October 17, 2008

Trick or Treat: What lurks beneath a Public Access Point?

They are everywhere from Airports to Starbucks, at every corner, users have access to complementary
free internet. But have you ever wondered what lurks beneath those innocent hotspots?
Companies spend thousands on security every year, fortifying the corporate network
against a variety of security threats. However what happens when company laptops leave
the snugness of the corporate network and connect to free public hotspots?

So
if it’s risky, why do we use them?

With
globalization at its peak, employees sometimes are forced travel on behalf of organization.
Most likely these employees bring along their laptops so they can be productive while
they are away. And because “Free” wireless internet can be found almost in every corner,
employees probably take advantage of these opportunities to read the latest news,
check corporate email, log in to the company’s VPN
or simply check online agendas. Many employees think that these free internet connections
are as secure as their corporate networks, causing them to ignore basic security measures,
making them vulnerable to a series of security threats.

What
are the risks?

Generally
public hotspots lack any sort of security measures or mechanisms, making it possible
for other people using the same wireless connection to intercept sensitive information
sent across the Internet. There is a broad range of existing security threats which
can be lurking under these hotspots, such as:

  • Sensitive
    information that is not encrypted, or that is encrypted with poor cryptographic algorithms,
    which are transmitted between two wireless devices may be intercepted and disclosed.
  • Attackers
    may capture employee’s usernames and passwords, and later on using it to gain access
    to the corporate network.
  • Attackers
    may deploy unauthorized wireless equipment, also known as “Evil Twins” to lure laptop
    users to use their “Spoofed access point”, capturing users every move.
  • Attackers
    may alter the access point’s DNS, causing it to relay to name resolution requests
    to cache poisoned DNS server, providing users spoofed websites full of key logging
    applications.
  • Sensitive
    corporate data may be extracted without detection from improperly configured devices.
  • Attackers
    may, through wireless connections, exploit a VPN split tunneling connection, connecting
    to organizations with the purposes of launching attacks and or stealing sensitive
    corporate information.

How
to protect yourself?

There
are a few things one can do to minimize their risk and exposure on public hotspots.
The main thing to keep in mind is that security is not a product or software, but
yes a process.

  • Before
    connecting to any public network, look around and locate a sign that advertises the
    network you are connecting to and verify that the network name is the same as the
    advertised connection.
  • Disable
    your wireless card if you’re not planning to connect to the Web or another machine.
    It will protect you from intrusion and save your battery life.
  • Beware
    of the information you share in public locations. Even innocent logins to Web-mail
    accounts could give hackers access to sensitive information, since most people utilize
    the same password for almost all online activities.
  • Utilize
    a VPN whenever possible to encrypt your data, and stronger tools if you need to conduct
    secure transactions.
  • Turn
    off your laptop’s shared folders. If you join a compromised access point, a hacker
    could easily load spyware agent to follow you even after you leave the public location.
  • Make
    sure your laptop is properly patched with the latest security and OS patches. Use
    security mechanisms such as disk encryption, firewalls and any sort of IPS or IDS
    system.
  • Set
    up email forwarding to a disposable address that you only access using public hotspots.
    That way, even if an attacker gets access to that email account, he or she can’t access
    the primary account.

For more
information on wireless security visit: http://www.sans.org/reading_room/whitepapers/wireless/1629.php