An endless and ridiculous list of what you need to know to safely use public Wi-Fi networks
Hi, Habr! I present to you the translation of the article by Patrick F. Wilbur's "Complete, Endless, Ridiculous Wi-Fi" article.
Wi-Fi networks, websites, protocols that we use do not provide us with the necessary security online. Therefore, each user must protect himself. Under the cut list of basic principles for the safe use of the Internet.
Firstly, in order to be safe using public Wi-Fi, you need to be safe on the Internet in general.
At least you need:
')
Web browser bugs, TLS / SSL protocols, Wi-Fi authentication, applications and operating systems must be fixed before connecting to new networks. This means that you should maintain current versions of operating systems and applications, as well as other devices (routers, printers, and so on), since they can become an attack vector for other devices and accounts.
Before you even think about connecting to a public network, you should think about how you will protect your computer from attack. You need to be sure that no unnecessary service with network access or file-exchanger is running at the given moment, and a firewall is installed and configured.
It is also a great idea to remove unused software from your computer and keep on it only the most necessary for the program to work.
Another useful practice is to create and maintain an offline list of your accounts so that you do not forget about information that can be associated with them and periodically check and deactivate unused ones.
Before joining the public network, you should take steps to prevent interception of application information. For this, a reliable VPN will do. It must be installed and properly configured so that it runs instantly and does not pass any protocol packets (for example, DNS queries).
The VPN client must be downloaded before connecting to the public network, since there are no guarantees that you will download software without a malicious code through a public Wi-Fi network.
Most public Wi-Fi networks use an internal portal ( captive portal ), which contains the terms of use or collects information about its users.
Unfortunately, if a VPN captures all traffic, it is usually necessary to disable the VPN in order to go through the internal portal and access the Internet. Internal portals can, at a minimum, negate all the benefits of a VPN, not to mention the potential tracking if cookies are transmitted.
Pineapples are routers for malicious actions disguised as normal innocuous networks.
If the firewall runs on a pair of VPN, then everything is ok, there is almost nothing left for the pineapple attacks. However, as mentioned above, the risk can come from internal portals, as well as VPN configuration leaks.
The sad truth is that not only attackers' networks can be disguised as secure, but even in secure public networks, attackers can be connected.
Approximately 25% of websites are visited without encryption enabled, and websites everywhere monitor you and your family members.
In this case, such extensions as HTTPS Everywhere and Privacy Badger will help. Also, container extensions, isolation sites and their data from each other, can effectively block certain online trackers. I would advise using them together when visiting all websites.
If you are in a particular risk group (activist, reporter or billionaire), it will be helpful for you to use a more serious isolation of potentially dangerous online activities through the use of devices specifically assigned to them. No measure of virtual containment works as well as physical separation.
Each user has his own threat model, determined by various circumstances:
Ask yourself constantly: what can I do to reduce threats and live more consciously in terms of security and privacy?
Ask yourself: Do I have any unique circumstances? For example, you are a reporter who needs anonymity, or a rich businessman with access to a full bank account. If so, check out these online communications security tips and tools . To remain safe in public networks, you must constantly be aware of the latest recommendations and put them into practice.
At a minimum, use trusted VPN, two-factor authentication (no SMS!) Wherever possible. Install HTTPS Everywhere and install the latest updates on time. Otherwise, you should completely reconsider your attitude towards security.
Wi-Fi networks, websites, protocols that we use do not provide us with the necessary security online. Therefore, each user must protect himself. Under the cut list of basic principles for the safe use of the Internet.
1. Well-known safety principles
Firstly, in order to be safe using public Wi-Fi, you need to be safe on the Internet in general.
At least you need:
')
- Use accounts that have not been compromised.
- Use strong passwords, one password for each account without repetition.
- Enable two-factor authentication on all resources where possible.
- Do not use two-factor SMS authentication due to the fact that text messages can be forwarded to the attacker's phone.
2. Install software updates
Web browser bugs, TLS / SSL protocols, Wi-Fi authentication, applications and operating systems must be fixed before connecting to new networks. This means that you should maintain current versions of operating systems and applications, as well as other devices (routers, printers, and so on), since they can become an attack vector for other devices and accounts.
3. Analysis of the perimeter of the attack
Before you even think about connecting to a public network, you should think about how you will protect your computer from attack. You need to be sure that no unnecessary service with network access or file-exchanger is running at the given moment, and a firewall is installed and configured.
It is also a great idea to remove unused software from your computer and keep on it only the most necessary for the program to work.
Another useful practice is to create and maintain an offline list of your accounts so that you do not forget about information that can be associated with them and periodically check and deactivate unused ones.
4. Intrusion Prevention
Before joining the public network, you should take steps to prevent interception of application information. For this, a reliable VPN will do. It must be installed and properly configured so that it runs instantly and does not pass any protocol packets (for example, DNS queries).
The VPN client must be downloaded before connecting to the public network, since there are no guarantees that you will download software without a malicious code through a public Wi-Fi network.
5. Connect to the correct networks.
Most public Wi-Fi networks use an internal portal ( captive portal ), which contains the terms of use or collects information about its users.
Unfortunately, if a VPN captures all traffic, it is usually necessary to disable the VPN in order to go through the internal portal and access the Internet. Internal portals can, at a minimum, negate all the benefits of a VPN, not to mention the potential tracking if cookies are transmitted.
6. Avoiding pineapples
Pineapples are routers for malicious actions disguised as normal innocuous networks.
If the firewall runs on a pair of VPN, then everything is ok, there is almost nothing left for the pineapple attacks. However, as mentioned above, the risk can come from internal portals, as well as VPN configuration leaks.
The sad truth is that not only attackers' networks can be disguised as secure, but even in secure public networks, attackers can be connected.
7. Browser extensions to identify security holes
Approximately 25% of websites are visited without encryption enabled, and websites everywhere monitor you and your family members.
In this case, such extensions as HTTPS Everywhere and Privacy Badger will help. Also, container extensions, isolation sites and their data from each other, can effectively block certain online trackers. I would advise using them together when visiting all websites.
If you are in a particular risk group (activist, reporter or billionaire), it will be helpful for you to use a more serious isolation of potentially dangerous online activities through the use of devices specifically assigned to them. No measure of virtual containment works as well as physical separation.
8. Understanding and optimizing the threat model
Each user has his own threat model, determined by various circumstances:
- Where are your most valuable data?
- Where are you most vulnerable to attack?
- What are your most likely threats?
Ask yourself constantly: what can I do to reduce threats and live more consciously in terms of security and privacy?
Ask yourself: Do I have any unique circumstances? For example, you are a reporter who needs anonymity, or a rich businessman with access to a full bank account. If so, check out these online communications security tips and tools . To remain safe in public networks, you must constantly be aware of the latest recommendations and put them into practice.
Conclusion
At a minimum, use trusted VPN, two-factor authentication (no SMS!) Wherever possible. Install HTTPS Everywhere and install the latest updates on time. Otherwise, you should completely reconsider your attitude towards security.
Source: https://habr.com/ru/post/458244/
All Articles