Wi-Fi Security and Wireless Security in New York City

How to protect yourself from hackers when you using using wifi in NYC

New York City is a major metropolitan hub that provides many different wireless mechanisms to get connected to the Web. Each solution has its own issues as far as WiFi security is concerned. There was a time when you could just drive around New York City and you would find that many New York residents and businesses would leave their WiFi and wireless hotspots completely unsecured. During a recent wireless discovery scan though Manhattan by Tech Crunch, it was found that these open WiFi connections do still exist, but are now in the minority. Unsecured WiFi connections are free so they are enormously popular and can be slow.

Are Wireless Connections Less Secure Than The Internet ?

The internet is a public medium, but wireless transmissions are determined to be the most “public” of all internet connections as they are the easiest to hack. Even “Access Points” that use transmission encryption still do not guarantee that the data transmission is private on their portion of the network. When data travels across the public internet in clear-text form it is open to other kinds of hacker attack, but as both wireless and regular internet sessions travel the same route we shall negate this as an implied de facto and accepted risk.

Basic PC and Apple Mac Security

Hackers are notorious for going after the lowest hanging fruit, so let’s deal with the basic internet security expectations that should be implemented on all computers to reduce overall risk. An up-to-date anti-virus product and personal firewall should be installed on all internet connected machines. A trojan analyzer is also a good idea. The anti-virus product should be scheduled for regular scans and updates. The personal firewall should be set for the very minimum of services and desktop machines should use an additional hardware based firewall – E.G. A consumer level product is the Netgear ProSafe Firewall, a business product is Checkpoint Firewall. All machines that contain sensitive data should also have hard disk encryption and strong authentication to access them. This is especially true for laptops and handheld devices. All data should be backed up in off-site, secure storage.

General Wireless Transmission Security

All wireless data transmission can be “listened” to by anyone within radio range of the broadcast and thus any conversations can be “listened” in to in an anonymous fashion. Denial of service is also a big risk of wireless connections, as hardware can be purchased at Radio Shack that can “blast” all radio frequencies, rendering all wireless traffic inoperable, something that is practically impossible to do with wired connections.
Older wireless access points used WEP encryption to keep the transmission secure, but this protocol is easily hackable, so only the acceptable standards now are WPA and WPA2.

The General Risks Of Poor Wireless Security

Using a poorly secured wireless network for confidential transmission can lead to a number of different exploits that include unauthorized credit card transactions, unauthorized system access, and ultimately ID Theft. 

FREE WIFI ACCESS POINT SECURITY

The many free WiFi “Access Points” in New York City don’t use any WiFi security mechanisms, which facilitates easier connection by users but adds risk to the service. Some “Access Point” owners do this knowingly and others are just poorly educated about the matter. Either way this means that anyone can get free internet access by using these wireless connections or “Access Points”. Some public places like parks and libraries also offer this free wireless service.
The problem with this type of WiFi hotspot is that they are not reliable, the connections are prone to outage and often have slow transmission speeds. 
The other issue is security. It is clear that offering a free WiFi hotspot is a very clever way of of monitoring internet traffic and stealing data such as login IDs and passwords as well as credit card numbers. The WiFi hotspot transmissions can become a focal point for the hacker as he now has a way to capture all internet data that will funnel though the hotspot. It is made especially easy if he actually controls the hotspot, but he really doesn’t need to as even the most inexperienced hack can just listen to all the traffic that passes by his antenna. The hacker can use a “Sniffer” type product to pull out the important pieces of information from the traffic that can then be used for illicit purposes or the data gleaned is sold as a commodity to hackers in foreign countries.

Mitigating the Risks

There are many ways of combating the risks when using this kind of wireless connection. They include always using an SSL session in the browser for “private” transactions such as email, logging into services, credit card transactions etc. IP Sec or SSL VPN sessions are also a great way to connect to your office gateway, as everything in that tunnel is protected inside an encrypted pipe. As is often the case, the user only need to forget that one time to encapsulate their transmission in SSL for a large risk of private data leakage.

PAY WIFI ACCESS POINT SECURITY

Wireless access points that you pay for have far more consistent wireless connections and can be found in many locations, such as coffee shops, cafes, delis, bars, and restaurants around New York City. Most have a price associated with them or provide the access for free if you buy a product or service from them. Just because you actually pay for the connection doesn’t mean that it’s any more secure, but many do now use WPA and WPA2 which secures the transmission but doesn’t actually mean that the Access Point itself is secure and not being monitored by a hacker. 

Mitigating the Risks

Obviously asking the “Access Point ” owner what security protocols they are using is a start, but often they don’t know – so the risk mitigation should be similar to “Free WiFi Security. This includes always using an SSL session in the browser for “private” transactions such as email, logging into services, credit card transactions, etc. IP Sec or SSL VPN sessions are also a great way to connect to your office gateway, as everything in that tunnel is protected inside an encrypted pipe.

HARD WIRED INTERNET ACCESS

Some people need a hard wired internet solution via Ethernet, so they can get faster and more reliable internet access by cutting out the wireless card. There are fewer solutions available around New York City, but internet cafes and some libraries have some internet solutions that will meet your needs. These connections are usually more secure than wireless connections, but are still open to some risks if the connections are fully public or have weak router or firewall configurations.

Mitigating the Risks

The inherent risk is reduced on these connections when compared to wireless security, but caution should still be used. SSL should still be used for all private transactions or for any data that is not for “public” consumption

INTERNET CAFE Security Issues

Often in society, the poorest people often get the worst deal – both from a financial perspective and a security perspective.
If you don’t have your own computer and you need internet access in New York City, you are forced to use a “public” workstation. These workstations can be found in internet cafes and various other locations around the city. The cost of using them is based on an hourly rate that can become quite expensive, and these machines often contain the trifecta of security vulnerabilities. The possibilities are that the workstation may be hacked, the wireless connection to the workstation may be compromised and the environment that this is connected to may also be compromised. It’s a risk proposition that every day many people make without knowing the full implications. Of course, surfing the web for nondescript information is one thing, but logging into email is quite another.
There are a multitude of ways that the workstation may be hacked, including physical ones like key stroke loggers or software based ones like TSR key loggers, both of which will record everything that is typed in at the keyboard, which makes all the other security controls completely irrelevant. Often these hacking tools may be installed completely unbeknownst to the computer owner – see the Kinkos December 2002 hacking court case in which Juju Jiang, 24, of Flushing, Queens was charged with computer fraud. Let’s be clear, this problem is not just Kinko’s problem; it can hit any Internet cafe or shared workstation, and the Juju Jiang case illustrates the risk to all public computers. 

Mitigating the Risks

Because these public computers are very high risk, we recommend that you do not login to any web sites with your credentials using these machines. You do not know what monitoring or hacking software has been installed. An SSL or VPN session will not protect you on these types of computers. General surfing is okay on these machines, but DO NOT be tempted to actually type in any of your logon credentials into any web site, unless you don’t mind them being used by other parties. Many corporations now employ endpoint analysis products to determine what type of computer you are on before they allow access.over a VPN. Although they won’t spot key loggers, they will see that if the machine you are using has the basic of security services loaded.