Catch Of The Week: Public Wi-Fi Where The Wild Things Are

By BECKY RUTHERFORD
Los Alamos

Telework has increasingly become the new normal, as we have all adjusted to pandemic life. You can work from your bedroom, kitchen, or maybe take it on the road and work from Starbucks or any other public location. But … should you? Public Wi-Fi can be dangerous; think twice before using it for work or any additional sensitive information, and take precautions to secure your data.

LAST WEEK, the NSA (National Security Agency) released an announcement about the dangers of public Wi-Fi, particularly to teleworkers: link.

It’s important to remember that data sent over public Wi-Fi, especially open public Wi-Fi that doesn’t require a password for access— can be stolen or manipulated by an adversary. Even if a public Wi-Fi network needs a password to connect, you have no guarantee that the data being sent over that network is encrypted.

If the data isn’t encrypted in transit, it’s much easier for a threat actor on the network to steal your data. It’s also possible a network is just poorly configured and that a threat actor could convince the network to use insecure protocols or steal the network PSK (pre-shared key) and use this to access your data.

Another Wi-Fi vulnerability is known as the “evil twin” network, where a threat actor can set up malicious access points, a wireless network access point that mimics an official one. So if a wireless network at Starbucks is “Starbucks Wi-Fi Official,” a threat actor might set up another access point and call it “Starbucks Super-Fast Wi-Fi.” Suppose they can trick users into connecting to this bad access point. In that case, they can use this to access users’ devices and potentially redirect websites, inject malicious proxies, and eavesdrop on network traffic. Any data sent over this compromised network can easily be stolen.

The NSA recommends if you have to use a public Wi-Fi network, you either use a corporate or personal VPN (Virtual Private Network). What is a VPN, and how does it work? You install VPN software on your device, enabling you to take a private network and extend it over a public network. The VPN allows users to send and receive data as if sending it over that private network rather than the public one. VPN providers include NordVPN, PulseSecure, ExpressVPN, PureVPN, and many others. You can research VPN providers online and determine the best one for your needs in your price range.

How does a VPN work?

  • When you connect to any virtual private network service, it authenticates your device to a VPN server.
  • This server applies an encryption protocol to all data you send and receive.
  • The VPN service will create an encrypted “tunnel” over the internet. This “tunnel” secures data traveling between you and your destination.
  • To be sure every data packet stays secure; the VPN wraps it in an outer packet, which is then encrypted. This is the key element of the VPN tunnel and keeps your data safe during transfer.
  • When the data arrives at the server, the outer packet is removed through a decryption process.

For a simple, minute and a half explanation, check out PC Magazine’s video on YouTube that explains how a VPN works … with Legos: link.

If you connect to a public Wi-Fi network for work or other sensitive reasons, make sure you use a VPN provider, corporate or personal. VPN usage is the best way to protect your data when you are forced to connect to a public, unsecured network.

Editor’s note: Becky Rutherford works in information technology at Los Alamos National Laboratory.

Search
LOS ALAMOS

ladailypost.com website support locally by OviNuppi Systems