Introduction
In urban environments, wireless Internet access is
an easy fi nd for anyone with a notebook or handheld
computer that supports the wireless LAN protocol
known as Wi-Fi. The term “hotspot” has become a
part of the public lexicon, referring to a place where
a user can connect to a public Wi-Fi network. There
are more than 150,000 Wi-Fi hotspots worldwide
today. Some of these, namely municipal hotspots,
span entire cities.
In coffee shops, hotels, airport terminals and
libraries, public Wi-Fi hotspots are increasingly
becoming commonplace. Hotspots are
convenient, but there are safety risks that come
with using them. Some are safer than others, and
they should be used cautiously.
Know the risks:
There are a few obvious security risks for the Wi-Fi
public hotspot user:
1. Lack of encryption:
While not offi cially in an
attempt to be both public and easy to use,
many hotspots forgo data encryption protocols
such as WEP (wired equivalent privacy), 802.11i,
or WPA (Wi-Fi Protected Access.) This makes it
especially easy for others to eavesdrop on a
session, and so it’s up to the user to employ
smart security practices. (See basic rules,
below.)
2. The evil twin:
There are a variety of tools that
can be used to eavesdrop on an unsecured
network session. One of the most nefarious of
these has a name to match: the evil twin.
An evil twin is a wireless network signal that
masquerades as a legitimate hotspot for the
purpose of stealing information from the user,
such as a network password or a credit card
number. With a little software and some
ingenuity, a thief can make a device with a
wireless signal look just like an access point to
the unsuspecting computer.
3. Malware:
On the road, a computer can be
subject to viruses, worms, and spyware.
Basic rules for business travelers
who want to use hotspots:
The majority of corporate enterprises use Microsoft
Windows
®
, so this paper assumes a Windows
environment. Windows 2000 and XP are set up
by default to encourage information sharing, and
sharing information is the last thing you want to do
at a public hotspot.
To that end, you’ll want to change the default
settings to secure your employees’ computers.
“IT needs to enforce and assure compliance with
appropriate policies,” says Craig Mathias, principal
analyst at the Farpoint Group, a wireless industry
consultancy in Massachusetts.
That said, it’s a good idea to teach the following
rules to roving employees, so they understand how
to help keep their computers from becoming attack
magnets at hotspots.
1. Turn off ad-hoc networking features.
Default settings in Microsoft Windows allow
a notebook computer running Windows
to look for any available wireless networks
– including peer-to-peer networks. It takes
several steps to undo this, and employees
probably won’t bother to do so. Because you’ll
want to prevent the sharing of corporate
information with strangers in a coffee shop,
you should insist that your employees
disable the ad-hoc networking feature in
Windows before they use a public hotspot.
Here’s how to do it: In the
Network
Connections
menu, click the “Wireless
Network Connection” icon. Click the icon that
says “change the settings of this connection.”
When the Windows Network Connection
Properties window opens, click the tab that
says “Wireless Networks.” In that tab, click
“Advanced.” In the “Advanced” window, click
“Access point (infrastructure) networks
only.”
Voila.
2
WHITE PAPER: A Manager’s Guide To Wireless Hotspots — How To Take Advantage Of Them While Protecting The Security Of Your Corporate Network
This paper discusses the security risks inherent in public Wi-Fi Internet access
and the best ways to mitigate these risks. It also discusses the benefi ts of
hosting a corporate hotspot of your own.
