Ask Leo: How to use an open WiFi hotspot safely

askleo

By Leo Notenboom

I’ve returned to the same coffee shop where I was a few months ago when I noticed that my email had been hijacked/hacked. This time, I’m using my phone, but the last time when I noticed the hack, I was using my computer and doing email over an open-internet, free WiFi network.

Do you think that could be the source of the problem or just a

coincidence? I’m still afraid to do email from here.

========================================

It definitely could have been. Unfortunately, it’s hard to say for sure and
it could have been something else unrelated.

As we can’t really diagnose the past, let’s look ahead instead.

It absolutely can be safe to do email from a coffee shop or any other
location that provides unsecured or “open” WiFi. In fact, I do it all the
time.

But you do have to make sure to follow some very important practices to
ensure your safety.

Turn On The Firewall

This is easily and frequently overlooked.

When you’re at home, you may use your router as your firewall and keep the
Windows or other software firewall on your machine disabled as redundant.
That works well, as the router stops network-based attacks before they ever
reach your computer.

Locked Laptop

When you’re on an open WiFi hotspot or connected directly to the internet
via other means, that software firewall isn’t redundant. In fact, it’s
required.

Make sure that the firewall is enabled before connecting to an open WiFi
hotspot. Various network-based threats could be present on an untrusted
connection, and it’s the firewall’s job to protect you from exactly that.

Consider Not Using Free WiFi

As I said, it can be safe to use open WiFi, but it’s also very easy for it
to be unsafe.

The solution that you used while you were at that same coffee shop (and asked me about in this question) is a very common and solid one: use your phone instead.

While it is technically possible, a mobile/cellular network connection is
significantly less likely to be hacked. I use this solution when I
travel.

Most mobile carriers offer one or more of the following options:

  • Use your phone. Many phones or other mobile devices, such
    as iPhones, iPads, Droids, Blackberrys and others, are quite capable email and
    web-surfing devices, and typically do so via the mobile network. (Some can
    also use WiFi, so be certain that you’re using the mobile broadband connection for
    this option to avoid the security issues that we’re discussing.)

  • Tether your phone. Tethering means you connect your phone
    to your computer – usually by a USB cable, but in some cases, via a Bluetooth
    connection – and the phone acts as a modem, providing a mobile broadband
    internet connection.

  • Use a dedicated mobile modem. Occasionally referred to as
    “air cards”, these are USB devices or PCMCIA cards that attach to your
    computer and act as a modem, providing a mobile broadband internet connection,
    much like tethering your phone.

  • Use a mobile hotspot. In lieu of tethering, many phones
    now have the ability to act as a WiFi hotspot themselves. There are also
    dedicated devices, such as the MiFi, that when turned on, are simple dedicated
    hotspots. Either way, the device connects to the mobile broadband network and
    provides a WiFi hotspot accessible to one or more devices within range. When
    used in this manner, these devices are acting as routers and must be
    configured securely, including applying a WPA/WPA2 password so as not to be
    simply another open WiFi hotspot susceptible to hacking.

I travel with a MiFi, and also have a phone capable of acting as a hotspot
as a backup. I find this to be the most flexible option for the way I travel and
use my computer.

Secure Your Desktop Email Program

If you use a desktop email program such as Outlook, Outlook Express,
Windows Mail, Windows Live Mail, Thunderbird or others, make certain that it’s
configured to use SSL/secure connections for sending and downloading
email.

Typically, that means that when you configure the email account in your
email program, you need to:

  • Configure your POP3 server for downloading your email selecting “SSL”,
    “TLS”, or “SSL/TLS” security option, and usually a different port number, such
    as 995 instead of the default 110.

  • Configure your SMTP server for sending email selecting “SSL”, “TLS”, or
    “SSL/TLS” security option, and usually a different port number such as 26,
    465, or 587 instead of the default 25.

Article continued here

This post is excerpted with Leo’s permission from his blog.

FaceBook URL: Leo’s Facebook

Twitter URL: http://twitter.com/askleo

Stop Responding to Threats.
Prevent Them.

Want to get monthly tips & tricks?

Subscribe to our newsletter to get cybersecurity tips & tricks and stay up to date with the constantly evolving world of cybersecurity.

Related Articles