Ten Ways to Dodge Cyber-Bullets (Part 9)

[Part 9 of an occasional series, updating a blog series I ran in early 2009 to reflect changes in the threat landscape. This series is now available as a white paper at http://www.eset.com/download/whitepapers.php.]

Be Wireless, not Careless

Don’t connect to just any “free Wi-Fi” access point: it might alter your DNS queries or be the “evil twin” of a legitimate access point, set up to intercept your logins and online transactions. (When I have occasion to see what networks are being offered me in hotels, airports, even in the apartment block where I live, I have to wonder how many of them are legitimate…)

Our colleagues in Bratislava put up a nice article in 2009 on "Summer Surfing on Free Wi-Fi: Work or Play, but stay secured": see http://www.eset.eu/press/summer-surfing-on-free-wifi. Of course, many of the points made there are just as valid at any time of year. Here’s a summary of some of them:

Be aware of some common security issues with hot spots

• “Evil twin” login interception: this is a scenario where a network is set up by hackers to resemble legitimate Wi-Fi hot spots, in order to intercept your login credentials for legitimate networks and sites
• Previously unknown (zero-day) attacks exploiting operating system or application vulnerabilities
• Sniffing , or using computer software and/or hardware to intercept and monitor traffic passing over a network
• Other forms of data leakage using man-in-the-middle attacks

Be aware also of ways of reducing your attack surface and protect your computer:

• Ensure VPN pass through ports are enabled, but don’t allow a high port free-for-all: professional system administrators open only necessary ports. This doesn’t stop all attacks, but does reduce them.
• Use HTTPS to access webmail
• Avoid protocols that don’t include encryption wherever possible
• Disable sharing of files, folders, services
• Avoid connecting to sites that transfer sensitive info, your banking information, for instance, when connected to an untrusted access point
• Ensure you’re using sound firewalling, antimalware, HIPS and so on.

David Harley BA CISSP FBCS CITP
Director of Malware Intelligence

ESET Threatblog (TinyURL with preview enabled): http://preview.tinyurl.com/esetblog
ESET Threatblog notifications on Twitter: http://twitter.com/esetresearch (or @ESETblog)
ESET White Papers Page: http://www.eset.com/download/whitepapers.php

Securing Our eCity community initiative: http://www.securingourecity.org/

Also blogging at:
http://smallbluegreenblog.wordpress.com/
http://avien.net/blog
http://blogs.securiteam.com
http://blog.isc2.org/
http://macviruscom.wordpress.com/