Mainstream Technologies

MTI Blog

Safe Behavior Advisory For Using Public Wifi

Public wifi is available just about everywhere, but many people do not think about their privacy, fear of identity theft, spying on their activities, or being hacked when they use it. This is especially true of hotel wifi where people will often connect their devices without hesitation.

This advisory is intended to provide a guide for using public wifi.

If you can avoid it, do not connect to public wifi with your devices. This includes hotel and restaurant wifi.

If you do need to use public wifi, please take additional precautions to prevent theft of passwords, personal information, or other data.

If you are connecting Windows or Mac, make sure your local firewall is turned on. For Windows select Control Panel -> System and Security -> Windows Firewall, or press {win}+R and run firewall.cpl. It is best to ALWAYS leave your local firewall turned on.

When browsing the internet over public wifi, be sure you are using https:// and not http://.  Many websites will support both, but may not force you to the https:// secure connection.

When looking at the available wifi SSID’s, often you will see many with similar names such as HotelGuest, HotelGuests, or Hotel_Guest. These can be a form of wifi phishing with alternate SSID’s set up by hackers to get you to connect to their wifi instead of the real one. With public wifi, the password is often provided and the hacker can set his SSID to be the same password as the real one. Thus it is very important to make sure you are connecting to the correct SSID.

Sometimes public wifi is not encrypted and requires no password. You should never use these connections since your network traffic can easily be captured by anyone within range. You can be sure the wifi is secured when it has a lock displayed beside it, and it requires a password or key to connect. But even then most wifi today is protected with WPA2, but a flaw has been discovered in this encryption standard that could allow an attacker to capture your network traffic and decrypt it (reference below). Encrypted is better than not, but it still does not guarantee protection from eavesdropping on your network traffic.

Many cell phones have hot-spot capabilities now. To lower your risk of using a public hot-spot, set up your phone hot-spot so you know there are no other users on that network.

Do not let your devices connect automatically. You should be in control of when your devices connect to public wifi.

When using public wifi, avoid sending personal data. Examples would be buying things online, or paying your bills.

Reference link: https://arstechnica.com/information-technology/2017/10/severe-flaw-in-wpa2-protocol-leaves-wi-fi-traffic-open-to-eavesdropping/

Completely Custom
Software Solutions

Custom Software

Peace of Mind,
Proactive IT Services

Managed Services

Compliance Centric
Hosting and Colocation

Hosting Solutions