Re: How safe / unsafe is Free Open WiFi?

[Brent Huston <lbhlists () gmail com>]

I would say there are several risk that come with open/free wi-fi.

I would break the risks down into two categories: risks against the  
user's system and risks against the network transactions.

You manage the risks to the user's systems using tools like firewalls,  
HoneyPoint:Network Trust Agent (our product), current anti-virus and  
malware tools and ensuring that the system is secure from an overall  
standpoint (everything from laptop locks to current patches and from  
proper passwords to drive encryption). This is similar to any other  
network exposure, except that you should treat any free wi-fi as if  
you were plugging directly into the PUBLIC Internet without any type  
of controls in place (you don't know what is/might be there).

Risks against the network transactions are managed through the  
awareness (don't do private stuff without a VPN connection or the  
like), proper browser and other client security (everything from  
proper SSL settings and trusts to cookie ACLs and the like) and  
through controls like VPN, etc.

As a corporate policy, most clients forbid any business related  
activity without a VPN connection back to the "mothership". Many of  
our clients only allow basic web browsing from free wi-fi and nothing  
else. In addition, many of our clients have tools in place to ensure  
that typical users can not install software, operate their firewall at  
all times, have proper passwords and up-to-date malware defenses.

Hopefully that answers your questions, at least to a basic level. To  
go deeper, I would suggest you perform some basic risk assessment  
techniques that brings into play the type of data that you would like  
to protect, the security posture of your typical laptop/PDA user and  
the threat models you see as the primary risks to your organization.

If you want to explore deeper, just ask!

---
Brent Huston, CHS-III
Security Evangelist & CEO
http://www.microsolved.com
Assessments, Application/Device Security & HoneyPoint

On Mar 10, 2008, at 1:52 PM, BlogPatrol.com wrote:

> Hi,
>
> I have what is probably a rather basic question:  Just how safe are  
> free, or open, WiFi networks that you find in Internet cafes,  
> Hotels, Airports, etc?  My personal opinion is that there are very  
> unsafe, but I do not have the technical expertise to explain to my  
> colleages why they are unsafe.
>
> Can anyone provide a summary, or a link to an article that provides  
> a summary, of why a laptop or PDA user should avoid using free and  
> open WiFi networks?
>
> Regards,
> Tony Nguyen
>
> Tony Nguyen, President
> BlogPatrol.com, Inc.
> support () blogpatrol com | http://www.blogpatrol.com | http://thepatrolblog.blogspot.com