18

The Dangers of Open Wi-Fi

How does one go about sending valuable information (for example inputting email username and password) over a free password-less public WiFi network?

The only option that I can think of is ssh-in into a secure server and home and using it as a proxy for all communication. Is this valid and practical approach?

Community
  • 1
Vorac
  • 1,817
  • 3
  • 20
  • 27
  • 2
    I think http://security.stackexchange.com/questions/34764/is-there-any-security-threat-with-open-wifi-connection is relevant to your question – Ali Ahmad Jun 17 '13 at 10:53
  • 3
    Just a reminder that your browser isn't the only thing hitting the network. Be sure to configure your email client to use secure connections as well. – Chris Nava Jun 18 '13 at 03:23
  • For a description of the threats going with using public WiFi (including when using SSL): [What are potential security risks when using an insecure wireless connection?](http://security.stackexchange.com/q/17339/32746). – WhiteWinterWolf Jan 24 '16 at 14:45

4 Answers4

20

Using valid SSL/TLS connection by making sure you're always connecting to the https:// version of the website and that the browser isn't giving you any warnings or errors, is your first line of defence. An addon called HTTPS Everywhere can be very helpful here.

The approach you're proposing (SSH to your trusted network) is a very standard approach. I use it everyday to connect from any network in the street/restaurant/cafe using a small app called SSH Tunnel from my mobile or using any SSH client on my computer.

Important note: Always make sure you're connecting to your server by watching for fingerprint acceptance prompts and making sure you're accepting your server's fingerprint.

Community
  • 1
Adi
  • 43,808
  • 16
  • 135
  • 167
6

Have your own VPN. Connect to a public wireless network, then begin a VPN session to your server / home server, then you can navigate with some level of privacy as if you where on your home.

Hugo
  • 1,701
  • 11
  • 12
  • Or, use a paid service of your choice and trust, to avoid the hassle of having your own VPN. – Marcel Nov 18 '14 at 06:36
5

I have thought about this topic in the past and prepared five options for dealing with open wireless. I ranked them 1-5, with 1 being the most preferred.

  1. Don't use open APs
  2. Don't "remember this network" for open APs or "Forget this network"
  3. Use a SSH Tunnel, an IPSEC VPN, or a SSL VPN back to a known safe area, so MITM will fail
  4. Use SSL Everywhere and HSTS (HTTP Strict Transport Security), and only browse to websites that have SSL sites (Facebook just did this, etc.). Make sure that your browser actually validates certificates so you can't be SSL/TLS MITM'd.
  5. Have the first open AP be "Hacking detected" or something like that. If you do this and attach to a rogue AP like a WiFi Pineapple, it will be more obvious.

Just to detail number 2 a little bit, the reason why you want to forget open APs is the same reason why number 5 works well as a protection mechanism. You need to control your probe requests, and protect yourself from rogue APs.

JZeolla
  • 2,936
  • 1
  • 18
  • 25
4

Watch out that you are surfing possible only on pages that support SSL. There is for example a plugin for Google Chrome / Firefox you can force a SSL connection.

Its called HTTPS eveywhere.

Download links:

Firefox

Chrome

Another option would be to use a VPN and establish a tunneled connection.

And my favorite option is to surf via remote desktop on a windows server.

Hidden
  • 589
  • 1
  • 4
  • 15