With the popularity of free public WIFI new precautions need to be taken when using your mobile device on the road free public wifi is a great public service but it can come with severe security risks
In this post I will show you how to protect your connection on a public wifi connection using free and paid for vpn services
To setup up a vpn connection you can use one of two ways
1.) Sign up for a VPN service
2.) Host your own VPN server or VPN router
But before we go into how to do it lets go over some of the security risks you can be exposed to when using a public wifi network
some of the security risks you would find on a public wifi is a lack of security measures to prevent accounts mac spoofing , packet sniffing for example since all of the computers are on the same broadcast domain and are all on the same network a hacker with a packet sniffer would be able to scan the open unencrypted wifi connection for packets over the air for example an application called driftnet would allow an attacker to scan the air for an open wifi connection and listen for tcp streams to contain jpeg images and display the content in a terminal window for the hackers viewing
Worms’s hackers with a laptop or device that hosts a worm can spread the worm and its payload through the network and infect the hosts attached to the network
Router security if you go to a small mom and pop cafe that is offering free wifi by simply ordering an internet connection and using a store bought router with default settings which happens more than you might think could allow an attacker to take it upon themselves to setup rouge dns server in the routers dhcp settings and would make all hosts connect to the infected dns servers which can then be used to hijack unsuspecting users connection and redirect to phishing website and malware sites etc. also a hacker can redirect certain networks and poison the routers routing table
VoIP security if you make a VoIP call it can be possible for an attacker to packet sniff on the wifi connection and record you voip call if your voip is unencrypted
The above are the most common there are of course may other threats that a host can be susceptible to on a public wifi connection
How does VPN secure my connection?
Vpn technology provided a virtual connection between your computer and you network a virtual encrypted tunnel is established over the internet which can be encrypted in many ways the most popular of ways are
PPTP encryption or IPsec VPN is a client server type connection which means that some servers require their own client software in order to connect for example OPENVPN uses its own client software tp connect but some vpn server don’t require a separate client software usually if you use l2tp windows/Linux/mac have a vpn client built in that is compatible with this type of connection
With a VPN connection your computer is essentially put on the network the vpn is hosted on which means you can access all of the networks resources for example shared drivers and printers
as the vpn connection is encrypted all of the traffic to and from the network and the host cannot be intercepted if you were to use a packet sniffer to sniff out a computer using vpn all you would see is l2tp traffic no matter what the traffic really is for instance if you were ion a VoIP call the the sniffer would not see the call in progress which is very useful in protecting yourself over a public network also if for instances someone did hijack the public wifi routers dns you would not be affected as the dns servers you would be using would be the ones on your network and not the public networks
How to use VPN
Ok so now we know public wifi is not safe and now we know how to protect ourselves let’s put it into practice
1.) subscribing to a vpn service
This way is the simplest of all however you lose on the benefits of accessing your home/business networks
Resources like your shared drives but you gain the aspect of speed and resilience of the company’s vpn servers
Some examples of paid for vpn services are
www.hidemyass.com
www.accessvpn.com
www.blacklogic.com
some of these services need their own client software to be installed I have personally used hide my ass and blacklogic with hide my ass you dont need software installed in order to use it and they have been very stable when i have the need to use it i have since moved on to hosting my own vpn
2.)
setup cisco ios router as vpn server
setup windows 7/vista as a von server
setup openvpn for windows/linux
the first way i feel if you have a cisco router using ios for your gear as i do is the best way
your router is serving 2 purposes for you in the same device and is fairly easy to setup follow these commands to setup a vpn server on your cisco ios router
conf t
vpdn enable << enables vpn service
vpdn-group 1 << creates a vpn group
accept-dialin << accept incoming vpn connections
protocol pptp << enables the pptp encryption type
virtual-template 1
end
ip local pool VPN ip pool 192.168.1.10 192.168.1.15 << allows 5 vpn connections at one time
conf t
interface virtual-template 1
encapsulation ppp
peer default ip address pool test
ip unnumbered FastEthernet0/0 <<< use your wan interface
no keepalive
ppp encrypt mppe auto
ppp authentication pap chap ms-chap
end
conf t
Username your username password your password << create a vpn username/password combo
end
Use windows 7 as a vpn server
you can follow this YouTube video which illustrates this
http://www.youtube.com/watch?v=1s5JxMG06L4
Use open vpn as a vpn server
http://www.youtube.com/watch?v=GT6pANoZ4Jg
Things to remember when hosting your own vpn server
while hosting your own vpn server is an awesome way to gain experience in managing vpn services and the accomplishment of setting up something yourself for free in most cases you also need to know that your connection speed can hinder your performance and in some cases it would be better to sign up for a paid for service if you have less that 1mbps upload your internet connection when using the vpn connection will be slow because the information would need to be sent from your network to your device and if your upload is slow your connection can be hindered this may not be noticeable if all your doing is surfing the net though so i would definitely give it a try first
Thats all for this post
if your have any questions/comments/suggestions
please let me know
till then stay secure !!!