From: Ohio.com

Be cautious in using computers in public places

Controlling personal finances online is becoming more common. You can pay a bill, go shopping or check your various account balances.

But people using computers in public places such as Internet cafes and libraries may be inadvertently exposing themselves to identity thieves.

Here's what you can do to protect your identity:

• Be aware of your surroundings. Think about how you act while withdrawing money at an ATM -- take note of anyone loitering near you or taking an obvious interest in your actions.

• Check the computer and keyboard. Pieces such as your mouse or keyboard should connect directly to the computer, rather than via a separate device. Identity thieves use these devices to record keystrokes and steal information.

• Limit your public computer use. Avoid using public computers to make financial transactions or to check bank accounts.

• Don't e-mail sensitive information from, or read it on, a public computer.

Louis van Wyk, Auckland

AN innocent-looking cafe may harbour a nest of fraudsters, identity thieves and other miscreants, security experts warn.

Although companies may think they have taken all the right steps to secure their networks, they could still be vulnerable if their employees access wireless hotspots, such as those at a local cafe.

In a report issued by security vendor Fortinet, Richard Hanke, US-based vice president of product management, says most mobile users do not realise that once connected to a wireless hotspot, they become a member of a connected community of users - most or all of whom are strangers.

And he warns this poses significant security risks as there is often little or no control of what can pass from user to user via a wireless access point, and that can have disastrous consequences.

“A hapless, latté-sipping web surfer can easily become infected with a virus or worm that has been picked up by a neighbouring user,” writes Hanke.

But he says the real damage occurs when the newly infected user returns to work and connects to the organisation’s wireless access point.

A worm picked up during the coffee break can then race unhindered into corporate networks and could cause significant damage.

“That innocent cup of coffee just cost your company thousands of dollars and sent you scrambling to clean the network,” states Hanke.

Local security guru Tony Krzyzewski, managing director of Kaon Technologies, says the risks posed by wireless cafes are no different to those faced with any other method of connecting to the internet.

Although the risks can be reduced by basic security precautions, Krzyzewski warns that portable computers are one of the most common carriers of threats into corporate networks.

“Which is why it is absolutely essential to have a personal firewall, spyware control and antivirus up to date on portable computers,” he says.

But John King, managing director of Auckland security specialist Expert Solution Providers (ESP), says wireless networks are dangerous because they are a shared medium.

“If users are not sitting in their own WLAN [wireless local area network] or using encryption to talk from the client to the access point, then all the traffic is visible to all the users,” he says.

“You would need nothing more complicated than a copy of a serial freely available on the internet to capture packets.”

Meanwhile, Hanke warns once a user is authenticated and connects to a wireless access point, the wireless channel - even if encrypted - can easily deliver content threats into the wired network, from inside the organisation’s typical perimeter defences such as a firewall.

King says many wireless hotspots are not based on a meshed network where the user is dropped in a WLAN with a sign-on and an encrypted link.

“A lot of wireless networks are easy to set up. The problem is control of access points. Most internet cafes spend $149 on an access point, which gives you nothing in terms of security,” he says.

By using tools freely available on the internet, King says, hackers could access a wireless network’s SSID (service set identifier) - which uniquely names that network - in 45 seconds, and bypass filters on access points in five minutes.

This leaves users open to virus or worm infections and denial-of-service attacks, while sensitive data can be intercepted.

“A personal firewall will prevent other people from getting to you on that wireless network, but it won’t prevent your traffic being grabbed,” he says.

Krzyzewski says that although organisations know of these dangers, there is still some room for improvement in how they protect themselves.

“The majority of organisations are aware of these risks - how they actually control them varies dramatically,” he says.

“We always recommend you put adequate protection on the remote machine and if those machines are connecting to the corporate network you put adequate defence and authentication methods in place to protect the connection back into the organisation.”

Krzyzewski and King agree with Hanke that multiple layers of security - residing at the network gateway, on internal servers and on individual clients or endpoints - are required to offer complete protection, while education is the first step in establishing all those barriers of security. From Reseller News New Zealand.