Solved

Wi-fi usage during travel

Posted on 2014-12-12
13
90 Views
Last Modified: 2015-01-17
Would anyone have any guideline or policy on wi-fi usage on your mobile devices and laptop while traveling, especially in the countries that are riskier (i.e. China, etc.?).  
What do you do and do you have a best practice policy on this for your end users?

Thank you,
Helen IT
0
Comment
Question by:HelenIT
  • 4
  • 3
  • 3
  • +2
13 Comments
 
LVL 23

Accepted Solution

by:
Eirman earned 200 total points
ID: 40495960
I've heard a few radio items on this lately.
One of the biggest danger is fake WiFi hot spots. These can capture all you traffic/passwords.
Don't logon to the first wifi you come across. Check with the hotel, restaurant you are in.

I would also be wary of doing banking via WiFi, A trusted internet cafe would be safer.
http://ie.norton.com/travel-hotspot-security/article
http://www.pcmag.com/article2/0,2817,2368802,00.asp

Also, leave your Bluetooth off unless you need it.
0
 

Author Comment

by:HelenIT
ID: 40495996
is there any sample policy on this that you could provide?
0
 
LVL 23

Expert Comment

by:Eirman
ID: 40496007
What do you mean by "sample policy" HelenIT?

Do you mean a written list of guidelines?
There be different guidelines for Students, Tourists, Business Travellers, Diplomats.
0
 

Author Comment

by:HelenIT
ID: 40496025
Yes exactly - for business travellers specifically.
0
 
LVL 90

Expert Comment

by:John Hurst
ID: 40496034
You either need to provide the connection methods wherever the people travel, and then write a policy to use these methods,  OR,

If you have no alternative for people, they will use whatever is available and there is not much you can do about this.

You cannot write a policy that says "do not use all these services (listed) but we have no alternative"
0
 
LVL 23

Expert Comment

by:Eirman
ID: 40496054
I don't know of any specific policy list that is in the public domain.
It would be up to you to prepare this policy based on the best tips you can pick up on the internet
(or from fellow companies).

I imagine that guidelines would vary somewhat between companies.

One useful tip here is to use 3G/4G instead of wifi for sensitive internet interactions.
https://www.getsafeonline.org/business-news/business-travellers-warned-about-hotel-wi-fi/

Also consider getting a local pay-as-go SIM for 3G/4G
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 
LVL 90

Expert Comment

by:John Hurst
ID: 40496057
I keep a Nokia CS18 USB Internet Key in my briefcase. I like it, need it and use it, but it does not work everywhere (roaming issues) and is not free to maintain.
0
 
LVL 53

Expert Comment

by:McKnife
ID: 40496138
Helen,

there is no policy, no best practice. You need to be aware of the risks and then setup a policy based on what risks you see for your machines based on your usage scenarios.
--
Example: Your local firewall is on, no ports are open (default!). You are connected to some unknown WLAN and you go to your webmail (or use your local mail client) to receive important messages with attachments.
Now is that dangerous?

If you use https for the mail webclient (which should be the default), then the traffic is encrypted. If your mail client uses https, again encrypted. So nothing to fear.
--

But: if your machine is configured badly (no firewall active, local services have some ports, maybe the software listening on these ports is not even patched) then connecting to an unknown LAN is of course dangerous. But that has nothing to do with Wifi in particular.
0
 
LVL 90

Expert Comment

by:John Hurst
ID: 40496158
If you use https for the mail webclient (which should be the default), then the traffic is encrypted. If your mail client uses https, again encrypted. So nothing to fear.

Web sites sponsor bogus links with superb social engineering. When the traveler is in trouble and has no support, they click on "I can fix you problem" links and the machine is hosed. I have seen this more times than I can count.

@HelenIT  - see if you can provide some good alternatives. This means researching before travel.
0
 
LVL 53

Expert Comment

by:McKnife
ID: 40496160
John, your links are not specific to wifi, they can bee seen everyday, anywhere. I see no reason to discuss this here.
0
 
LVL 90

Expert Comment

by:John Hurst
ID: 40496169
Perhaps my point to is too obscure.

People work at home, have a problem, ask support and carry on.

People travel, have no prescribed internet capability, hop on to nearby wireless, have an issue, click on a help me link and machine is hosed.

Of course, this can happen at home and is not unique to Wi-Fi, but my experiences with clients travelling is like the above. We try to have known sites (including known hotels and businesses) where good Wi-Fi is available. It is pre-arranged as noted above. It is not perfect or universal, but it works a majority of the time.
0
 
LVL 5

Expert Comment

by:Sean Jackson
ID: 40496300
Never connect to a wifi spot you don't explicitly trust.

Disable your laptop/device from connecting automatically to saved SSIDs.

And here's a technique to find if there are rogue spots -- set up a bogus SSID in your wireless preferences.  If you see that SSID show up -- one you made up -- then you know someone is doing some spoofing.
0
 
LVL 53

Assisted Solution

by:McKnife
McKnife earned 300 total points
ID: 40496387
@Sean Jackson "Never connect to a wifi spot you don't explicitly trust." - this is too simple to be true. I work for a company close to the military. Our staff may use any WLAN they like and may transfer even classified data (NATO restricted) over it. This is no joke. Reason: the data goes out encrypted using a certified VPN. Not a single bit that leaves the machine is unencrypted (for those that want details: it's this: http://www.secunet.com/en/topics-solutions/high-security/sina/sina-workstation/ ).
So the only thing our road warriors have to look after is physical security (they may not use it in a hotel lobby where people can watch your screen, not on a train and so on). Now for people that are really interested: NATO restricted is not the same as NATO confidential/secret/top secret - that has other regulations.

Our staff may not use the company devices for private pleasure. If they like to surf websites, they are held to use their own devices, they cannot use the work devices to connect to anything but the VPN (it's technically impossible). However we are so kind to offer them live systems (readonly  knoppix) which they can use for their private pleasure (surfing) while travelling.

Now back to "Never connect to a wifi spot you don't explicitly trust." - you see, it depends. If your usage scenario can use VPNs, then you may very well use any wifi hotspot. If your scenario is checking mail via https - sure can you do this via any wifi hotspot, as long as you stay on your own machine.
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Suggested Solutions

Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
Find out what Office 365 Transport Rules are, how they work and their limitations managing Office 365 signatures.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now