How secure are public wifi hotspots?

[2Xtreme21]

Would a simple firewall program do this? Or are there any that just make your computer completely invisible to anyone that's logged onto it?

 

[nweaver]

not really. If you are connected, and transmitting data, I know you are there. Remember that public WIFI is a double edged sword. You need to practice good security all the time.

 

[JackMDS]

If you configure correctly software Firewall and the sharing of you Hard Drive, you would be protected against people getting to your data on the HD.

However since the transmission is Not secured, they can Sniff you Interent traffic and get password and or other info that you might consider confidential.

 

[spyordie007]

As was mentioned it's not possible to make yourself "invisible"; as soon as you transmit they know you are there.

There are ways to keep the data transmitted secured however; like using a VPN, SSL, or other transport encryption methods. Some general recommendations:
1. Don't send/receive any data you want to keep private through unencrypted channels, because it wont be private anymore.
2. When using certificate-based encryption make sure the key matches (i.e. when you see a SSL error when connecting to a HTTPS website). An encrypted tunnel to a "bad" person just means they are the only one who can see your data.

 

[spidey07]

Me personally I don't do ANYTHING sensitive on hotspots (especially e-mail).

I'm not paranoid, just know what can be done.

 

[dphantom]

I've set up public wireless hotspots. There is no security wanted on them by the company's I've been involved with. They want to draw traffic in in as easy a manner for the customer as possible. Just a public warning on entering the site that it is unsecured and you enter at your own risk and all the other legalese required to protect the company or organization.

 

[spidey07]

Originally posted by: dphantom
I've set up public wireless hotspots. There is no security wanted on them by the company's I've been involved with. They want to draw traffic in in as easy a manner for the customer as possible. Just a public warning on entering the site that it is unsecured and you enter at your own risk and all the other legalese required to protect the company or organization.

Legally there is nothing a client can do. They CHOSE to use this PRIVATE network.

It's their dumbass choice to send sensitive informatition.

Sorry for the language, but if you attach to a network and communicate without some sort of agreement in place then you are denied any kind of privacy.

This is a public spectrum. I'm free to do with it however I please. I'm free to capture and read everything you send. I'm free to be a middle-man. I'm free to do just about anything.

 

[n0cmonkey]

I always have some kind of sniffer running when I jump on a network I don't control.

 

[dphantom]

Originally posted by: spidey07

Originally posted by: dphantom
I've set up public wireless hotspots. There is no security wanted on them by the company's I've been involved with. They want to draw traffic in in as easy a manner for the customer as possible. Just a public warning on entering the site that it is unsecured and you enter at your own risk and all the other legalese required to protect the company or organization.

Legally there is nothing a client can do. They CHOSE to use this PRIVATE network.

It's their dumbass choice to send sensitive informatition.

Sorry for the language, but if you attach to a network and communicate without some sort of agreement in place then you are denied any kind of privacy.

This is a public spectrum. I'm free to do with it however I please. I'm free to capture and read everything you send. I'm free to be a middle-man. I'm free to do just about anything.

I think we are in agreement here. The person connecting to an unsecured public wireless hotspot can have no expectation of privacy, not really. And if that person sends sensitive bank, health or other such info, well, they are pretty darn stupid IMO.

But I would see that exact stuff happening everyday on our public hotspots. We only provide them for public use as a service. No encryption, BIG WARNING about unsecured traffic, enter at own risk and so on. Yet here people are trading stocks, credit card transactions and more.

So sniff away. You won't get an argument from me.

 

[LuDaCriS66]

I would assume some hotspots enable AP isolation. Although I'm not sure how much that helps with sniffing

 

[nweaver]

I don't do it...but I would think that full SSL sites would be fine to use, as they cannot crack that encryptions, so they see the HTTP traffic, and the packets themselves are not encrypted, but the contents ARE. So things like banking would be OK, assuming it's fully ssl (not just regular http with ssl after login)

 

[spidey07]

Originally posted by: LuDaCriS66
I would assume some hotspots enable AP isolation. Although I'm not sure how much that helps with sniffing

With wireless all conversations are sent over the air. All you have to do is listen. So isolation doesn't do jack.

 

[spyordie007]

Originally posted by: nweaver
I don't do it...but I would think that full SSL sites would be fine to use, as they cannot crack that encryptions, so they see the HTTP traffic, and the packets themselves are not encrypted, but the contents ARE. So things like banking would be OK, assuming it's fully ssl (not just regular http with ssl after login)

SSL is generally considered safe since breaking it within a reasonable amount of time is (currently) highly unlikely. Just note my comment above about making sure the key matches; so often I see people simply click "continue anyway" when they get key mis-matches, opens you up to the possibility of MITM attacks, etc.

Originally posted by: spidey07
Me personally I don't do ANYTHING sensitive on hotspots (especially e-mail).

I'm not paranoid, just know what can be done.

I don't know that I'd do anything more sensitive over unsecured channels from home. Who knows who is out there listening in on my /20 Comcast segment.

My theory is that unless I have physical control over the path end to end I need to assume it's not secure.