On a day celebrating the freedom and convenience of wireless connectivity, thousands of unprepared users are logging on to the Internet, potentially creating a Hacker's Paradise unless appropriate Internet security measures are put in place. RedCannon Security, the newest guardian against Internet hackers, cyber criminals, Spammers and online stalkers, today is encouraging all Wi-Fi users participating in Intel's One Unwired Day to consider laptop security a high priority as they surf the Web or conduct their daily business from one of the free wireless hot spots.
"We're not just warning people about how hackers can use technology to sniff wireless traffic right out of the air, we're talking about an even more basic threat to Wi-Fi users -- people accessing your computer," said John Myung, vice president of marketing for RedCannon and a security consultant who has helped federal and state agencies investigate cyber criminals. "Most wireless users fail to realize the dangers of using wireless networks with unprotected computers. A hacker sipping on a latte three tables over can watch and record everything they are doing, steal sensitive passwords and files, or even place Trojan horses directly on their machine. One Unwired Day is a fabulous idea, but it's no excuse to go unprotected."
RedCannon has developed the following list of five security precautions users should take before they log-on wirelessly:
- Install a personal firewall that has intrusion detection -- Users need to block attacks and identify attackers. Not all personal firewalls have intrusion detection. Firewall combined with intrusion detection is critical on all wireless networks. Wireless networks should be considered public since there is no true way to identify all users on the network.
- Proper configuration of file sharing -- Configure the file sharing and public folders with a username and password. Sensitive files can be stolen remotely without the users' knowledge. Always make sure that the C: drive or the drive with the operating system is not shared and cannot be written to. A hacker could just delete a critical file and the person's machine would be disabled.
- Update your operating system -- Update all security and operating patches from Microsoft and other well-known vendors. With tens of millions of lines of code out there, security vulnerabilities exist in all programs.
- Use extra protection when connecting to the office -- Use a virtual private network client (VPN) whenever possible to connect back to the office. VPNs can encrypt communications in real-time over the public Internet so people cannot eavesdrop on a person's e-mail, downloads, and corporate files like Excel sheets or e-faxes. Most small business gateways now have VPN functionality.
- Look for the little "lock" on your browser -- This lock symbol indicates that secure sockets layer, or SSL, communication is taking place. Most online sites use SSL to encrypt web site sessions, but some do not. Avoid using free online web mail services that do not offer SSL. You can look for the "Gold Lock" on the bottom of the browser window to see if a SSL session has been established.