Before logging into any Wi-Fi hotspot, try to check the hotspot's credentials. If WPA/WPA2-protected access is available (e.g., tmobile1x), configure your Wi-Fi client to validate the server's certificate. If you frequent hotspots which use a connection manager (e.g., Boingo), those programs provide server validation on your behalf. Otherwise, eyeball the hotspot login page before entering your password or credit card number. Check for SSL protection (that is, a URL starting with https) and look for browser warnings about the SSL server's certificate. If a hotspot login page triggers browser warnings (or mental alarm bells), don't ignore them.
Once connected to a Wi-Fi hotspot, try to use only mutually-authenticated, end-to-end encrypted sessions. If you're only browsing public websites, you might opt to go skinny-dipping – but keep in mind that the websites you visit could be faked by a phony hotspot which returns a copy of the real deal, modified to contain malicious scripts or phishing URLs. For this reason, it's safer to send all hotspot traffic – sensitive or not – over secure sessions.
For example, when checking email, try to configure your email client to send POP and SMTP over TLS. Today, many email servers support or require TLS to prevent disclosure of email logins, passwords, and message content. Email clients configured to require TLS will validate the email server's certificate and either refuse a session to a phony server or alert you to a problem with the server's certificate. Here again, don't simply ignore email client warnings or make TLS optional.
|Wireless hotspot security|
|Learn how to navigate wireless hot spots securely in this podcast: Wireless hotspot security.|
Finally, combine SSL/TLS or VPN tunneling with a host firewall that prevents unwanted traffic from leaking in or out of your Wi-Fi client. In Wi-Fi hotspots, a common mistake is to leak LAN broadcast traffic – especially NetBIOS file/printer sharing messages. Today, many commercial hotspots block inter-client traffic to neutralize this risk. However, if you've connected to a fake AP or Ad Hoc, you can't depend on the hotspot to protect you. If you take these basic steps to defend yourself, then you won't have to worry about the possibility of encountering a fake hotspot AP.
Related Q&A from Lisa Phifer, Wireless Networking Expert
Wireless expert Lisa A. Phifer explains to what extent WEP cracking remains a worrisome issue. It all depends on your company's WLAN security policy.continue reading
Wireless expert, Lisa Phifer explains that it may not be worth enhancing Wi-Fi ad hoc mode since Wi-Fi Direct is a better alternative for enabling ...continue reading
Wireless expert Lisa Phifer responds to a question regarding a Mi-Fi and Android smartphone mobile hotspot comparison. She provides an in depth ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.