What should we consider when connecting to an open Wi-Fi
Fortunately, more and more establishments (cafes, restaurants, shopping centers, etc.), airports and hotels that offer complimentary Wi-Fi for free (either because they offer an open connection or through a captive portal) an ease that comes in handy for us to work with our computer or connect your smartphone or tablet without our having to consume the bond that we have hired data.
Both in public and in events they attend, to have a Wi-Fi connection can provide us with your email account, our profile on Facebook or Twitter or even connect to our blog for an article; however, make a couple of years, a Firefox extension called Firesheep showed us that when connecting to a Wi-Fi shared with other users should take some precautions.
And what did Firesheep? For this case you do not remember, Firesheep was a Firefox extension that captured the traffic that was studying through a Wi-Fi and was able to “steal” the session cookies so popular services like Amazon, Basecamp, Twitter or Facebook, allowing the attacker to steal our identity and access our account.
With a view to avoid such situations and not put it all easy to those who seek to capture passwords (with no good intentions), No Needless to consider some key aspects of safety that will prevent us to get some trouble, aspects rotating about a common denominator: the use of encrypted connections, ie the SSL .
Configure SSL to access via our social profiles
Although default should offer encrypted connections (as does, for example, electronic banking and many online stores), services like Twitter, Facebook or LinkedIn do not use encrypted connections Except as we indicate in the settings.
In normal use, through our browser, we noted no difference (in terms of loading time) between an encrypted or unencrypted, therefore, to always be prepared for everything, it is important to access the settings of these services and make use of SSL always (and thus avoid the effects of Firesheep and similar).
Encrypt the connection to our mailbox
My partner Barbara spent a few minutes today to talk about the email and gave us some tips to keep our accounts safe and, in addition to their advice, we add an additional detail if we check our e-mail through a network of public use: use also encrypted connections.
Most email services that provide users with webmail (eg Gmail), by default, often under SSL (accessed via https), however, when we configured the account in Outlook or Thunderbird, not always set the box safely and is used to POP or IMAP. What should we do? If we are to use our mail on a public network, if our mail server permits should set up the account using secure connections (IMAP -POP-SSL or SSL) in addition to sending the encrypted passwords.
Resorting to extensions that force the use of encrypted connections
If we think that all services set to use, by default, use encrypted connections can surpass or even can let ourselves off and unconfigured services, a good way to improve safety can quickly turn to some extent that help us to maintain secure connections globally.
Extensions and KB SSL Enforcer , HTTPS Everywhere and Force-TLS will be responsible for serving the most popular web sites (Twitter, Facebook, Amazon, Google, etc.) in their versions under SSL (https).
Use a VPN
One way to “isolate” our traffic and establish a secure channel of communication is through the use of a VPN, with which we can establish a secure connection to our company or against a particular service.
These connections are encrypted (using IPsec ) and each data packet exchange encrypted travels up to each end of the channel between the transmitter and receiver, therefore, a third party will not be at all easy to intercept our data, our password or steal session cookies from our Twitter account.
Improve our own systems
If you manage a system or website to which, for example, accedamos continuously from all kinds of networks can be interesting perhaps ask connections using SSL to prevent someone who is listening to intercept our credentials.
Many content management systems have modules available that force the use of SSL connections to access the administration area or certain private areas that are considered sensitive. If we use WordPress as extensions HTTPS WordPress , for example, can help us to establish a secure connection with the administration area of our blog and, incidentally, can also protect certain special pages.Tags: security, SSL, Wi-Fi