[Ham-Computers] RE: How safe are "hot spots"?

Hsu, Aaron (NBC Universal) aaron.hsu at nbcuni.com
Tue Dec 2 15:33:00 EST 2008 

Hotspots are safe *** as long as you practice safe computing ***.  By this I mean:

Basic things:

* Have a good, up-to-date firewall or intrusion detection app running blocking all in-bound network requests not initiated by your PC (and the built-in Windows Firewall does not count).  A good free firewall is Comodo (http://www.comodo.com) - be warned though, it can be intimidating for novices.

* Have a good, up-to-date anti-virus program running.

* Only do "basic" internet tasks such as "surfing" or reading the news.  Don't do any financial transactions (e.g. banking or paying for something).  Read e-mail only if you don't care if someone else might also be able to read it.

* Be sure of the hotspot you're connecting to.  As mentioned, there are some out there that will "spoof" the name of a valid access point so you connect to their system rather than the one you expect.  Luckily, most wireless adapters will connect to the "loudest" access point (much like the FM "capture" effect) - this will require the spoofer to setup their "rogue" access point near the intended target which makes them more visable...something the "rogue" doesn't want to be.

* NEVER connect to a hotspot with the word "Free" in it - these are almost always rogue access points tempting you with the word "Free".

* Be aware of your surroundings.  Make sure there's no one "looking over your shoulder".  If possible, put your back to the wall - remember the story of "Aces & Eights" (the dead man's hand).


More advanced stuff:

* Connect to "Infrastructure" access points only.  Unknown to most, there are two methods of WiFi connections - "Infrastructure" and "Ad-Hoc".  Infrastructure networks are centralized and have one (or more) access points to which all wireless clients connect - all network communication is via an access point and the clients never talk to each other directly.  With "Ad-Hoc" networks, there are no access points and clients talk to each other directly.  All wireless software show a difference between "infrastructre" and "ad-hoc" networks using different icons.  the icon for "Infrastructure" networks often looks like a small access point (router) and "ad-hoc" icons often look like small computers.

* If using the WinXP wireless client, set the "Advanced" setting connect to "Access point (infrastructure) networks only.  This will ensure that the WinXP wireless client won't try to connect to ad-hoc networks.  Also make sure that "Automatically connect to non-preferred networks" is unchecked.  With 3rd-party wireless client software, look for similar functionality.

* Set your wireless client software to "connect on demand" rather than "automatically connect".  By default, wireless clients periodically send out a "ping" looking for previously configured access points.  This "ping" packet contains the name of the access point your computer is looking for.  A hacker can use this info to "spoof" the access point name and make your computer connect to his.  With the built-in WinXP wireless client, this option is under the "connection" tab of the wireless access point properties (where you enter the access point name) - uncheck the "connect when this network is in range" box.  Realize though, you will always need to manually connect to the access point when this option is unchecked.  Other wireless client software will have a similar setting, often in the "advanced" settings area.  Look for "connect on demand" or something similar.

* As Jeff mentioned, if connecting to your home or work network, make sure to use a IPSec based VPN connection (SSL is OK, but not as secure).  Virtual Private Networks are not that easy to setup and require a VPN "end-point" on the "host" network, so most people don't bother.  Most large and some smaller businesses will have VPN connectivity for people to work remotely (from home or on the road).  An alternative is using software to remotely control your home PC with your remote PC - such as with PC Anywhere (PCA) or VNC.  If doing so, make sure to use an encrypted connection - otherwise, anyone else might be able to easily "see" the data between your home PC and your remote PC.  I would also suggest that you don't use the "standard" remote control "ports" (such as 5631 for PCA).  These are commonly "sniffed" ports as they're registered - change the app to use some other port.


There's more, but I'll stop here.  Hotspots can be dangerous, but are very handy as long as you know the caveats.  I've used them, but only for "surfing" and occasional remote control via PCA.


73,

  - Aaron, NN6O


-----Original Message-----
Sent: Wednesday, November 26, 2008 11:45 PM
Subject: [Ham-Computers] How safe are "hot spots"?


Just a quick question here.

Awhile back I was having breakfast with a group of local hams at the Merced
Mall food court.  Two of them had their laptops and was browsing some ham
related sites.  I'm just a little curious about how 'safe' it might be to
use these "hot spots". (I DON'T do banking or have any other financial
information in my machines)  I have to presume that since they're open to
customers of the cafe (or whatever), they probably aren't an encrypted link.

But suppose I was at one, perhaps while traveling and wanted to update my
blog site.  I enter my user ID and password to gain access, what is
likelihood (or possibility) that the person at the next table (or in a back
room) can gain access to my connection's "data stream" and obtain the
password, user name etc while I'm entering it (ditto for mail).  I have to
presume that the machines firewall and virus scanner would protect it, at
least somewhat from access to my drives etc.

While I've never used a hot spot, I'm "security nervous" and the reason that
I ask is because sometime back I completely "lost" two Multiply sites (KO6BB
and KO6BB2), one after the other, (my blog site) when they were "hacked and
deleted".  Multiply customer service said it appeared that they had been
deleted from "outside the system" by somebody with the password (I've since
used a "strong" password on my newest site).  They couldn't (or wouldn't)
restore the site and I had to use a new user ID.  We 'think' we know who did
this as a couple other locals here had their "machines" and websites
"hacked".

73 de Phil,  KO6BB
http://ko6bb1.multiply.com/
http://members.lycos.co.uk/ko6bb/

DX begins at the noise floor!
RADIO/Antennas: Yaesu FT-2000, Two Modified Mini-whips.
Homebrewed 10Hz Filter, Modified MFJ-1040C Pre-Amplifier.
Merced, Central California, 37.3N 120.48W  CM97sh


______________________________________________________________
Ham-Computers mailing list
Home: http://mailman.qth.net/mailman/listinfo/ham-computers
Help: http://mailman.qth.net/mmfaq.html
Post: mailto:Ham-Computers at mailman.qth.net

More information about the Ham-Computers mailing list