As I have mentioned previously, I travel a lot for work as a sales engineer. I am all over the US visiting customers and most of my stays are at least one night, if not for close to a week. That means I spend a lot of time in hotel rooms and working on both personal and business matters with a need for Internet access. I know that many of our readers are aware of the dangers of connecting to hotspots, but I wanted to go over some of my concerns and what I have done to better protect my usage while traveling. I’ll start with some of the concerns and then go over the steps I have taken using open source software at home and some cheap hardware I purchased from eBay to set everything up.
Any time we connect our laptops, phones, tablets, or other devices to unknown sources of Internet access, we open ourselves up to many unknowns. First, there are privacy concerns since we do not own the access point or have any control over what is monitored, captured, or saved. Secondly, there is no way to account for other users on the network and what they might be doing which could have an effect on us. Lastly, there are people who frequent hotels and utilize WiFi hotspots as a vector for attack on unknowing victims. Most hotels are not monitoring for this malicious activity and many hotels do not even manage the WiFi access they provide as they often sub this out to a third party. Knowing this is half the battle, but we need to really understand the dangers present.
With regard to privacy concerns, it is important to know that any time you are on someone else’s network, there is the potential for them to sniff your traffic, and possibly even record it. This is not only a concern because we want our business to stay private. If hotel organizations or third parties are looking at your traffic, there is the potential for them to see private information and proprietary company information if you are working for business. For those who are not aware, tools exist that allow an attacker to view the traffic flowing across a network. Nowadays, much of the traffic between our systems and internet hosts are encrypted, but there are still protocols in use by software on your computer that are not protected in any way, allowing prying eyes to see personal information. Therefore, it is necessary to be aware of that fact and take measures to protect your traffic when utilizing these services. It is key to remember that many of the utilities that allow attackers to view your traffic are not difficult to come by. Most are free software available for download on the Internet.
Another issue with hotel WiFi is the users with whom you are sharing the connection. There is no way to account for the user base within a hotel. For instance, attendees of various hacker conventions within the Las Vegas area have repeatedly been hacked by guests in their hotels. When you have a large group of hackers staying at your hotel, you have to assume someone has malicious intent, or at the very least, an interest in playing around and looking at others’ traffic. There are ways to protect your traffic, which I discuss in a moment. When it comes to Internet security, I am always of the mindset that there is always a way for someone to gain access because network devices are running software, and software is prone to vulnerabilities. So, even a solid VPN might be vulnerable to attack. Even so, it is best to take measures to protect yourself as best as possible. Many people have told me that they do not use a VPN when connecting to hotel WiFi and they aren’t concerned with what people see because they are only using the Internet for personal reasons and there is nothing to hide. I certainly understand where they are coming from, but why not protect yourself from prying eyes if there is a way to do it?
What I have done in an effort to protect my traffic is to employ the use of a hardware firewall at home which provides a VPN service for me to connect to. In this way, I am only using the hotel WiFi as a connection point to my VPN and everything I do while connected to my VPN is encrypted, at least between my hotel room and my firewall. One thing to keep in mind is that many VPN implementations will provide encryption for communications between devices on the remote network and the office, but not route all traffic through the VPN. For instance, accessing your server at home or work might be protected, but web browsing would go over the non-encrypted hotel WiFi. This is usually a setting or configuration that can be changed. In my case, I have a routing statement on my VPN client which forces all traffic across my VPN. This makes my remote workstation a virtual part of my home network allowing me to see everything that is happening, including the ability to proxy my web traffic and get a breakdown of all sites I have accessed while away.
I am using pfSense, an open source firewall as my VPN device. It is also providing a myriad of services to my home network, and by extension, my remote devices. pfSense is not only my firewall, but is also providing intrusion detection service (IDS), DNS, as well as active protection by blocking offensive IPs attempting attacks on my network. pfSense is available as a free download for non-commercial use. All of the features I have mentioned are at no cost to you, other than the procurement of hardware. I purchased an old quad core business computer used from eBay for $200. I only needed that much CPU to allow for the monitoring of a 600MB/40MB connection. The site lists the hardware required for different bandwidth sizes. If you are not using all of the features, you could downsize that hardware, at least from the CPU perspective.
Having said all the above, I would like to say that we are all still at the mercy of our ISP. Even though I route my traffic through my home firewall, all my Internet traffic still rides the pipes of my ISP and I am at their mercy as far as what they monitor, block, allow, etc. I think it is best to protect ourselves as much as possible. For me, this setup was not very expensive and took very little time as pfSense does most of what I need out of the box. I would like to hear your thoughts on the subject and what you are doing to protect your traffic when traveling.