Reducing the Risks of Public Wi-Fi
New virtual private network offerings can reduce the risk of data loss and attacks when working on open networks.
December 13 , 2011
It’s becoming increasingly popular for enterprises to let employees use their own mobile devices—smartphones, tablets, even laptops—for work. But what are the risks when workers connect those devices to Wi-Fi hotspots? Significant, especially for the unwary.
On most public Wi-Fi networks, information sent to and from a mobile device is unencrypted. Anyone with a laptop and easily obtained sniffer software can access all the data moving over the wireless network.
Users may also connect to rogue Wi-Fi access points that can monitor the content of all transmissions. Neither is a huge problem for people streaming a movie from Netflix, but it certainly can be if they are doing business research or moving sensitive documents. Any unpatched vulnerabilities or other security holes can also be exploited by others on the same local network.
Certain kinds of transactions are always encrypted, even on open networks. This includes any website with and HTTPS address, often indicated by laptop browsers turning all or part of the address green. Email sent and received can also be encrypted through a setup option if the mail server supports it. (Microsoft Exchange mail is always encrypted.)
The traditional corporate solution for remote or mobile works has been the virtual private network (VPN), which creates an encrypted “tunnel” trough the public Internet between the user’s PC, phone, or tablet and a server inside the enterprise firewall.
Despite providing excellent security, VPNs have a number of drawbacks. They can be expensive and complex to set up and administer, especially for smaller organizations with limited IT expertise. They can also be tricky for users, who may have to switch back and forth between VPN and standard connections. And depending on how the corporate network is configured, the VPN may provide access to the internal network, but limited or no connectivity to the public Internet.
These problems are magnified by the bring-your-own-device (BYOD) trend to workers using their own. Problems that were manageable on a homogeneous collection of company-owned devices become much more difficult when dealing with an assortment of devices with different operating systems and different security capabilities.
One solution is to have corporate users connect to public Wi-Fi networks using public VPNs. These are less secure than corporate VPNs since they provide encryption only from the device to the service provider, not all the way through to the corporate network. But they do protect the most vulnerable zone, the Wi-Fi link and associated local area network.
Boingo, a leading provider of public Wi-Fi access, will begin offering VPN service for Windows, Macintosh, Android, and iPad and iPhone, early next year. It will be free to Boingo subscribers and will work through the standard Boingo login app and will provide encryption on both free networks and the premium networks covered by a Bongo subscription. IPass, a more enterprise-oriented service that, like Boingo, provides subscription access to a variety of paid Wi-Fi networks, also offers a VPN option.
Transmission of the most sensitive information from mobile devices is probably best reserved for end-to-end enterprise VPNs. But for the normal run of communications, these services can add a healthy measure of security.