Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

8 Things Users Do That Make Security Pros Miserable

When a user interacts with an enterprise system, the result can be productivity or disaster. Here are eight opportunities for the disaster side to win out over the productive.
7 of 10

Connecting to Unsecured Public WiFi
In 2020 there's no mystery left to the question of whether connecting to an unsecured public WiFi hotspot is a bad thing. It is a very bad thing. That doesn't keep lots of employees from enjoying their double-shot latte with a side of data theft. The real question is where on the hierarchy of threats you place this free service. For Ragland, it's a limited threat.
'The advent of TLS, and the push for all traffic to use it, not just sensitive data, has effectively mitigated SSL stripping,' he says. 'This prevents attackers from reading or modifying data in transit. Many sites also now use HSTS (HTTP Strict Transport Security) so no HTTP connections can be permitted.'
Still, says Nachreiner, employees need to pay attention to unsecured WiFi and use best practices for their connections. 'There are six very common attacks that public WiFi is subject to, and Evil twin, rogue clients, and rogue access points are all there before authentication even happens,' he explains. And the advent of easy-to-download hacking kits takes away the technology barriers to launching such attacks. 'Today, a trained monkey could do an evil twin attack at a Starbucks,' Nachreiner says.
Preventing problems from unsecured WiFi takes many forms, from providing mobile employees with wireless hotspots, to requiring VPN use by policy, to making sure that every enterprise website is protected through encryption. Put them all together, and the interaction becomes less dangerous -- assuming you can convince employees to use the technology.
(Image: Suwanmalee VIA Adobe Stock)

Connecting to Unsecured Public WiFi

In 2020 there's no mystery left to the question of whether connecting to an unsecured public WiFi hotspot is a bad thing. It is a very bad thing. That doesn't keep lots of employees from enjoying their double-shot latte with a side of data theft. The real question is where on the hierarchy of threats you place this free service. For Ragland, it's a limited threat.

"The advent of TLS, and the push for all traffic to use it, not just sensitive data, has effectively mitigated SSL stripping," he says. "This prevents attackers from reading or modifying data in transit. Many sites also now use HSTS (HTTP Strict Transport Security) so no HTTP connections can be permitted."

Still, says Nachreiner, employees need to pay attention to unsecured WiFi and use best practices for their connections. "There are six very common attacks that public WiFi is subject to, and Evil twin, rogue clients, and rogue access points are all there before authentication even happens," he explains. And the advent of easy-to-download hacking kits takes away the technology barriers to launching such attacks. "Today, a trained monkey could do an evil twin attack at a Starbucks," Nachreiner says.

Preventing problems from unsecured WiFi takes many forms, from providing mobile employees with wireless hotspots, to requiring VPN use by policy, to making sure that every enterprise website is protected through encryption. Put them all together, and the interaction becomes less dangerous -- assuming you can convince employees to use the technology.

(Image: Suwanmalee VIA Adobe Stock)

7 of 10
Comment  | 
Print  | 
Comments
Newest First  |  Oldest First  |  Threaded View
Flash Poll