Call us: +44 1442 780702
Blog Post
The Perils of Public Wi-Fi
- by Robert Knight
- •
- 23 Feb, 2017
- •
Staying safe when using public/guest Wi-Fi
With upcoming data protection legislation which significantly increases the fines imposed for data breaches, here are some tips which should help business better protect their employees, data and assets when travelling.
1. Apply a robust security policy to your laptops, tablets and other end user devices - be especially careful of firewall policies and ensure carefully applied outbound and inbound traffic rules are in place for these devices.
2. Use an always-on VPN which fails closed. VPNs are available which detect corporate networks and thus don't connect when they are on the LAN (often authenticating to an internal server to do so) so this can provide a very good experience for users in and out of the office.
3. If the VPN provides a public/guest Wi-Fi landing page (captive portal) function - investigate how this functions further. Does this simply allow ALL outbound traffic for a few minutes until the captive portal is remediated or is it a sandboxed browser built into the VPN client which still isolates the device?
4. Consider alternative ways of dealing with public Wi-Fi connections - portable mini-router devices such as ConnectSolve WLAN allow for the public Wi-Fi landing pages to be remediated (room number, code/voucher etc. entered to unlock Internet access) completely separately to the corporate device and once unlocked, one or more devices can connect through the device using a VPN etc. This allows for the most robust and secure end user device configuration.
5. Some public Wi-Fi connections don't support VPN protocols such as IPSEC - there are solutions around this issue which Losingthewires Ltd has successfully implemented and provided to customers enabling them to work remotely more reliably when travelling.
6. Ensure that default user accounts don't have administrative access
7.Where possible and supported by the operating system version in place, consider application execution control mechanisms such as AppLocker or use third-party products such as Lumension.
8. Patches! - keep the devices patched and consider implementing mechanisms which quarantine devices that aren't patched correctly.
9. Education - educate your end users about how to better identify rogue hotspots and work safely when working remotely
10. Overlooking - educate users on where they should and shouldn't be working on documents, emails etc. containing sensitive information
11. Public discussions - be careful when on the phone or talking amongst of colleagues - sensitive information might come up.
12. Speak to Losingthewires Ltd - we can help you with all of the above - drop us a an email with some additional information to info@losingthewires.com and we'll get back to you as soon as possible.
1. Apply a robust security policy to your laptops, tablets and other end user devices - be especially careful of firewall policies and ensure carefully applied outbound and inbound traffic rules are in place for these devices.
2. Use an always-on VPN which fails closed. VPNs are available which detect corporate networks and thus don't connect when they are on the LAN (often authenticating to an internal server to do so) so this can provide a very good experience for users in and out of the office.
3. If the VPN provides a public/guest Wi-Fi landing page (captive portal) function - investigate how this functions further. Does this simply allow ALL outbound traffic for a few minutes until the captive portal is remediated or is it a sandboxed browser built into the VPN client which still isolates the device?
4. Consider alternative ways of dealing with public Wi-Fi connections - portable mini-router devices such as ConnectSolve WLAN allow for the public Wi-Fi landing pages to be remediated (room number, code/voucher etc. entered to unlock Internet access) completely separately to the corporate device and once unlocked, one or more devices can connect through the device using a VPN etc. This allows for the most robust and secure end user device configuration.
5. Some public Wi-Fi connections don't support VPN protocols such as IPSEC - there are solutions around this issue which Losingthewires Ltd has successfully implemented and provided to customers enabling them to work remotely more reliably when travelling.
6. Ensure that default user accounts don't have administrative access
7.Where possible and supported by the operating system version in place, consider application execution control mechanisms such as AppLocker or use third-party products such as Lumension.
8. Patches! - keep the devices patched and consider implementing mechanisms which quarantine devices that aren't patched correctly.
9. Education - educate your end users about how to better identify rogue hotspots and work safely when working remotely
10. Overlooking - educate users on where they should and shouldn't be working on documents, emails etc. containing sensitive information
11. Public discussions - be careful when on the phone or talking amongst of colleagues - sensitive information might come up.
12. Speak to Losingthewires Ltd - we can help you with all of the above - drop us a an email with some additional information to info@losingthewires.com and we'll get back to you as soon as possible.
Tremough Innovation Centre,
Penryn, Cornwall,
TR10 9TA UK
01326 352042
info@losingthewires.com