Exercise Caution when using Public Wireless Access Points
As high-speed wireless networks become more common, unsuspecting users are giving computer hackers effortless access to their wireless-enabled laptops, PDAs, smart phones, and the information on these devices. People who think they are signing onto the Internet through a wireless hotspot (sometimes called “Wi-Fi”) *might actually be connecting to a look-alike network*, created by a malicious user who can steal sensitive information, such as your username and password.
The risk is especially high at coffee shops, hotels, airports and other places with a high turnover of laptop users. Many malicious individuals are setting up laptops to act as wireless access points with legitimate-sounding names such as “Tmobile”, “Free Wireless Access”, “Hilton” etc. Wireless access for your laptop is definitely convenient and easy, but you must take precautions to ensure you do not compromise your login credentials or confidentiality of any sensitive data stored on your device.
Here are some recommended guidelines for use of public wireless access points:
- Turn off your wireless connection when you’re not using it. Most laptops are configured to search for open wireless points and common wireless names, whether or not the user is trying to get online. Instead, connect and disconnect from the Internet manually by clicking the wireless internet icon and either enabling or disabling the connection.
- Don’t use the defaults. Change default names of your network to a unique name and change any default passwords. Too many laptops are configured to join networks named Linksys or D-Link (popular brands of wireless routers) when they are available.
- Don’t connect to other computers. Connect only to infrastructure points, or official access points, rather than peer-to-peer connections, or another user’s computer. Set your network connections to only connect to infrastructure points. This will eliminate the possibility of connecting to another user’s computer with a legitimate-sounding name.
- If possible, avoid banking via untrusted wireless networks. If you must, always go to bank site by entering its address, not via a link in an email. The site for entering username and password should be using Secure Sockets Layer (SSL) – an encryption protocol for protecting data being sent back and forth between your browser and a web site. Those indicators include the small “lock” icon in the bottom right corner of the browser frame and the “s” in the Web address bar (for example, “https”).
- Don’t share your files. Turn off sharing before using a public wireless network. If you must use drive or folder shares, protect them with a strong password (8 characters or more, mixture of letters, numbers, etc). If you have any sensitive data stored on the device, encrypt that data.
- And of course, keep your software up-to-date. Make sure your browser, operating system, antivirus, anti-spyware, and firewalls have the latest patches. For Windows Updates, visit http://update.microsoft.com.
Contact your IT Support group for specific assistance with your wireless device and for secure means of accessing University systems and other protective software and practices.
Posted April 4, 2007