How to Stay Safe on Public Wi-Fi
Public Wi-Fi like those in coffee shops or hotels, the library is not nearly as safe as you think. Even if they have a password, you are sharing a network with tons of other people, which means you are putting your personal data at risk Here’s how to stay safe when you are out and about.
Just because most wireless routers have a firewall to protect you from the internet does not mean you are protected from others connected to the same network. It is remarkably easy to steal someone’s username and password or see what they are doing just by being on the same network. Don’t take that chance. We are going to show you which settings are the most important ones, as well as how to automatically change your settings to the appropriate level of security every time you connect to a public network
Blast from the past is a weekly feature at Lifehacker in which we revive old, but still relevant, posts for your reading and hacking pleasure. This week, we are reminding everyone of the importance of Wi-Fi security when you are away from home.
First, let’s start by talking about what settings and apps can keep you safe. Make sure these are enabled anytime you are on public Wi-Fi, whether it is password protected or not. If other people you do not know are on the same network, you want to protect yourself.
1. Turn Off Sharing
When you are at home, you may share files, printers, or even allow remote login from other computers on your network. When you are on a public network, you will want to turn these things off, as anyone can access them—they do not even need to be a hacker, and depending on your setup, some of that stuff probably isn’t even password protected. Here’s how to turn off sharing:
In Windows: Open your Control Panel, then browse to Network and the Internet > Network and Sharing Center, then click Choose Change Advanced Sharing Settings. Once here, you should turn off file and printer sharing, and you may as well turn off network discovery and Public folder sharing. Some of this is done automatically by Windows if you specify the network as public (more on this later).
In OS X: Go to System Preferences > Sharing and make sure all the boxes are unchecked.
You will also want to turn off network discovery, which will be in the same place. This will prevent others from even seeing your machine on the network, meaning you are less likely to be targeted. On Windows (as I mentioned), it is just another check box under advanced sharing settings. On OS X, it will be called “stealth mode” and be under your firewall’s advanced settings (see below)
2. Enable Your Firewall
Most OSes come with at least a basic firewall nowadays, and it is a simple step to keeping unwanted local users from poking at your computer. You may already be using a firewall, but just in case, go into your security settings (in Windows under Control Panel > System and Security > Windows Firewall; and on a Mac under System Preferences > Security & Privacy > Firewall) and make sure your firewall is turned on. You can also edit which applications are allowed access by clicking on “Allow a program or feature” in Windows and “advanced” in OS X. Your firewall is not an end-all, be-all protector, but it is always a good idea to make sure it is turned on.
3. Use HTTPS and SSL Whenever Possible
Regular website connections over HTTP exchange lots of plain text over the wireless network you are connected to and someone with the right skills and evil intent can sniff out that traffic very easily. It is not that big of a deal when the text is some search terms you entered at Lifehacker, but it is a problem when it is the password to your email account. Using HTTPS (for visiting websites) or enabling SSL (when using applications that access the internet, such as an email client) encrypts the data passed back and forth between your computer and that web server and keep it away from prying eyes.
Many sites—including Facebook, Gmail, and others—will do it automatically, but keep an eye on the address bar and make sure the “s” in “https” is always there when you’re exchanging sensitive information. If it disappears, you should log out immediately. Other sites will default to HTTP connections, but support HTTPS if you manually type it in.
Note that if the sensitive browsing can wait—especially if it is something very delicate like banking or credit card info—you should just expect to do that sensitive browsing at home. There’s no reason to risk more than you have to.
If you access your email from a desktop client such as Outlook or Apple Mail, You will want to make sure that your accounts are SSL encrypted in their settings. If not, people could not only theoretically read your emails, but also get your usernames, passwords, or anything else they wanted. You will need to make sure your domain supports it, and sometimes the setup might require different settings or ports—it is not just a matter of checking the “use SSL” box—so check your email account’s help page for more details. If it does not support SSL, make sure you quit the application when you’re on a public network.
4. Consider Using a Virtual Private Network
Unfortunately, not all sites offer SSL encryption. Other search engines and email providers may still be vulnerable to people watching your activity, so if you use one of these sites frequently (or just want the extra protection), you may want to try using a VPN, or virtual private network. These services let you route all your activity through a separate secure, private network, thus giving you the security of a private network even though you are on a public one.
You have many choices, and we have rounded up some of the best VPNs here—but if you do not feel like doing the research, we recommend CyberGhost as a dead simple, free option. Install it on your computer, turn it on whenever you are on a public network, and you will be much safer than without it.
5. Turn Wi-Fi Off When You Aren’t Using It
If you want to guarantee your security and you are not actively using the internet, simply turn off your Wi-Fi. This is extremely easy on both Windows and OS X. In Windows, you can just right-click on the wireless icon in the taskbar to turn it off. On a Mac, just click the Wi-Fi icon in the menu bar and select the turn off AirPort option. Again, this is not all that useful if you need the internet, but when you are not actively using it, it is not a bad idea to just turn it off for the time being. The longer you stay connected, the longer people have to notice you are there and start snooping around.
How to Automate Your Public Wi-Fi Security Settings
Obviously, you do not want to have to manually adjust all of these settings every single time you go back and forth between the coffee shop and your secure home network. Luckily, there are a few ways to automate the process, so you automatically get extra protection when connected to a public Wi-Fi network.
When you first connect to any given network on Windows, you’ll be asked whether you’re connecting to a network at your home, work, or if it’s public. Each of these choices will flip the switch on a preset list of settings. The public setting, naturally, will give you the most security. You can customize what each of the presets entails by opening your Control Panel and navigating to Network and Sharing Center > Advanced Sharing Settings. From there, you can turn network discovery, file sharing, public folder sharing, media streaming, and other options on or off for the different profiles.
That’s a good start, but if you want a bit more control, previously mentioned NetSetMan is a great program to customize your network profiles for different networks; you choose your IP address, DNS server, or even run scripts (opening the window for nearly any action) every time you connect to one of your preset networks.
On OS X
OS X does not have these options built-in like Windows, but an app like ControlPlane can do a fair amount of customization. With it, you can turn on your firewall, turn off sharing, connect to a VPN, and a whole lot more, all depending on the network you have connected to.
In Your Browser
The previously mentioned HTTPS Everywhere Firefox extension automatically chooses the secure HTTPS option for a bunch of popular websites, including the New York Times, Twitter, Facebook, Google Search, and others, ensuring secure HTTPS connections to any supported internet site, every time you visit. You can even add your own to their XML config file. Note that as a Firefox extension, this works on Windows, Mac, and Linux.
Consider a “Safety First” Approach
If you are a real road warrior, you may find yourself adding so many profiles that automating your safe settings at every step along the way may seem like much work. While most chains like Starbucks or McDonald’s should have the same names for each of their Wi-Fi networks (and thus your profiles will carry over), a better approach may be to make your more secure settings the default for your system and create just one profile for your home network. Thus, by default, file sharing would be turned off, your firewall would be at its most secure state, and so on—then, when you return home to your protected network, you can have Airport Location or NetSetMan turn your less secure settings on.
This is not all-encompassing by any means but should give you a good quick checklist of things you should do every time you connect to a public network. There are certainly some other things you could do (such as setting up a SOCKS proxy over SSH or installing these extensions), but these steps will take you a long way on the road to security when you are browsing on those public hotspots. Of course, some of you already have your public browsing routines, so be sure to share your safe networking tips in the comments.
Related Post: 20 Methods to Tighten Up Your Security On Public Wi-Fi