You won’t always have a choice on which network you are going to connect to but there are some important things you should consider when doing so. When you are connected to either of these networks your traffic isn’t protected from prying eyes. WEP, a little more so, but it uses the same key to encrypt the traffic, which allows a listener to be able to decrypt the stream with almost no effort to read what is being transmitted. So if you want to keep what you are doing private, whether it is changing your Facebook status, or tweeting about the great cup of coffee you are now drinking at a coffee shop, you might want to take a couple extra steps.
Now a little while back there was an add-on released for Firefox web browsers that would allow anyone running Firefox and this add-on to watch the traffic in the air for session data with popular websites. I don’t want to give any one any ideas about this so I won’t even mention its name. It is still around and has plenty of downloads out there. Not only were they able to see these sessions they could “sidejack” or step in as the user effectively taking over a session as that user including sites again like Facebook Twitter, Flickr and so on. Now to get started; this works best on an open network like a coffee shop or airport where the network is gated by a website providing access once terms are accepted.
So ,what can you do to keep your awesome status updates your own or those hot tweets about the weather or what-not all yours? One way is to be sure you are using SSL when connecting to websites, this is even more important when connecting over wireless networks. This encryption prevents data from being read as all transfers between you and the website are encrypted with the help of a digital certificate. So make sure your address bar reads HTTPS rather than HTTP to make sure you’re using this method, also look for the padlock icon to verify the site is secure. One of the biggest flaws with this is that the websites don’t always use HTTPS for every page usually only encrypting the data during login protecting your password but not you against attacks like the one I mentioned above that only needs to have your session information, which is then returned to you unencrypted in some occasions.
Now how can we do better, the first option is VPN, if you can establish a VPN connection to a trusted location and send all your traffic down that new tunnel then everything you will be doing is secure between you and that endpoint, protecting you completely. There are online servers that provide access to VPN servers in various locations across the globe for this and other purposes. This way is 100% secure to their servers so anyone trying to read your wireless traffic would be unsuccessful. You could even create one to your home network using different programs which I won’t go into here.
The next method is to use SSH to encrypt your web traffic by sending all web traffic down an SSH tunnel to a more secure trusted endpoint and from there access the internet. This can be done on various operating systems, including Windows Mac and Linux. You can run a small SSH server at home and build a tunnel to it, and then when you are on the road use this to protect your web browsing traffic. Another way and one I have tested myself, which is also sort of fun in a nerdy sort of way is to use an Amazon EC2 cloud server to build the tunnel too, and direct your web browser to use this tunnel for internet traffic through a SOCKS proxy. I used a free micro instance in the cloud and started it up, I have also built and installed other pieces of software on this server but the base install is all you need to protect your traffic for web browsing needs. After you get through the process of logging in creating your key pairs and launching your first instance, just be sure you pick the micro if you want to do this 100% free. You can use your SSH client to create a tunnel through SSH specifying a local port to bind to the tunnel. In this example, 8899, but you can use whatever port number you wish. In your web browser, go to your proxy settings and chose manual settings SOCKS proxy at address localhost and the port number you created the tunnel at. And like magic, all your traffic to the web will go through this tunnel to the Amazon cloud before going to the internet. This will protect your internet traffic from any prying eyes, and if you use a site to find your IP you will see that it is changed to the IP of your cloud instance. This has a nice side effect of bypassing some web filtering services also as the traffic would not be coming from the port for HTTP and would be unreadable as it is over an SSH tunnel anyway. If I hear that anyone is interested in a step by step in creating such a proxy I shall make a good write up on how to get it started.
Remember when you are using public networks unless you are protecting your data in some way everything you are doing is well publicized. If you do not do anything you wouldn’t want anybody to see or have access to, including anything involving private data, work data and anything you wouldn’t want to be public knowledge. Be safe.