If disconnecting yourself from your homeward bound workstation translates to a little more external stimulation, be wary that coffee and conversation aren’t the only things that might raise your awareness (or your blood pressure). Meaning that for every leap forward in Internet technology, it seems that computer geeks everywhere are pit against each other in a never-ending struggle to steal or secure data. Of course, the introduction of Wi-Fi wireless technology is no exception.
Apparently, when the little magical electronic blips fly through the air (instead of the wires connected to your house) it’s a lot easier for bad (or really bored) people to see what you’re up to. So if the slightly frightening-looking guy sitting next to you has a funny antenna emanating from out of his trench coat, it might be best to switch to word processing. But the offending invasion probably won’t be so obvious.
The first mistake a user might make is to assume the hot spot you’re in (and the home office somewhere) knows as much about security as they do about brewing coffee. For starters, many do not require any type of registration or password login to access their network.
Nonetheless, you sit down, point your electrons at a wireless access point (WAP) called “Acme-wireless,” which you’ve obviously never heard of. Still, you go forward, it replies, “I’m not evil, enter login information and besides you’re way too complacent to check this out properly.” Acme-wireless could be anything or anyone and now they have all your passwords. Avoiding that scenario starts with some patience and asking how to connect to the cafe’s wi-fi network.
Similarly, someone sitting nearby or in the apartment across the street tries to “evil twin” you. When a user logs in, they have presented two access points (AP) of a wi-fi provider they know. One is nice, the other – well. 50-50 says you’ll choose the wrong one and it will seem as though your attempt to log in was a routine failure. In reality, someone just picked your password pocket and now has access to your computer. In order to prevent this attack, ask if the spot has a wireless intrusion protection system (WIPS) and log into it.
Wi-fi users can also be susceptible to a “man in the middle attack.” A sniffer intercepts information by spoofing the user’s IP address. In fact, the software is easily available and IT departments use them all the time to legitimately gather information on you for marketing purposes. If you see a lock displayed on the lower right-hand corner, feel better knowing that you’ve at least blocked out the second and third-string hacker class. A WIPS login also helps here.
Having a firewall certainly should give you a secure feeling but only in terms of what is on your hard drive. The most important technological precaution you should take is to log onto a virtual private network (VPN), which does the dirty work of encrypting your matrix and turning it to useless gibberish. You may also want to consider using the best wifi extender to allow you to have a greater connection to the Internet so you can easily work on your device.
It may sound a little scary but if working from home actually means the local Starbucks, your employer should have a VPN set up for its employees. If they don’t and like being in business, they should. There are also virtual public networks you can access.
Protection also comes in less sophisticated manners. You should make sure the website your clicking into is authentic. The site might look as it should but the web address won’t if it’s an impostor. If you’ve clicked in, click out quickly before any damage is done.
Many users make the mistake of entering the same password for all the sites they enter. The solution to leaving them all open to an attack is obvious. In addition, do not allow your computer to automatically log on to the wireless network.
Finally, the best protection you can probably employ is common sense. If you can wait until you get home to forward tomorrow’s nuclear launch codes, then do so. Same goes for entering important personal and financial information like Credit Card numbers and your mother’s maiden name.
Other interesting acronyms that space and time do not afford me – IPsec, SSL, SSID, WEP, PPTP. Enjoy.