Wireless Week – “Free Public WiFi” to Avoid

This week I am planning to pass along a bunch of tips for using wireless networks more securely.  This first article was suggested by an article I read in IT World, and another article that they recommended in WLAN Book

If you have been using public wireless networks for any length of time, you are familiar with networks that are broadcasting a SSID (Service Set Identifier or network name) of “Free Public WiFi”.  Many of these networks are actually being broadcast by other laptops in the immediate area, and connecting to them not only does not get you to the Internet, but it creates some security issues for you as well.  Some of these people may in fact be hackers attempting to get into your PC, but most are simply normal users who are blissfully unaware that their PC is trying to act as an access point.

The way that this happens is described more completely in the articles that I lined to earlier, so I won’t attempt to duplicate their work it here.  Basically the Windows Wireless Zero-Configuration Utility searches for available networks, looking first for “infrastructure” networks, which are wireless access points with a direct connection to the Internet.  Then it looks for “ad-hoc” networks to connect to.  Here is the tricky part – if it does not find a network, it will set your computer up as an ad-hoc network.  Oops!.

Other ad-hoc SSIDs you may have seen are linksys (although this can be an access point set up with default settings and unsecure), hpsetup, tmobile, and default.

The easy fix is to set your wireless connection so that it only will connect to infrastructure networks (access points).  Here is the process:

  • Click on the Wireless option in the System Tray and open the Wireless Network Connection window.
  • Click on “Change advanced settings”.
  • In the Wireless Network Connection Properties window, click on the Wireless Networks tab.
  • Click on the Advanced button.
  • Click on “Access point (infrastructure) networks only”

0

About the Author:

I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com

Add a Comment


This site uses Akismet to reduce spam. Learn how your comment data is processed.