Public Wi-Fi is Unsecure–You Secure Your Computer

Last month we wrote an article about Public Wi-Fi being unsecure and focused on the security of your data that is being sent out from your computer.  The other issue in using Public Wi-Fi is unwanted guests coming INTO your computer.

This article reviews ways to keep your computer safe from intruders.

Are the Bad Guys in your RV Park?

The first thing to understand about a Public Wi-Fi hotspot is that it is only accessible by someone in close physical proximity to that Wi-Fi hotspot.  So, if you are connected to a public Wi-Fi hotspot in an RV park, the only danger of intruders is from the other people at the same RV park.  The technology that handles this is called Network Address Translation or NAT for short.  It refers to the router that runs the hotspot.  The router is the only device which is connected to the public Internet, all the computers in the hotspot are connected the router … a private network.  Someone on the outside Internet cannot discover computers on the other side of a router with Network Address Translation.

I guess it’s possible that some bad guys are in your RV park but the odds are very small.  The odds are higher in an airport or coffee shop, but you’re still not at risk to the world.  You know why Willie Sutton robbed banks, right?  Because that’s where the money is!  The same goes for professional computer thieves – their targets are big corporations and banks where they can get thousands of social security numbers or bank account IDs – they don’t have much interest in the contents of travelers’ laptops.

Choose ‘Public’ as Your Network Location

Consider the US Mail as in last month’s article on HTTPS, and imagine that you’re afraid that the mail deliverer will have access to the belongings in your house when she delivers and picks up your mail.  She clearly has access to anything in your mailbox, but she’ll only get in your house if you leave your front door wide open!  The same is true for connecting to a Wi-Fi hotspot.  Anyone else who is connected to the same Wi-Fi hotspot can gain access to anything on your computer that you have set to share on a network – the equivalent of a mailbox.  So don’t share anything!  Lock it down.

It helps to remember a bit of history here, a Wi-Fi hotspot is a network.  Networks were originally developed for the express purpose of sharing files and printers among different computers on the same network.  Networks are still used for sharing files on a Home or a Work network – just not on a Public network like a Wi-Fi hotspot in an RV park or airport.  A public Wi-Fi hotspot is intended to share the Internet connection and nothing more.

Most modern Wi-Fi hotspots will already be configured with an Internet Firewall so that computers on the network cannot see each other.  But you can’t count on that – maybe it’s an older hotspot or it was installed by non-professionals who don’t understand this step.  So, the important thing you need to do is to specify that this is a Public network when you connect to it.  For more detail on this option see the Microsoft article on Choosing a Network Location.  With Windows Vista and Windows 7, the choice is quite clear with the following dialog box – Public Network is the correct choice.

wireless-networks

If you look closely, you’ll see a checkbox at the bottom that reads, “Treat all future networks that I connect to as public, and don’t ask me again.” This would be a good option for travelers who are often connecting to different hotspots.

If you don’t use Windows Vista or Windows 7: See this article for Turn off File and Printer Sharing with Windows XP. On the Mac it is System Preferences/ File Sharing – turn it on when you’re on your home network and off when you’re on a public network. Here’s a Macworld article on securing your Macintosh while traveling.

All Bets are Off if Your Computer is Already Infected

Proper maintenance of your computer is required to keep it clean.  If your computer has a virus or other malware already active when you connect to the Internet, then the security steps discussed in these articles are meaningless.  Your computer will do the bidding of the malware. So, what is proper maintenance?  I’m glad you asked!

  1. Updates for your Operating System (OS):  Windows, Mac OS, Linux, all release updates most every month, sometimes multiple times a month.  These updates patch security holes as soon as they are discovered.  If you have not installed the Updates for your Operating System, then there are holes in your computer’s security that can be exploited by malware (software from the ‘bad guys’.)
  2. Anti-Malware Software: this includes anti-virus and anti-spyware, you must have this installed and running on your computer.  There are many products out there.  Cnet.com is a good source of reviews.  Many of the best options are free – like Microsoft Security Essentials.
  3. Updates for your Anti-Malware Software : just because you installed Anti-Malware software doesn’t mean you’re protected. It needs to be up to date and running properly.  Most software today updates itself automatically and performs the scans automatically as well.  Just be sure yours is doing so.  If you installed it 4 years ago, and it hasn’t been updated, it is doing you no good.  New viruses are born every day.
  4. Firewall: Every computer needs an active firewall, but don’t go too crazy.  The firewall that comes with your computer is fine.  If you buy extra firewalls, you need to learn how to properly configure them.  We’ve seen firewalls configured so tight that the computer’s owner couldn’t use the Internet at all!

Conclusion = 98%

If you follow the guidelines in this article and last month’s article on HTTPS, you will be 98% protected against any unintended use of your data imagetransmissions (outgoing risks) or contents of your computer (incoming risks).  Are there still some risks?  Yes.  Just like securing your home or car – a professional burglar that really wants in will find a way.  I say that’s the 2% risk that I’m willing to take.  What I hope you get out of this article is the understanding that a ‘secure’ connection to the Internet is not the answer.  Your connection to the Internet does not provide your protection.  You do.  Your job is to:

  1. Keep your computer up-to-date and malware-free
  2. Specify Public Network/No Sharing in your network settings
  3. Use valid HTTPS websites

For shorthand, just remember UPS: Updates, Public Network setting (no file sharing), and httpS/Secure website.  If you do that, then you are protected against 98% of the nasties, regardless of how you connect to the Internet.