Risks in the WLAN
Each user can access public WLANs with correspondingly equipped terminals. They automatically obtain an IP address in the sense that they recognize the SSID (service set identifier) of the WLAN, thus putting themselves within range of the access points, and able to access permission onto the WLAN. Data security or protection of participating devices from attacks is not guaranteed by the WLAN operator. Security is limited to monitoring authorized network access in order to eliminate misuse of the server administration. User identification serves solely for the acquisition and the accounting of time online. However, how does it look regarding the protection of sensitive information during data transmission? How can the PC optimally seal itself off from attacks from the WLAN and the Internet? Because the actual security risk on the hotspot originates from having to register with the operator outside the protected area of a VPN, as a rule it has to take place by means of the browser. During this timeframe, the terminal device is unprotected. This stands in opposition to the company’s security policy that prohibits direct surfing on the Internet and that only permits certain protocols.
Basically, VPN mechanisms and data encryption serve to protect confidentiality. The corresponding security standards are IPSec tunneling and AES encryption for data, and X.509 v3 for access protection. Additional security mechanisms, such as certificates in a PKI (public key infrastructure) or onetime password tokens complement/replace the usual user-ID and password. A personal firewall offers the required protective mechanisms against attacks from the Internet and from the public WLAN. Here, stateful packet inspection is critical. If this is not provided, it is not advised to use a hotspot for mobile computing.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.