An endless and ridiculous list of what you need to know in order to safely use public Wi-Fi networks
Hello, Habr! I present to you the translation of the article “The Complete, Endless, Ridiculous List of Everything You Need to Be Safe on Public Wi-Fi” by Patrick F. Wilbur.
Wi-Fi networks, websites, protocols that we use do not provide us with the necessary security online. Therefore, each user must protect himself. Under the cut is a list of basic principles for the safe use of the Internet.
Firstly, in order to be safe using public Wi-Fi, you need to be safe on the Internet in general.
At a minimum you need:
Web browser bugs, TLS / SSL protocol vulnerabilities, Wi-Fi authentication, applications and operating systems must be fixed before connecting to new networks. This means that you should support current versions of operating systems and applications, as well as other devices (routers, printers, etc.), since they can become an attack vector for other devices and accounts.
Before even thinking about connecting to a public network, you should think about how you will protect your computer from attack. You need to be sure that at the moment no unnecessary service with access to the network or file exchanger is launched, and the firewall is installed and configured.
It is also a great idea to remove unused software from a computer and keep on it only the most necessary programs for work.
Another useful practice is to create and maintain an offline list of your accounts so that you do not forget about the information that may be associated with them and periodically check and deactivate unused ones.
Before joining a public network, you should take measures to prevent the interception of application information. For this, a reliable VPN is suitable . It needs to be installed and properly configured so that it starts instantly and does not pass any protocol packets (for example, DNS queries).
The VPN client must be downloaded before connecting to the public network, as there is no guarantee that you can download software via the public Wi-Fi network without malicious code.
Most public Wi-Fi networks use an internal portal ( captive portal ) that contains terms of use or collects information about their users.
Unfortunately, if the VPN captures all the traffic, then you usually need to disable the VPN in order to go through the internal portal and gain access to the Internet. Internal portals can, at a minimum, negate all the benefits of a VPN, not to mention potential tracking if cookies are sent.
Pineapples are routers for malicious actions disguised as ordinary harmless networks.
If the firewall is paired with a VPN, then everything is ok, for pineapple attacks there is practically nothing left. However, as mentioned above, the risk may come from internal portals, as well as VPN configuration leaks.
The sad truth is that not only can intruder networks be disguised as secure, but even intruders can connect to secure public networks.
Approximately 25% of websites are visited without encryption enabled and websites everywhere follow you and your family.
In this case, extensions such as HTTPS Everywhere and Privacy Badger will help . Also, container extensions that isolate sites and their data from each other can effectively block certain online trackers. I would advise using them together when visiting all websites.
If you are in a special risk group (activist, reporter or billionaire), it will be useful for you to use a more serious isolation of potentially dangerous online activities through the use of devices specially designated for them. No measure of virtual containment works as well as physical separation.
Each user has his own threat model determined by various circumstances:
Keep asking yourself: what can I do to reduce threats and live more consciously in terms of security and privacy?
Ask yourself: Do I have any unique circumstances? For example, you are a reporter who needs anonymity, or a wealthy businessman with access to a full bank account. If so, check out these Online Security Tips, Tools, and Guides . To stay safe on public networks, you must always be up to date with the latest recommendations and put them into practice.
At a minimum, use a trusted VPN, two-factor authentication (without SMS messages!) Wherever possible. Install HTTPS Everywhere and install the latest updates on time. Otherwise, you should completely reconsider your attitude to security.
Wi-Fi networks, websites, protocols that we use do not provide us with the necessary security online. Therefore, each user must protect himself. Under the cut is a list of basic principles for the safe use of the Internet.
1. Well-known safety principles
Firstly, in order to be safe using public Wi-Fi, you need to be safe on the Internet in general.
At a minimum you need:
- Use accounts that have not been compromised.
- Use strong passwords with one password per account without repetition.
- Enable two-factor authentication on all resources where possible.
- Do not use two-factor authentication via SMS due to the fact that text messages can be forwarded to the attacker's phone.
2. Install software updates
Web browser bugs, TLS / SSL protocol vulnerabilities, Wi-Fi authentication, applications and operating systems must be fixed before connecting to new networks. This means that you should support current versions of operating systems and applications, as well as other devices (routers, printers, etc.), since they can become an attack vector for other devices and accounts.
3. Attack perimeter analysis
Before even thinking about connecting to a public network, you should think about how you will protect your computer from attack. You need to be sure that at the moment no unnecessary service with access to the network or file exchanger is launched, and the firewall is installed and configured.
It is also a great idea to remove unused software from a computer and keep on it only the most necessary programs for work.
Another useful practice is to create and maintain an offline list of your accounts so that you do not forget about the information that may be associated with them and periodically check and deactivate unused ones.
4. Intrusion Prevention
Before joining a public network, you should take measures to prevent the interception of application information. For this, a reliable VPN is suitable . It needs to be installed and properly configured so that it starts instantly and does not pass any protocol packets (for example, DNS queries).
The VPN client must be downloaded before connecting to the public network, as there is no guarantee that you can download software via the public Wi-Fi network without malicious code.
5. Connect to the correct networks
Most public Wi-Fi networks use an internal portal ( captive portal ) that contains terms of use or collects information about their users.
Unfortunately, if the VPN captures all the traffic, then you usually need to disable the VPN in order to go through the internal portal and gain access to the Internet. Internal portals can, at a minimum, negate all the benefits of a VPN, not to mention potential tracking if cookies are sent.
6. Avoiding pineapple
Pineapples are routers for malicious actions disguised as ordinary harmless networks.
If the firewall is paired with a VPN, then everything is ok, for pineapple attacks there is practically nothing left. However, as mentioned above, the risk may come from internal portals, as well as VPN configuration leaks.
The sad truth is that not only can intruder networks be disguised as secure, but even intruders can connect to secure public networks.
7. Browser extensions for detecting security holes
Approximately 25% of websites are visited without encryption enabled and websites everywhere follow you and your family.
In this case, extensions such as HTTPS Everywhere and Privacy Badger will help . Also, container extensions that isolate sites and their data from each other can effectively block certain online trackers. I would advise using them together when visiting all websites.
If you are in a special risk group (activist, reporter or billionaire), it will be useful for you to use a more serious isolation of potentially dangerous online activities through the use of devices specially designated for them. No measure of virtual containment works as well as physical separation.
8. Understanding and optimizing the threat model
Each user has his own threat model determined by various circumstances:
- Where are your most valuable data?
- Where are you most vulnerable to attack?
- What are your most likely threats?
Keep asking yourself: what can I do to reduce threats and live more consciously in terms of security and privacy?
Ask yourself: Do I have any unique circumstances? For example, you are a reporter who needs anonymity, or a wealthy businessman with access to a full bank account. If so, check out these Online Security Tips, Tools, and Guides . To stay safe on public networks, you must always be up to date with the latest recommendations and put them into practice.
Conclusion
At a minimum, use a trusted VPN, two-factor authentication (without SMS messages!) Wherever possible. Install HTTPS Everywhere and install the latest updates on time. Otherwise, you should completely reconsider your attitude to security.