Safest Way to Connect To Gmail in Public

If you connect to your Gmail account out on the road, use SSL encryption when you connect, the safest way to log in on a public network:

https://mail.google.com/

Use the "https://" (SSL) secure and encrypted protocol, instead of plain "http://" every time when you connect to your web mail on a public network. This also applies to any account where you have to log in with a user name and a password.

Web mail accounts include:

• Google
• Yahoo!
• MSN
• Your ISP's web mail pages.

Public networks include any Wi-Fi or wireless network that allows open access, even if you have to pay to get on. This includes places like:

• The airport (best to avoid at all costs -- prime snooping grounds for the black hats).
• Your hotel.
• Your favorite cafe, donut or sandwich shop that offers Wi-Fi access.
• The library.
• Your neighbor's unsecured or WEP secured network that you hacked into (if you can do it, so can someone else!)
• And so on...

Any place that offers open (not just free) access also offers that same convenient access to password snoopers, key loggers, and other malicious programs and black hatted hackers.

The Solution for Safe Surfing

To keep your accounts safe when using public networks, select either option:

1. Don't log into your accounts using a public network. Best yet, don't even fire up your laptop unless you are sure you are safe. (Yeah, right!)
   
2. Or, in the real world, always use a secure protocol to log in to any Internet accessible account. This means 100% of the time.
   

These secure protocols include:

• Web: SSL ("https://")
• Email: encrypted IMAP or POP
• Shell: SSH
• FTP: SFTP

For a moderately skilled bad guy, it's easy to capture Google log-in credentials over an open Wi-Fi network, by reading the cookies your browser sends to Google to authenticate your account.

So, you need to protect your log-in transaction, and encrypt (or scramble) the authentication cookie Google gives you after you log in.

SSL to the Rescue

Using a SSL connection protects all the traffic between your browser and the secure server. For example, to log into Google Mail, a web URL, using SSL, go here:

https://mail.google.com/

This way, all communication between your web browser and Google is encrypted using the excellent SSL encryption protocol. That's right, all you have to do is type in that "s" right between "http" and "://" -- how easy is that? It works with any web site that supports SSL. If your favorite web mail doesn't support SSL connections, it's time to find a new web mail solution.

When you connect using https, notice how your browser's address bar turns bright yellow, or that little lock icon appears in the lower right corner -- whatever your browser does, you should see a clear indication that you are using a secure SSL connection ... and also see when the web site you are visiting drops you back into regular "http" unencrypted traffic.

SSL won't protect your FTP transfers, or your Outlook or Thunderbird log-ins, either, but it does a great job protecting everything your browser sends and receives. Always use SSL when you need to log on to a public network.

Or just wait until you can plug in to log in. Most wired networks, even "open" wired networks at a hotel, for example, are much more secure than an equivalent Wi-Fi (wireless network). If you aren't sure if your wired network is secure, you can use HTTPS on that, too.

Surf safe,

Neil

Wireless (Wi-Fi) Networks Increase the Challenges of Internet Security

Like so many technologies before it, wireless TCP/IP networks (especially WiFi/802.11 networks) were implemented and marketed without much consideration for the increased computer security risks that broadcasting your network traffic to the world might entail.

As any code-breaker knows, one of the best ways to reverse engineer coded messages is to compare lots of these messages to find common patterns. Early WiFi security, specifically WEP encryption, fell to this well known technique, because it re-used encryption keys. As any spy worth his martini and Aston Martin knows, you should never reuse your encryption keys if you want to keep your secrets safe.

Yet, WEP did exactly this, so a patient hacker needs only to listen in on your WEP traffic long enough to discover the (reused) encryption keys. At least WEP prevents casual computer users with no expertise from logging into your network by simply posting up close enough to your base station to detect your WiFi signal. Just add a Pringles potato chip can to your setup, and you can detect Wifi signals hundreds of meters from the source. That's not a problem in any urban (and most suburban) areas.

In short, wireless networks have only increased the challenges of internet security by introducing a huge "back door" into your network. No longer do hackers need physical access to your network to steal your secrets. Nor do they have to defeat a well-secured firewall. Now, they can simply eavesdrop on network traffic beamed out into the ether by your new unsecured WiFi base station.

Over the next few weeks, we'll look closely at the different ways you can reduce computer security risks by implementing basic wireless internet security techniques. Stay tuned, or grab our RSS feed.

Wireless security

Wikipedia reminds us, in the entry for Wireless security, that for typical computer users:

there are a great number of security risks associated with the current wireless protocols, encryption methods, and in the carelessness and ignorance that exists at the user and corporate IT level.

It's not hopeless, though. Review the steps in securing a wireless network to get started on locking down your WiFi network.