Jim LaBarr and I had a fun opportunity Thursday afternoon, even before Jim had to get down on his knees. Margaret Salyers (our Church IT Podcast Transcriptionist, who is now on LinkedIn, by the way) was in the office for help with some wireless basics. We took advantage of the opportunity to train her a bit, and at the same time, review some of our basic training ideas. One of those areas where we've been week is in teaching our staff the basics of "the wild Internet" safety.
We went through a whole lot of things -- how to establish a connection to the AP, why an unsecured connection isn't necessarily a bad thing, why ALL connections are potentially bad things, and overall the steps to go through to make a reliable connection.
Throughout this process, I kept pushing the point of being a "little" paranoid when making wireless connections. Now my question for all: how risky is an "unknown" wireless connection? If I go into a coffee shop, and find an SSID of "FreeWireless," how concerned should I really be? And...what are the defenses? I have some thoughts, but I'd sure like to hear others comment. Also, I know the vast majority of wireless users in the world are nowhere near as paranoid as I am, and I rarely hear of disasters. Should I quit worrying?
The internet is kind of like a rattlesnake, you only have to get bit once to be in serious trouble. That said, it's better to be a little paranoid and maintain vigilance than it is to be blissfully unaware and risk getting bit by something you didn't know had teeth.
Posted by: Josh | May 16, 2008 at 11:39 AM
I see "Free Wireless" ad-hoc (not access point) connections all the time, especially at conferences or busy hotels. I'm not sure what that means, but I try to educate my clients on the difference on the icons between an ad-hoc and AP and to steer clear of the ad-hocs. I'm guessing there were some people who created an ad-hoc to bait some computers to connect to them.
Posted by: Daniel Koster | May 16, 2008 at 03:35 PM
Well firstly I would ensure my AV is up to date and that my personal firewall is running.
Secondly I'd either use a VPN from one of the many out there - perhaps one of the easiest is I've seen is from WiTopia (www.witopia.net). Failing that use a sandbox to do your surfing and don't do anything that requires a secure connection such as banking or shopping.
I don't see any of this as paranoia but if using that word helps folks understand it is serious business then ok.
Posted by: Stuart | May 17, 2008 at 07:49 AM
Never quit worrying about security, especially wireless security. There is the risk of potentially stumbling across an Ad-Hoc wireless network that is really someone else’s laptop (not a real wireless) and they down load a virus or Trojan that steals your identity or worse yet the database or spreadsheet of member information that you have stored on your laptop. I guess I am quite paranoid when it comes to security and protecting my identity.
Posted by: Rob Thrush | May 25, 2008 at 06:39 PM