?
Solved

Wi-fi usage during travel

Posted on 2014-12-12
13
Medium Priority
?
96 Views
Last Modified: 2015-01-17
Would anyone have any guideline or policy on wi-fi usage on your mobile devices and laptop while traveling, especially in the countries that are riskier (i.e. China, etc.?).  
What do you do and do you have a best practice policy on this for your end users?

Thank you,
Helen IT
0
Comment
Question by:HelenIT
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 3
  • +2
13 Comments
 
LVL 24

Accepted Solution

by:
Eirman earned 800 total points
ID: 40495960
I've heard a few radio items on this lately.
One of the biggest danger is fake WiFi hot spots. These can capture all you traffic/passwords.
Don't logon to the first wifi you come across. Check with the hotel, restaurant you are in.

I would also be wary of doing banking via WiFi, A trusted internet cafe would be safer.
http://ie.norton.com/travel-hotspot-security/article
http://www.pcmag.com/article2/0,2817,2368802,00.asp

Also, leave your Bluetooth off unless you need it.
0
 

Author Comment

by:HelenIT
ID: 40495996
is there any sample policy on this that you could provide?
0
 
LVL 24

Expert Comment

by:Eirman
ID: 40496007
What do you mean by "sample policy" HelenIT?

Do you mean a written list of guidelines?
There be different guidelines for Students, Tourists, Business Travellers, Diplomats.
0
WatchGuard's M Series Appliances - Miecom Approved

WatchGuard's newest M series appliances were put to the test by Miercom.  We had great results and outperformed all of our competitors in both stateless and stateful traffic throghput scenarios! Ready to see how your UTM appliance stacked up? Download the Miercom Report!

 

Author Comment

by:HelenIT
ID: 40496025
Yes exactly - for business travellers specifically.
0
 
LVL 97

Expert Comment

by:Experienced Member
ID: 40496034
You either need to provide the connection methods wherever the people travel, and then write a policy to use these methods,  OR,

If you have no alternative for people, they will use whatever is available and there is not much you can do about this.

You cannot write a policy that says "do not use all these services (listed) but we have no alternative"
0
 
LVL 24

Expert Comment

by:Eirman
ID: 40496054
I don't know of any specific policy list that is in the public domain.
It would be up to you to prepare this policy based on the best tips you can pick up on the internet
(or from fellow companies).

I imagine that guidelines would vary somewhat between companies.

One useful tip here is to use 3G/4G instead of wifi for sensitive internet interactions.
https://www.getsafeonline.org/business-news/business-travellers-warned-about-hotel-wi-fi/

Also consider getting a local pay-as-go SIM for 3G/4G
0
 
LVL 97

Expert Comment

by:Experienced Member
ID: 40496057
I keep a Nokia CS18 USB Internet Key in my briefcase. I like it, need it and use it, but it does not work everywhere (roaming issues) and is not free to maintain.
0
 
LVL 56

Expert Comment

by:McKnife
ID: 40496138
Helen,

there is no policy, no best practice. You need to be aware of the risks and then setup a policy based on what risks you see for your machines based on your usage scenarios.
--
Example: Your local firewall is on, no ports are open (default!). You are connected to some unknown WLAN and you go to your webmail (or use your local mail client) to receive important messages with attachments.
Now is that dangerous?

If you use https for the mail webclient (which should be the default), then the traffic is encrypted. If your mail client uses https, again encrypted. So nothing to fear.
--

But: if your machine is configured badly (no firewall active, local services have some ports, maybe the software listening on these ports is not even patched) then connecting to an unknown LAN is of course dangerous. But that has nothing to do with Wifi in particular.
0
 
LVL 97

Expert Comment

by:Experienced Member
ID: 40496158
If you use https for the mail webclient (which should be the default), then the traffic is encrypted. If your mail client uses https, again encrypted. So nothing to fear.

Web sites sponsor bogus links with superb social engineering. When the traveler is in trouble and has no support, they click on "I can fix you problem" links and the machine is hosed. I have seen this more times than I can count.

@HelenIT  - see if you can provide some good alternatives. This means researching before travel.
0
 
LVL 56

Expert Comment

by:McKnife
ID: 40496160
John, your links are not specific to wifi, they can bee seen everyday, anywhere. I see no reason to discuss this here.
0
 
LVL 97

Expert Comment

by:Experienced Member
ID: 40496169
Perhaps my point to is too obscure.

People work at home, have a problem, ask support and carry on.

People travel, have no prescribed internet capability, hop on to nearby wireless, have an issue, click on a help me link and machine is hosed.

Of course, this can happen at home and is not unique to Wi-Fi, but my experiences with clients travelling is like the above. We try to have known sites (including known hotels and businesses) where good Wi-Fi is available. It is pre-arranged as noted above. It is not perfect or universal, but it works a majority of the time.
0
 
LVL 5

Expert Comment

by:Sean Jackson
ID: 40496300
Never connect to a wifi spot you don't explicitly trust.

Disable your laptop/device from connecting automatically to saved SSIDs.

And here's a technique to find if there are rogue spots -- set up a bogus SSID in your wireless preferences.  If you see that SSID show up -- one you made up -- then you know someone is doing some spoofing.
0
 
LVL 56

Assisted Solution

by:McKnife
McKnife earned 1200 total points
ID: 40496387
@Sean Jackson "Never connect to a wifi spot you don't explicitly trust." - this is too simple to be true. I work for a company close to the military. Our staff may use any WLAN they like and may transfer even classified data (NATO restricted) over it. This is no joke. Reason: the data goes out encrypted using a certified VPN. Not a single bit that leaves the machine is unencrypted (for those that want details: it's this: http://www.secunet.com/en/topics-solutions/high-security/sina/sina-workstation/ ).
So the only thing our road warriors have to look after is physical security (they may not use it in a hotel lobby where people can watch your screen, not on a train and so on). Now for people that are really interested: NATO restricted is not the same as NATO confidential/secret/top secret - that has other regulations.

Our staff may not use the company devices for private pleasure. If they like to surf websites, they are held to use their own devices, they cannot use the work devices to connect to anything but the VPN (it's technically impossible). However we are so kind to offer them live systems (readonly  knoppix) which they can use for their private pleasure (surfing) while travelling.

Now back to "Never connect to a wifi spot you don't explicitly trust." - you see, it depends. If your usage scenario can use VPNs, then you may very well use any wifi hotspot. If your scenario is checking mail via https - sure can you do this via any wifi hotspot, as long as you stay on your own machine.
0

Featured Post

Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hey fellow admins! This time, I have a little fairy tale for you. As many tales do, it starts boring and then gets pretty gory. I hope you like it. TL;DR: It is about an important security matter, you should read it if you run or administer Windows …
IF you are either unfamiliar with rootkits, or want to know more about them, read on ....
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Suggested Courses

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question