F A Word on Wi-Fi By Chris Tuzeneu, Vice President of Information Security CivITas Bank Solutions, an affiliate of Bankers’ Bank of the West For nearly as long as public wireless networks have been available, the best security advice has been to avoid them altogether. Why is this? Is there a way to be safe on public wireless networks? And what about the ones that use a password? Let’s take a closer look at where the security advice comes from, and how you can stay safe now that we are once again venturing away from our home networks. Generally speaking, there are two kinds of wireless networks: password-protected and unprotected (also known as “open”) Wi-Fi. Now, think about the words “public” and “private.” You might think that an open network is automatically public and a password-protected one is private, right? Not necessarily. Even wireless that asks for a password to connect can be considered “public” if that password is regularly given out; for example, a coffee shop posting the code on a bulletin board or on the bottom of every receipt. Anyone who is connected to the same wireless network can theoretically spy on network traffic happening on the same network — password or no password. Using a method known as ARP poisoning, someone can trick your computer into thinking their computer is the router, so all your information passes through to them. They can read (and even change) information that is sent unencrypted, that is, through regular HTTP. Any secure traffic, through HTTPS is difficult to impossible to read and manipulate. This is the main reason behind the security advice “Look for the padlock” in your address bar; this tells you whether information on a website is potentially visible to some other party. What about using a VPN? Virtual Private Networks can protect your internet traffic from eavesdropping, but there are a couple of caveats there as well. First, the VPN must be full tunnel, not split tunnel. Basically, a split tunnel only encrypts certain internet traffic, while a full tunnel encrypts everything. If you are given a VPN connection through your organization, they will be able to tell you which type they use. Secondly, the VPN solution you are using must be trusted as well. Since a VPN will encrypt traffic between your computer and some remote server, if you don’t trust the place your traffic is going, then you run the same risks that you do on public Wi-Fi. Follow the steps below to keep you safe when you use Wi-Fi. 1. Do only you and the individuals you trust know the password to this wireless network? And is the password long, complex, and would not be found in any passwordcracking dictionary? If the answer to both questions is yes, the network is safe and can be considered private. If not, proceed to the next step. Colorado Banker 10
RkJQdWJsaXNoZXIy MTg3NDExNQ==