Before logging into any Wi-Fi hotspot, try to check the hotspot's credentials. If WPA/WPA2-protected access is available (e.g., tmobile1x), configure your Wi-Fi client to validate the server's certificate. If you frequent hotspots which use a connection manager (e.g., Boingo), those programs provide server validation on your behalf. Otherwise, eyeball the hotspot login page before entering your password or credit card number. Check for SSL protection (that is, a URL starting with https) and look for browser warnings about the SSL server's certificate. If a hotspot login page triggers browser warnings (or mental alarm bells), don't ignore them.
Once connected to a Wi-Fi hotspot, try to use only mutually-authenticated, end-to-end encrypted sessions. If you're only browsing public websites, you might opt to go skinny-dipping – but keep in mind that the websites you visit could be faked by a phony hotspot which returns a copy of the real deal, modified to contain malicious scripts or phishing URLs. For this reason, it's safer to send all hotspot traffic – sensitive or not – over secure sessions.
For example, when checking email, try to configure your email client to send POP and SMTP over TLS. Today, many email servers support or require TLS to prevent disclosure of email logins, passwords, and message content. Email clients configured to require TLS will validate the email server's certificate and either refuse a session to a phony server or alert you to a problem with the server's certificate. Here again, don't simply ignore email client warnings or make TLS optional.
|Wireless hotspot security|
|Learn how to navigate wireless hot spots securely in this podcast: Wireless hotspot security.|
Finally, combine SSL/TLS or VPN tunneling with a host firewall that prevents unwanted traffic from leaking in or out of your Wi-Fi client. In Wi-Fi hotspots, a common mistake is to leak LAN broadcast traffic – especially NetBIOS file/printer sharing messages. Today, many commercial hotspots block inter-client traffic to neutralize this risk. However, if you've connected to a fake AP or Ad Hoc, you can't depend on the hotspot to protect you. If you take these basic steps to defend yourself, then you won't have to worry about the possibility of encountering a fake hotspot AP.
Dig Deeper on WLAN Security
Related Q&A from Lisa Phifer
Understanding the functions of a wireless access point vs. wireless router will help you deploy the right device for the right circumstance. Continue Reading
Learn the difference between a site-to-site VPN and a remote-access VPN, as well as the protocols used for each one. Continue Reading
Need to send an email, check your flight's status or get ready for a presentation? You can do it all on your smartwatch, thanks to a slew of Apple ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.