Using public networks properly

Old No Comments on Using public networks properly 21

I am going to write about the weak security of untrusted or unknown networks.

What is considered as public network?

Certainly if you use only protocols encrypted by default (like SSH, SMTPS, HTTPS, POP3S, IMAPS, FTPS, etc.), this article does not apply to you completely, but you may still consider some of my recommendations.

What can go wrong?

Using public WiFi networks (or any other untrusted network) has always been a big security concern. Many many things can happen to your traffic without you even noticing it.

First there is the physical layer: unencrypted wireless traffic can be captured and read easily, even without being connected to the network. The situation is not much better on encrypted wireless networks, since it is usually easy to acquire the encryption key. Then it is completely and utterly indifferent how strong the encryption is.

Then we have the network layer: you have to treat these networks like the “big, nasty and evil” internet. A very common way to mess with others is ARP spoofing, performed in the following 3 steps:

  • Determine the IP address of the gateway
  • Get the physical (MAC) address of the gateway
  • Send out fake ARP packages with the IP of the gateway but with the MAC address of the machine the attack is carried out with

Doing so the attacker will receive all the packets that are meant to be sent to the internet. Now it is up to the attacker whether to drop everything or forward the packets to their original destination. So only a tiny slowdown is noticeable.
This is called a Man-in-the-middle (MITM) attack.

Even the network administrator can set up anything on the untrusted gateway. The gateway may collect login credentials or store your whole internet traffic.

Since this is a relatively fast network (in comparison to the internet), brute-force attacks succeed much faster. If your computer is somehow accessible remotely (via SSH, RDP, VNC, FTP, etc.) it is likely to be crackable. Once somebody gains access to your credentials, hell breaks loose: your precious files, valuable memories, confidential business information are at risk.

How to protect yourself?

The easiest thing would be to simply avoid these networks. Delete them all from your phone, laptop etc. and never connect to an untrusted network again. Of course this isn’t the best solution so let’s move on.

If you decide using a public network, make sure to use a good firewall. You don’t want to have any open ports. The Windows firewall automatically strengthens the rules, when you select “Public” after connecting.
Another way is (especially for longer stays, e.g.hotel) to use your own router and create your own subnet with NAT, setting your router to client mode, and enable the built-in firewall. NAT itself is also good for your security.

Tunneling is an even better solution. In my opinion the easiest way would be to establish an SSH tunnel, but it wasn’t designed to handle a heavy traffic.
The most sophisticated solution is VPN. You can use PPTP, which is easy to set up or go for IPSec which offers a better encryption. My personal favorite though is OpenVPN. It is a very stable protocol offering great security and high speeds.

Summary

You always have to be aware of the risks of public networks and be cautious but not paranoic! 🙂

Author

Ujvary Patrick

Former sysadmin in a high school. Student of a technical university. ujvary.patrick@gmail.com

Related Articles

Leave a comment

Back to Top