From the course: Career Essentials in System Administration by Microsoft and LinkedIn

How to be secure in public places

From the course: Career Essentials in System Administration by Microsoft and LinkedIn

How to be secure in public places

- One of the challenges of being a sysadmin is going to be securing remote users. Securing them in their homes can be difficult enough, but securing them in public places can be next to impossible. Users will want to connect to Wi-Fi connections whenever they find them to get online, but public Wi-Fi is not secure. There are many helpful documents online that say this can be mitigated with a VPN, such as the one you use to connect to your office or a paid VPN service. But it's not true. By using an Address Resolution Protocol poisoning attack, hackers can steal your information before it even gets encrypted using free tools that can be downloaded from the internet. The hacker basically uses their own device as the new gateway, and they create a fake hotspot that users then connect to. The data is then stolen before it gets encrypted. Some anti-malware programs will try to detect these devices, but many times, the hacker can evade them. There is no safe public Wi-Fi access, period. You may think you know a way to make it safe, but let me say it again, there is no safe public Wi-Fi. What do users do when they're out and they need access for their laptops and tablets to the internet? They can either get a cell card for the device or use their phones as a hotspot. What that means is that if you buy a computer or tablet that has a cell card installed, then users can use that to connect to the internet much more safely than Wi-Fi. Or you can obtain a USB cell card to plug into their laptops. You can alternatively use a cell phone as a hotspot connected to the laptop or tablet. Be sure to have them use a tethered USB cord instead of connecting through Bluetooth from the phone to the computer, or the Bluetooth signal can be easily compromised. Have the users only access websites that are known to them and don't use any website where you need to log in to gain access to confidential data. Make sure they have passwords that are not the same as their bank accounts for these non-secure data sites. If the user doesn't want to remember a lot of complex passwords, and who does, they can use a secure password manager program so they can have single sign-on. Single sign-on allows you to use a global password, and then the other websites will autopopulate as needed. Be sure to add multifactor authentication, like a fingerprint, to use the master password. Wi-Fi in a hotel room is just as insecure as public Wi-Fi, so always use the cell phone plan to access the internet. Speeds are much better even using VPN, so there shouldn't be an issue with an up-to-date cell service for internet access. Another option is to use a connection to a remote desktop server at the office or in the cloud to conduct all business. You can set up multifactor authentication, and once logged in, the user will perform all work on the server and make it much less likely to be compromised. Make sure the default Wi-Fi settings won't auto-connect to any unsecured Wi-Fi as well. This is the default setting for many operating systems. Once again, I have to say that public Wi-Fi isn't secure and should never be used. Cellular Wi-Fi is marginally more secure, and work should be done using a VPN and possibly a remote desktop server to keep data safe.

Contents