Lately, when im trying to use wireless in my apartment (provide by UiTM Kampus Bandaraya Melaka), I had been required to put in my IC my matriculation number. I wonder how safe it is and what can happen if other person steal any data from this small information. So it lead me to seek for further information.
Most of students here had laptop and it is become necessities for them. And to get online, we all are taking advantage of wireless (Wi-Fi) networks anywhere when available. There is opportunity to go online even while we are eating at ‘Mamak’ stall.
While offering convenience and flexibility, Wi-Fi networks are also easy entry points for crooks looking to steal your money, account information and identity.
Fortunately, you don't need to avoid hot spots to avoid wireless intruders. Start by taking just a few simple steps to harden your station's defenses.
1. Disable Sharing: File and printer sharing may be common in business and home networks, but should be avoided in public networks where strangers can easily browse, read, and perhaps even write to exposed shares. To prevent this on Windows hosts, open your wireless connection's Properties panel and make sure that "Client for Microsoft Networks" and "File and Printer Sharing for Microsoft Networks" are both unchecked.
2. Firewall Your Laptop: By default, Windows hosts listen to many TCP and UDP ports, and each open port represents a potential attack vector. If you're a Windows XP user, close those holes by enabling the firewall built into Service Pack 2, making sure that no exceptions are defined for your wireless connection. If you run another operating system, install a third-party personal firewall. Individuals can download free firewall programs from ZoneAlarm, Comodo, or Kerio. Larger companies should consider centrally-managed desktop firewalls like Symantec Sygate Enterprise Protection or InfoExpress CyberArmor Personal Firewall.
3. Control Your Connection: Many wireless client programs -- including the XP Wireless Zero Config service -- automatically connect to any available wireless Access Point (AP) or Ad Hoc peer. This can be handy at the office, but it is simply bad practice in public networks. To regain control, configure your wireless client to associate ONLY at your request. For example, use the XP Wireless Networks panel Advanced button to uncheck "Automatically connect to non-preferred networks" and check "Access point (infrastructure) networks only." If using SP2, configure every "Preferred Network" to disable auto-connection. Finally, disable those connections when not in use!
These simple steps are a good start, but more is required to prevent eavesdropping on wireless data and man-in-the-middle attacks.
1. Secure Your Login: Many commercial hot spots use SSL to encrypt the subscriber login process: entering a username/password, passcode, or credit card number on a web page. But when was the last time that you checked to see whether your login was really encrypted? At minimum, use your browser to verify that SSL is enabled before you log in. Never log into a hot spot portal that presents an invalid certificate, or asks for a login without encryption. Larger companies may want to consider securing authentication end-to-end using a roaming client like iPass or Fiberlink.
2. Secure Your Data: Operators usually encrypt logins, but encrypting data is an entirely different matter. T-Mobile and iBAHN support WPA data encryption in US hot spots. Everywhere else, you're on your own to prevent eavesdropping. Corporate users running IPsec or SSL VPN clients should create "connection manager" rules that ensure the VPN is up whenever wireless is active. Those who use secure applications like web mail should be careful about leaking other data.
3. Avoid Evil Twins: Look-alike "Evil Twin" APs can trick hot spot users into connecting with them instead of legitimate APs. They can then launch man-in-the-middle attacks like presenting phony web pages or intercepting SSL or SSH sessions. Using a WPA-capable hot spot can help you avoid connecting to an Evil Twin by letting you verify the 802.1X Authentication Server's certificate. T-Mobile's Connection Manager checks that certificate automatically. When using another client, be sure to enable certificate verification.
From the information, I hope student or even traveller could exercised it in order to stay safe your online wi-fi networks. Lets do this! =)
No comments:
Post a Comment