Network Security guide for the home or small business network – Part 19 – What about when you’re not on your home network?
When you’re not at your home network is probably one of those times you should be more on your guard. Wireless access points are very common and a greatly useful thing, but there are some steps you should take to protect yourself, your pc and the data stored there. First it’s worth having a personal firewall for just this type of situation. You obviously can’t make use of a second hardware firewall when hooking up to a wireless LAN. (Although I would think that a small “wireless bridge” adapter of a wireless device to a wired ethernet port MIGHT be able to serve that function. It depends on how it’s implemented.)
Of course, their network may be protected by a firewall from the internet, but you don’t KNOW their network or who else is on it. A personal firewall is a must for this circumstance. The next thing is this… be more cautious about ways of communicating that use plain text. Anything sent plain text between you and the “destination” can be read as plain text anywhere along the way. Packet sniffers in the wireless network could read everything. So… make sure (this goes for your home network to BTW) everything possible is using encrypted connections if it has to do with passing username/password information or credit card information/etc.
Once upon a time to https:// in the site name was a good indication of a “secure” site, one that supported end to end encryption. Now the “pad lock” icon is a similar indicator. Unfortunately many banks embed that within a non-secure page such that it’s hard to tell by that simple test. Many sites now will go through a secure encrypted mode (usually a tad slower) if you replace http:// with https:// in the address. (Gmail is supposedly one of these for secure webmail login.) If you have to connect to a home network, use some sort of encrypted tunnel like a ssh connection or a VPN connection. That will make it VERY difficult for anyone to eavesdrop.
Think about physical security as well in public. Can someone peek over your shoulders to see your credit card number (or pin number)… can they overhear you on a phone pass along information like that. Are usernames and passwords easily seen/observed? As always try to think like someone would who’s trying to get at information. Be skeptical and observant.