Wi-fi usage during travel

Would anyone have any guideline or policy on wi-fi usage on your mobile devices and laptop while traveling, especially in the countries that are riskier (i.e. China, etc.?).  
What do you do and do you have a best practice policy on this for your end users?

Thank you,
Helen IT
HelenITAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

EirmanChief Operations ManagerCommented:
I've heard a few radio items on this lately.
One of the biggest danger is fake WiFi hot spots. These can capture all you traffic/passwords.
Don't logon to the first wifi you come across. Check with the hotel, restaurant you are in.

I would also be wary of doing banking via WiFi, A trusted internet cafe would be safer.
http://ie.norton.com/travel-hotspot-security/article
http://www.pcmag.com/article2/0,2817,2368802,00.asp

Also, leave your Bluetooth off unless you need it.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
HelenITAuthor Commented:
is there any sample policy on this that you could provide?
0
EirmanChief Operations ManagerCommented:
What do you mean by "sample policy" HelenIT?

Do you mean a written list of guidelines?
There be different guidelines for Students, Tourists, Business Travellers, Diplomats.
0
Do You Have a Trusted Wireless Environment?

A Trusted Wireless Environment is a framework for building a complete Wi-Fi network that is fast, easy to manage, and secure.

HelenITAuthor Commented:
Yes exactly - for business travellers specifically.
0
JohnBusiness Consultant (Owner)Commented:
You either need to provide the connection methods wherever the people travel, and then write a policy to use these methods,  OR,

If you have no alternative for people, they will use whatever is available and there is not much you can do about this.

You cannot write a policy that says "do not use all these services (listed) but we have no alternative"
0
EirmanChief Operations ManagerCommented:
I don't know of any specific policy list that is in the public domain.
It would be up to you to prepare this policy based on the best tips you can pick up on the internet
(or from fellow companies).

I imagine that guidelines would vary somewhat between companies.

One useful tip here is to use 3G/4G instead of wifi for sensitive internet interactions.
https://www.getsafeonline.org/business-news/business-travellers-warned-about-hotel-wi-fi/

Also consider getting a local pay-as-go SIM for 3G/4G
0
JohnBusiness Consultant (Owner)Commented:
I keep a Nokia CS18 USB Internet Key in my briefcase. I like it, need it and use it, but it does not work everywhere (roaming issues) and is not free to maintain.
0
McKnifeCommented:
Helen,

there is no policy, no best practice. You need to be aware of the risks and then setup a policy based on what risks you see for your machines based on your usage scenarios.
--
Example: Your local firewall is on, no ports are open (default!). You are connected to some unknown WLAN and you go to your webmail (or use your local mail client) to receive important messages with attachments.
Now is that dangerous?

If you use https for the mail webclient (which should be the default), then the traffic is encrypted. If your mail client uses https, again encrypted. So nothing to fear.
--

But: if your machine is configured badly (no firewall active, local services have some ports, maybe the software listening on these ports is not even patched) then connecting to an unknown LAN is of course dangerous. But that has nothing to do with Wifi in particular.
0
JohnBusiness Consultant (Owner)Commented:
If you use https for the mail webclient (which should be the default), then the traffic is encrypted. If your mail client uses https, again encrypted. So nothing to fear.

Web sites sponsor bogus links with superb social engineering. When the traveler is in trouble and has no support, they click on "I can fix you problem" links and the machine is hosed. I have seen this more times than I can count.

@HelenIT  - see if you can provide some good alternatives. This means researching before travel.
0
McKnifeCommented:
John, your links are not specific to wifi, they can bee seen everyday, anywhere. I see no reason to discuss this here.
0
JohnBusiness Consultant (Owner)Commented:
Perhaps my point to is too obscure.

People work at home, have a problem, ask support and carry on.

People travel, have no prescribed internet capability, hop on to nearby wireless, have an issue, click on a help me link and machine is hosed.

Of course, this can happen at home and is not unique to Wi-Fi, but my experiences with clients travelling is like the above. We try to have known sites (including known hotels and businesses) where good Wi-Fi is available. It is pre-arranged as noted above. It is not perfect or universal, but it works a majority of the time.
0
Sean JacksonInformation Security AnalystCommented:
Never connect to a wifi spot you don't explicitly trust.

Disable your laptop/device from connecting automatically to saved SSIDs.

And here's a technique to find if there are rogue spots -- set up a bogus SSID in your wireless preferences.  If you see that SSID show up -- one you made up -- then you know someone is doing some spoofing.
0
McKnifeCommented:
@Sean Jackson "Never connect to a wifi spot you don't explicitly trust." - this is too simple to be true. I work for a company close to the military. Our staff may use any WLAN they like and may transfer even classified data (NATO restricted) over it. This is no joke. Reason: the data goes out encrypted using a certified VPN. Not a single bit that leaves the machine is unencrypted (for those that want details: it's this: http://www.secunet.com/en/topics-solutions/high-security/sina/sina-workstation/ ).
So the only thing our road warriors have to look after is physical security (they may not use it in a hotel lobby where people can watch your screen, not on a train and so on). Now for people that are really interested: NATO restricted is not the same as NATO confidential/secret/top secret - that has other regulations.

Our staff may not use the company devices for private pleasure. If they like to surf websites, they are held to use their own devices, they cannot use the work devices to connect to anything but the VPN (it's technically impossible). However we are so kind to offer them live systems (readonly  knoppix) which they can use for their private pleasure (surfing) while travelling.

Now back to "Never connect to a wifi spot you don't explicitly trust." - you see, it depends. If your usage scenario can use VPNs, then you may very well use any wifi hotspot. If your scenario is checking mail via https - sure can you do this via any wifi hotspot, as long as you stay on your own machine.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Vulnerabilities

From novice to tech pro — start learning today.