Many endpoint security solutions protect laptops and remote client tools only when they are connected to the network, leaving these devices open to malicious attacks and data interception. Implementing a comprehensive approach to endpoint security can mitigate the risks of theft, malware, and other vulnerabilities to increase data protection and help your company avoid the consequences of information loss and leakage.
Same goes to stealing information while you are accessing your personal information from public hotspots what so called " Evil Twin" attacks. In this scenario a hotspot user connects to the "Evil Twin" wireless access point, believing it to be a legitimate commercial hotspot. Once connected the hacker impersonates a legitimate hotspot, and records all information entered into the web page, which can include your passwords, emails or worse credit card information.
This concept is very similar to the email "phishing" scams, where a message is sent to users tricking them to enter confidential information, such as bank account information or other sensitive username and password combinations. The process of tricking someone to voluntarily provide confidential information has been used for years in a variety of forms; more generally it is known as "social engineering".
Every wireless device that is Wi-Fi enabled actually makes the hacker's job even easier. Every device continues to "probe" for access points it has been connected to in the past. If the Wireless Connection manager in Windows XP sees a legitimate SSID it will automatically re-connect to that access point. All the hacker has to do is give his soft AP a default SSID, such as "linksys", "boingo", "home" or "public" and the laptop will automatically establish a wireless connection without any required user action.
How to avoid?
1. Check you WIFI setting and choose in in your Windows Wireless Connection Manager that the wireless card can only use "infrastructure mode" (instead of "any"), which will disable the ad-hoc mode. Ad-hoc mode allows other laptops to directly connect to yours. While this may seem convenient it presents a significant security risk to your computer.
2. Use VPN
3. Update Windows update SP2
4. Get personal Firewall
No comments:
Post a Comment