Security professionals at UI caution students to remain secure on public Wi-Fi
In a digital age, everything is easier and more accessible, but that isn’t always a good thing. Students and others should take appropriate security measures on unsecured public Wi-Fi in order to protect their safety and security, said Nathan Flynn, a security professional with the University of Idaho.
Flynn said it’s important to identify public networks as “public” instead of “home” on your computer. He says that setting it to “home” can lead to dangerous security vulnerabilities.
“On a Windows computer … when it first connects it asks you what you’d like to set it as,” Flynn said. “The reason that’s an issue is because the difference between the two, with a public network your computer automatically locks down and doesn’t accept incoming connections unless you specifically tell it to. Whereas a home network, it will be accepting of connections.”
Flynn said the connections allowed on a network set as “home” open up dangerous security vulnerabilities on a public network.
“So, they can do what’s called an SSH connection, which would allow them to run … all these different password recovery tools that they could run on your computer remotely,” Flynn said. “That would not only give them just regular access. They could use that to get the admin password for the computer and then … they’d be able to run commands to the computer, which would allow them to install things in the background, open windows, close windows.”
Flynn said that this is particularly relevant because some local apartment complexes have been offering their tenants free Wi-Fi, but failed to mention that it was unsecured public Wi-Fi.
“They provide free Internet in the lease, but they fail to mention that it’s just a free public Wi-Fi that they offer and it’s not very secure,” Flynn said.
Flynn said even when you use unsecured public Wi-Fi set to public, the information you send isn’t secure unless it’s encrypted, and he recommends using an encryption service or VPN to protect yourself or not sending sensitive information while on an unsecured public network.
“One thing that I can recommend is that the university does provide a VPN that can be used for that purpose,” Flynn said. “You have to email the help desk, and then you have to get added to an access group and they’ll give you instructions on how to do it.”
As for what this means for the networks on campus, Flynn said that Air Vandal Guest is a public network that falls under these recommendations, but Air Vandal Gold is about as secure a network as it is possible to get.
“As it is a network it is inherently insecure, but comparatively to other networks it is one of the most secure networks that you’re going to find,” Flynn said. “The university’s network has to meet … the base requirements of your Internet service provider … an education facility and a medical facility, and that’s just the base legal requirements. We go above and beyond that.”
Corey Bowes can be reached at [email protected]