The Full Guide to Securing Your Data Over Wi-Fi

98% of Americans1 are connected to high-speed wireless internet. At home or in public, with numbers like that it’s clear that Wi-Fi security is essential now more than ever.

When it comes to casual internet browsing, that figure may not be too shocking. Wireless internet allows us to communicate and surf the web on the go. Wired connections, while still great for streaming services and desktop computers, are becoming obsolete.

But if Wi-Fi is the chosen platform for internet use, then it stands to reason that cybercriminals will attempt to exploit it for their own gain.

How much profit, you ask?

Cybercrime is a lucrative illegal enterprise, robbing the world of more than $600 billion in 2017 alone2.

This is not a hypothetical threat. Cybercriminals are already targeting us via Wi-Fi connections, both through public networks and in our own homes and offices.

If you think that’s sensationalist nonsense, you may want to keep reading and talk to us again in a few thousand words.

Common Wi-Fi Attacks

It’s important to know who your enemy is in any conflict.

When it comes to Wi-Fi security, we’re trying to ward off the unwanted advancements of malicious cybercriminals. While we don’t know exactly who they are until they’re caught, we do know some of the most popular methods that they use to attack a wireless network.

Here they are.

Accidental Association

This security breach occurs when a computer latches onto the wireless access point of a neighboring network. While there is nothing malicious about this, it is still considered a breach. Your information is exposed at that moment and whoever is managing that other network could access your data.

Such situations are especially problematic for businesses within a crowded office park. Imagine that you’ve unwittingly disclosed proprietary secrets to a competitor — not a great day at the office.

This is commonly called mis-association, which can be accidental or deliberate.

Malicious Association

This is where things get more nefarious.

Malicious Association occurs when hackers trick a person into accessing the wrong Wi-Fi network. You might think you’re connecting to your place of business, but you’re really linked up to a soft access point, set up on a cyber criminal’s laptop.

A soft AP is created by software that makes a maliciously used wireless network card look like a legitimate access point.

Once inside, the hacker can steal information like passwords and financial data, or plant malicious software like Trojan viruses on your system.

Ad Hoc Networks

These are peer-to-peer network connections that operate between wireless computers with no access point.

Unfortunately, Ad hoc networks build a potentially problematic bridge onto other networks. If you’re connected to an Ad hoc network and your own wired or wireless network at the same time, you’re giving other people the opportunity to access your personal system, where they could take a ton of information.

Non-Traditional Network

If you use a Bluetooth Wi-Fi network, a handheld PDA, or a barcode reader, make sure that they’re secured. Even an unsecured wireless printer can create an access point for hackers.

MAC Spoofing

MAC spoofing is a form of network identity theft.

A hacker listens in on network traffic and copies the MAC address of a machine that has network privileges. This can be devastating to small residential systems.

Man-in-the-Middle Attacks

These attacks lure unsuspecting users to log into a soft AP set up on a computer. The hacker then connects to a real access point using a different wireless card, effectively funneling all of the information through their system before moving it along to the second network.

Denial of Service Attacks

A hacker bombards a specific access point with failure messages, fake requests, and premature successful connection messages to cause the network to crash.

User data is not under a huge threat here. This is more about wounding the network itself than the people using it. But the hacker typically watches the recovery process, recording all of the initial handshake codes as they are re-transmitted by all connected devices. It will allow the hacker to gain access to the system at a later time.

Avoid The Dangers of Public Wi-Fi

Public Wi-Fi networks are the absolute worst.

With little to no security, these seemingly convenient “hot spots” are the preferred hunting ground of hackers around the world.

It’s one thing to sit here and give statistics about what could happen if cybercriminals started targeting us through our Wi-Fi networks. It’s another thing altogether to talk about what already has happened.

While some public networks are completely unsecured, even those that require some form of login are a threat to your security. Many ask for your email address, phone number, or social media login credentials. It’s difficult to assess whether this information will be well protected, and this also opens you up to unwanted email newsletter spam, which can be frustrating to say the least.

Free public Wi-Fis might be attractive and easy to connect to, but they are like modern spider webs for your personal information and internet activity.
A hacker can sniff your browsing data, passwords, financial info, and basically everything you do online. Identity thefts and cybercrimes like these happen daily. But they can be avoided with better security habits. Start small: using a VPN for Wi-Fi is one click away.

Tudor Fulga, Head of Infrastructure, CyberGhost VPN

How easy is it to hack into a public Wi-Fi network?

Let me put it this way: it took a seven-year-old child under 11 minutes3.

The child in question, Betsy Davis, took part in an ethical hacking demo overseen by security experts. She was tasked with hacking into a public Wi-Fi network using basic web searches.

She found 11 million results on Google and 14,000 YouTube video tutorials on the subject. The child set up a rogue access point to unleash a Man-in-the-Middle attack, which allowed her to steal information from other computers on the network.

10 min 54 sec

The exact time it took for this second grader to hack a public Wi-Fi network

Yup. That’s it.

Now imagine a grown adult who has studied computer hacking and knows what they’re doing outside of a Google search.

Are you starting to see the danger yet?

When using public networks, you’re always at risk of someone snooping over your data. Especially since public Wi-Fis are usually unprotected and not secure.

Sorin Tuță, Product Manager, CyberGhost VPN

Ensure You Have Encryption

HTTP is not your friend

You always want to make sure that the websites that you visit are encrypted. That goes for both public networks and at home.

But how can you tell? It’s simple.

If your website starts with “http://” there is no encryption. If it starts with “https://” then you’re encrypted.

HTTP websites have been deemed unsafe by Google, one of the most well respected and frequented internet companies on the planet. Since July 2018, anyone trying to access an HTTP website via Google’s Chrome browser gets a message warning them that the site is not safe and to proceed at their own risk.

How can you protect yourself? For starters, be vigilant.

Sometimes, a site’s homepage will be HTTPS, but when you navigate away to other sections, it’s HTTP. Before you enter any information check to make sure it’s encrypted.

It’s also a good idea to use Google Chrome as your browser as it looks out for this issue on its own. If you feel like you can’t remember to always look up at the URL for every site you visit, let Google do the work for you.

This is another vulnerability that a VPN helps to fix. Some VPNs, like CyberGhost, can be set to force your traffic to HTTPS pages when available.

Avoid FTP Transactions

A File Transfer Protocol, or FTP, transfers data between a client and server within a computer network.

There are some dangers associated with FTP4, which is why most consider it to be an unsafe protocol. These concerns are exacerbated when connected to public Wi-Fi. The threats are centered around a series of attacks that hackers can use to put your system at risk.

Here’s a few of them:

FTP Brute Force Attack

Having the same password for multiple accounts exposes you to digital dangers

The hacker uses a program to try different password combinations until they have successfully navigated through the system. This kind of attack is particularly effective against weak passwords, including factory defaults. Users who rely on the same password for all of their accounts are also more vulnerable.

FTP Bounce Attack

A hacker uses a PORT command to pose as a middle man for file transfers that occur directly between two FTP servers. All of the information that bounces between these servers can be accessed through the network.

Spoof Attack

The criminal uses a computer outside of the network to assume the host address of a computer on the network. This only works on FTP servers with restrictions on the network address. By doing this, the hacker can download all of the files that come through during a data transfer.

Packet Capture

This technique is also known as “sniffing.”

Since all of the information is transmitted in clear text, usernames and passwords can be captured by a program called a packet sniffer. This program decodes the raw data of the packet it captures, making it available to hackers.

Port Stealing

A hacker can decode the pattern of dynamic port numbers and identify the next in a series.

Once the hacker breaks in, they can lock out the legitimate user, denying them access to their own files. The hacker can then steal the data or insert a malicious file into the data stream in an attempt to infect other users.

Check The Network’s Legitimacy

A common way that hackers prey upon Wi-Fi users is with fake networks. They will create a network near an existing one with a very similar name. If they know the password, they’ll make it the same as well.

They’re trying to trick you into connecting to their network so that they can track your activity and gain access to your data.

That’s why it’s important always to check what network you’re connecting to. If you’re using a public network, verify the SSID from the hosting business before you connect. Also, make sure you check to see if there are two networks in your area with similar names. If you see two that are eerily alike, watch out. There could be a hacker nearby. If this is a public Wi-Fi network, alert someone at the establishment hosting the service immediately.

Don’t Transmit Sensitive Data

If you do find yourself having to connect to a public network with no security in place, avoid any sensitive activity. That means don’t log into any financial websites like a bank or credit bureau. Do not under any circumstances book a flight or hotel. Especially refrain from online shopping.

In fact, it’s best to avoid anything with a password. That means no social media profiles and nothing that you have your credit card attached to.

Use a VPN

The easiest way to protect yourself against the vulnerabilities of public wireless networks is to just not connect to them. But, if you do a lot of business on the go, consider the use of a virtual private network to keep your information private and encrypted.

Tanya Janca, Cloud Security Advocate at MSFT, spoke with me about the importance of being vigilant when using hot spots:

I always use a VPN when using public Wi-Fi, you never know who else is on there, or what their intentions are.

VPNs provide the ultimate protection against the threat of public Wi-Fi. It keeps you safe by moving your signal through a VPN tunneling protocol. The safest and most trusted of these protocols is OpenVPN. It’s an open sourced system that is maintained by the entire cybersecurity community, so you know it’s always on the cutting edge of new advancements.

Not only does a VPN relocate your signal to somewhere else, but it also protects your information from those pesky hackers by encrypting all of your personal data. Most VPNs today use AES-256 encryption standards, which is the same level employed by top-secret government agencies.

That means you can pretend to be a secret agent while using it! Which I… never do…

Use a dedicated IP VPN for ultimate online privacy and security. With a dedicated IP, nobody else can use the same VPN IP, which means you’ll never get locked out of any service.

And VPNs are not just for computers. The best VPNs in the world have mobile apps which allows you to take your protection with you anywhere you go.

Protect Your Home or Business Wi-Fi Network

A lot of people have a false sense of security about their home. They feel safe within the walls of their “castle” and know that nothing can harm them. And a home Wi-Fi network is much safer than a public one, so there is nothing to worry about, right?

Ahem…

There are still threats, though admittedly not as many.

It is possible for cybercriminals to hack their way onto your home network. This puts not only your information at risk, but also opens you up to legal issues. When a hacker commits crimes while connected to your network, law enforcement agencies could believe that you are the one who broke the law.

Take this story about a woman named Barb Angelova5, who found herself in a heap of trouble when a hacker gained access to her home network.

After changing her ISP, Barb received a new Wi-Fi router. It came with no instructions on how to properly secure the network, so she had little to no security.

One year later, Barb was accused of downloading a movie illegally. The letter she received noted the time, date, port, movie title, and method of acquisition. Her home network had been hacked. A cybercriminal illegally downloaded a copyrighted film and left poor Barb holding the bag.

All of this could have been avoided had she taken proper precautions with a router that would have allowed her to secure the network.

So how can you make sure that Barb’s story won’t become yours? Follow these simple steps.

Choose a Network Name

Your network’s name is also known as the Service Set Identifier or SSID. All routers come with a factory default network name, and one of the biggest mistakes you could make is keeping that original name.

Why?

Because hackers know these names well, and what’s more, they know the passwords that are associated with them. Many password cracking programs come with default SSID’s preloaded onto their system.

You want to choose something inconspicuous, and something that is not too common. Using a simple name could make it easier for a hacker to crack into the personal mode of WPA and WPA2 security levels.

Using a company or family name is also not a great idea. If someone is attempting to personally target you, having your SSID as your name is just helping them achieve their goal faster.

Physical Security

This advice is more for businesses, but it can be applied to home networks as well. You need to keep your access points secure to ensure that no physical tampering can occur.

That’s because most routers have a button on them that restores factory default settings, removing all security from the device. That’s why commercial access points are usually locked away in a server room. It’s a good idea to keep your home access points secured as well, either in a locked cabinet or a closet.

Commercial access points should be mounted on the wall out of reach with some kind of locking mechanism in place.

Also, remember to disable any unused ethernet ports around your home or office to protect against anyone installing a rogue access point.

Use Advanced Security

Enterprise mode is a great way to authenticate every user of your network on an individual basis. Using this mode, every user has their own Wi-Fi username and password. That means when there is a breach, you can tell who accessed what information. For businesses, if an employee quits or is fired, it’s simple to disable their access immediately to protect your company against retaliation.

When your network is set to “personal” mode, everyone uses the same SSID and password to access the Wi-Fi. This means that anytime there’s an issue and the password needs to be changed, every computer or device connected to the network will have to be manually reset.

If users are assigned their own encryption key, that means they cannot decrypt the connections of others. This is also beneficial in a potentially hostile office environment.

WPA and WPA2 have been the go-to Wi-Fi security protocols for over a decade. That is changing with the birth of WPA3, which is starting to creep its way into the world. This security upgrade adds new protections for devices that are connected over Wi-Fi. Hackers won’t be able to break into your password by trying to guess it repeatedly, and it places limitations on what data hackers can see when they crack into the system.

Unfortunately, this is not an overnight process, and it will take several years for WPA3 to become common. The bump in security will also come with a need to replace devices with those that are compatible with this new protocol.

Create a Strong Password

Home networks that have only one password need to make that password both strong and unique. Never keep the manufacturer’s passcode and make sure that the one you choose is not obvious or easy to guess.

20 characters

That’s the ideal length for your passwords

It should be at least eight characters long, but ideally up to 20 for maximum protection. Make sure you’re using capital letters, lowercase letters, numbers, and special symbols. Misspelling words and phrases can make it even more difficult for a hacker to crack. Dropping a vowel or using slang terms are helpful and fun.

Turn off the Network When You’re Not Home

A pretty simple tactic, but not a lot of people think about it. If your house is empty, you don’t need the network to be on. If you have a “smart home” with IoT connected devices, that’s another thing; but the average home does not need to be plugged in when no one is around.

This is especially helpful if you’re going to be away for a prolonged period of time, like a vacation. Unplug the network and limit the opportunities hackers have to victimize you when you’re not there.

Not only is this helpful in warding off cyber assaults, but you protect against surges and reduce the overall noise in your home. It also saves money on your electric bill. It’s a win-win-win.

You can disconnect your network by disabling all devices that are connected via ethernet, including your wireless router.

Use Multi-Layered Protection

When the safety of your Wi-Fi network is on the line, there is no one method that’s going to keep you protected forever. Instead, embrace a multi-layered approach to security, with various services all working together to keep your system safe and secure.

Update Software

Flaws in firmware can be exploited by hackers. Those flaws turn into extreme vulnerabilities. One such danger was a breach that allowed hackers to access login credentials, emails, and credit card information6.

It’s vital to update your router periodically. Remember, most routers don’t take automatic updates, so this is something you’ll have to do manually.

Use a Firewall

Hardware firewalls can be installed within a router to protect your entire network. That means every computer, phone, and IoT device that is connected to the Wi-Fi will have an added layer of cyber attack security.

Some routers come with this service built in, but it still has to be activated before use. If you have a router without a built-in firewall, worry not. There are devices that can be installed on your existing system to beef up your security.

Use a VPN for your Router

In addition to mobile and desktop apps, a lot of VPNs can also be installed and used with a router. That means the tunneling protocol and encryption standards that we mentioned before could be applied to your entire network.

Aside from keeping your Wi-Fi protected, a VPN has the added benefit of allowing you to torrent with increased privacy and access geo-blocked content from around the world.

Secure Your Connection

The growing threat of cybercrime impacts life in public, at work, and even in the privacy of your own home. As long as the internet exists, there will be malicious individuals seeking to use it to steal from you.

By employing a multi-layered defense wherever you go, their chances of success dwindle.

Protect your identity, your finances, and your online information with these helpful safety tips.

References

  1. https://obamawhitehouse.archives.gov/blog/2015/03/23/98-americans-are-connected-high-speed-wireless-internet
  2. https://www.cnbc.com/2018/02/22/cybercrime-pandemic-may-have-cost-the-world-600-billion-last-year.html
  3. https://www.tripwire.com/state-of-security/seven-year-old-hacks-public-wifi-in-under-11-minutes
  4. https://thehackernews.com/2013/12/security-risks-of-ftp-and-benefits-of.html
  5. https://blog.privatewifi.com/true-story-i-was-hacked-on-home-wifi/
  6. https://www.consumerreports.org/digital-security/ways-to-boost-router-security-a3824459325/

Leave a comment

Good morning frndsss hope all is well

Reply

Good morning, Frank. 🙂 Glad to hear you enjoyed reading.

This is interesting

Reply

Glad to hear you enjoyed reading, Ghostie. 🙂

I loved this assignment article and kept updating interesting articles. I will be a regular reader. I am offering help to students over the globe at a low price.

Reply

eduardo guerra silva

Posted on 14/06/2020 at 17:18

det bra information

Reply

Glad you enjoyed reading, Eduardo!

Great Post

Reply

Yes I think a VPN setup is a great idea

Reply

Is the user vulnerable at the moment of contact with public wifi? My principle concern is, during the time between connecting to public wifi and establishing a connection with the VPN my data is vulnerable. How are my log in credentials for the VPN protected during this critical moment?

The way I understand it, I am connecting to public wifi, then becoming anonymous once the VPN establishes a connection.. Aren’t I giving away my IP to the network at point of contact?
Is there a way to connect to public wifi anonymously?

Reply

romero pringle Carlos Gonzalo

Posted on 01/05/2021 at 00:43

I really apreciate your mail and advices

Write a comment

Your email address will not be published. Required fields are marked*