a *clue*.

The WatchGuard article on HOT Spots and security has helped in my
understanding the security risks.

HTH

Duane :) 

<snip>

Hot Spot or Hot Zone?
Understanding the Hazards of Public WiFi LANs
By David Piscitello, President, Core Competence

Its presence is spreading. Order a cup of coffee, or a burger, then use
WiFi to surf the 'net. Waiting for a delayed flight? Use WiFi to surf the
'net. Relaxing poolside in a luxury hotel when seized by the urge to IM
your buddy? Use WiFi to surf the 'net.

Internet access via a public Wireless LAN, also known as a hotspot, is
available nearly everywhere, and it's easy to access. Most hotspots are
reasonably priced: many are free, or free with other purchase from the
franchising merchant. Some hotspot operators (Boingo, for example) even
provide client software that identifies WiFi signals of locations that
offer their Hotspot services. The catch? WiFi hotspots can be hot zones
for unsuspecting end users and unprotected laptops and handheld devices.

How a Hotspot can become a Hot Zone
A hot zone is a danger area due to biological, chemical, or nuclear
contamination. Areas like Chernobyl and Love Canal became hot zones
because safeguards against contamination were inadequate or non-existent.
A wireless hotspot, too, may offer no or inadequate safeguards to protect
users against:

Viruses and other malware
Denial of service attacks
Attacks against services you run (e.g., Microsoft file sharing, Web, ftp,
Instant and even Short Messaging Services)
ARP poisoning, and
Various hijacking and phishing attacks.
First rule of thumb for safer public WiFi use: treat a hotspot as an
untrusted network. Protect your laptop or handheld from attack by
installing and maintaining antivirus and personal firewall software.
Otherwise, viruses may be transmitted to an open file share over a
hotspot network, maliciously or benignly, and then to you. You also risk
infection if the hotspot operator doesn't prevent station-to-station
connections: certain viruses and blended threats try to propagate using
network and file sharing services.

Personal firewalls are especially important if the WiFi service you use
assigns you a public IP address (as opposed to a private IP address). A
public IP address exposes your laptop to attacks from the Internet at
large, whether you are using WiFi, dialup, cable modem, DSL, or hotel
business center (wired) Ethernet connections. If you were to monitor
activity at hotspots using an Ethereal LAN analyzer, you would see
attempts to connect to file shares on your system, as well as port scans
and OS fingerprinting traffic coming into the wireless LAN from all over
the Internet.

Attacking Hotspots
Public wireless networks heighten the risks of some exploits -- for
example, eavesdropping is quite common at hotspots. An attacker doesn't
need to be associated with a hotspot Access Point to monitor and capture
traffic (it's radio!). By deploying a rogue AP, an attacker can perform
numerous "man in the middle" attacks against a user. "Man in the middle"
refers to a wide range of techniques where an attacker sits invisibly
between two legitimate parties, intercepts their transmissions, and can
passively spy, or actively modify the passing data without the legit
parties realizing it. Classic "man in the middle" attacks include
modifying data (changing "don't authorize" to "authorize"), injection
(changing "pay $10.00" to "pay $10,000.00"), and replay (capturing
passwords or authentication strings from a legitimate sign-on, then
replaying them later to impersonate a valid user). Thus, rule number two
for Hotspot users: use VPN to your workplace, and be certain to use SSL
if you visit e-merchant, e-financial, or other sites where you may access
and transmit sensitive or personal information. Attackers can still see
your sessions, but since your data are encrypted, unless the attacker
intends to target you specifically he will move on to the easier
unencrypted victims.

Denial of Hotspot Service
My partner, Lisa Phifer, and I know of and have seen all sorts of denial
of service attacks specifically designed for WLANs. For example, at the
radio level, an attacker may try to jam a wireless network by injecting
strong interfering radio signals at the network to overwhelm intended
signals (but some countermeasures are possible, as described here). At
the MAC level, attackers try to exploit the IEEE 802.11 medium
arbitration algorithm (DCF) that is intended to prevent stations from
transmitting at the same time. It's also possible to flood or airjack an
access point with 802.11 Associate or Disassociate frames attacks, or
attack an authentication system using a variety of IEEE 802.1x DoS
attacks. Aruba Networks describes these and more DOS attacks here.

Phishing for logins and credit cards
One form of phishing specifically targets unsuspecting WiFi hotspot
users. An attacker finds a location near a hotspot and operates a rogue
AP (with a tool such as AirSNARF) to attract would-be customers of that
hotspot. Anyone who associates with the rogue AP is directed to the
attacker's Web site, which is designed to look like the sign-on or login
portal of the hotspot operator. The duped user then submits access
(account) credentials, personal and credit card information to the Web
forms of the phony login. Attackers can sustain the attack beyond
identity theft by eavesdropping traffic, or resolving DNS queries so that
the user connects to the attacker's servers; for example, he might run
bogus email servers in hopes of obtaining account information. Some
organizations and ISPs support a single user account for mail, telnet,
ftp and other intranet services. With a valid account and (quite
possibly) server domain names in his pocket, the attacker can now attack
the user's organization or an ISP.

It is possible to monitor the Extended Service Set Identification
(ESSID), AP and default gateway MAC addresses of a wireless network. You
can watch for radical signal strength fluctuations to detect a rogue AP.
But this kind of activity is way beyond the typical user. Thus, education
is your best weapon: explain phishing to employees and family members,
show them examples of phishing sites, and list ways they can distinguish
phony sites from the real deals. If your company pays for your hotspot
account, consider using a hotspot roaming service that automates secure
end-to-end authentication so that you don't have to log into the
hotspot's Web portal (e.g., iPass).

Be prepared
Don't be afraid to use hotspots, but do pay attention to security. If you
are already protecting your laptop or handheld with antivirus and
personal firewall software, and use a VPN or SSL for sessions where
sensitive information is exchanged, you have effectively protected
yourself against many threats and exploits. You can't do much about DoS
attacks, so don't worry about them. But do have a back-up access plan if
getting on-line is a business necessity. You can protect yourself against
identity theft by studying the attack and, most of all, paying attention
to what you're clicking on or responding to.

Public wireless access is a wonderful tool, but you must use it wisely.
Next time you sit in a hotspot with your wireless device, keep your guard
up -- and let the wireless Hamburglars move on to the next victim. ##

<snip>
Anonymous
a b 8 Security
June 20, 2004 11:26:59 AM

Archived from groups: alt.internet.wireless (More info?)

billpritjr@spamhole.com (Bill) wrote:
>I do have a firewall installed on my laptop

What's a good firewall that I can load/unload on demand? When I'm on
my home wired LAN, I want the firewall not just turned off, but
completely gone.

Thanks!

--
William Smith
ComputerSmiths Consulting, Inc. www.compusmiths.com
Related resources
Anonymous
a b 8 Security
June 20, 2004 7:56:47 PM

Archived from groups: alt.internet.wireless (More info?)

Many hotspots do not allow the enabling of encryption while other do.
If your hot spot is open, make sure you do not have file & print
sharing enabled. Other than that, you appear to be taking the
necessary steps to mprove security. As for email, I really don't have
any suggestions. Sorry.

On 19 Jun 2004 21:59:12 -0700, billpritjr@spamhole.com (Bill) wrote:

>How can I improve my Wi-Fi security when surfing at free hot spots,
>which exist at my local library and also on my local university
>campus?
>
>I do have a firewall installed on my laptop and only use HTTPS sites
>for credit card, bank, etc info. However my email is HTTP.
>
>any info is appreciated
>
>thanks
Anonymous
a b 8 Security
June 20, 2004 8:23:16 PM

Archived from groups: alt.internet.wireless (More info?)

William wrote:
> What's a good firewall that I can load/unload on demand? When I'm on
> my home wired LAN, I want the firewall not just turned off, but
> completely gone.

I have ZoneLabs. ZoneAlarm is free. I have it configured so that my other
home computers are "trusted". I don't disable it when I am at home, lest I
forget to turn it back on when I go out in public.
I also block most of the nonsense on the corporate network. There is a lot
of virus probing and various other nonsense going on at work.
http://www.zonelabs.com/store/content/company/products/...

This one has an easy mode, and a learning mode. I chose the learning mode,
which is annoying for the first few days as you get things set up, but I
think it results in a fairly tight system.

It does allow itself to be shutdown easily from the systray icon. It
disappears and needs to be restarted from the program menu after that. I
don't know if that's what you mean by "completely gone".

--
---
Clarence A Dold - Hidden Valley (Lake County) CA USA 38.8-122.5
Anonymous
a b 8 Security
June 20, 2004 8:23:17 PM

Archived from groups: alt.internet.wireless (More info?)

dold@Wi-FiXsecu.usenet.us.com wrote:
>William wrote:
>> What's a good firewall that I can load/unload on demand? When I'm on
>> my home wired LAN, I want the firewall not just turned off, but
>> completely gone.
>
>I have ZoneLabs.

I got the latest one, and it seems to do what I want (if I disallow
it's automatic startup). Thanks! I had had all kinds of problems
iwth ZA 2.1.44, but version 5 seems OK.

Thanks again!

--
William Smith
ComputerSmiths Consulting, Inc. www.compusmiths.com
!