It was a valid question and posed a great opportunity for this topic to be continued on our blog.
While we all agree there exists a lot of “insecurity” in the time it takes to connect to a public unsecured WiFi Internet connection and your organization’s VPN, that doesn’t mean all is lost.
Let’s start off by talking through what someone with a sniffer might be able to detect about you or your endpoint once connected to that coffee shop WiFi:
- IP address
- Mac address
- Device/endpoint details
If you do nothing else besides connect to your corporate VPN, the attack vectors are fairly limited. Patch your endpoint, run AV/anti-malware, don’t have admin access on the endpoint, and we can all sleep at night.
The problems arise when you decide to open your favorite social media site, your personal email, etc. that doesn’t use/require HTTPS. Now, your account info, passwords, usernames, etc. are potentially available in clear text. This risk is even higher when you are talking smartphones and mobile apps that have privacy policies that require you to sign your privacy away.
How can we protect ourselves?
Understanding that we don’t all work in our offices at all times and are in need of on-the-go technology and Internet connections, what are some ways we can proactively protect ourselves? Here are my suggestions:
- HTTPS: Make sure the sites you are using utilize HTTPS:// instead of HTTP:// A quick glance at the top of your browser’s URL window can tell you if you are or are not.
- Make sure the sites you use utilize strong versions of HTTPS, which today seems to only include TLS 1.2
- Make sure that once you’ve logged in using HTTPS, the site doesn’t have the rest of your activity occurring over HTTP
- Make sure your email client connects using encryption, not without
- Don’t use the insecure services that we don’t allow in the office: ftp, telnet, etc.
- Make sure the WiFi you are connecting to uses WPA or WPA2, not WEP. Secured WiFi is always better.
If all else fails and you struggle to find a secure WiFi source as you’re on the go, consider purchasing a personal hot spot service such as through your mobile provider, that is password protected.