`

Surf2Go

              Log in

                                            Chill out

ADD VALUE, DIFFERENTIATE YOUR VENUE

Offering Surf2Go access will distinguish you from your competitors by providing your customers with convenient, affordable Internet access, when and where they want it.  With Surf2Go, you can be up and running in just days! We provide the product - you collect the cash! Read more.

Data Security and Wireless Internet HotSpots from Surf2Go

Data security is a big concern for every mobile user.  More and more we hear about identity theft, data corruption, credit card fraud and online scams.  Everyone should be aware of the additional risks involved with using public access wireless networks and the steps you can take to avoid or reduce your risk.

What security concerns should you be aware of ?

  • Other users 'sniffing' of your web transactions as you browse the Internet

  • Attacks on your machine from another wireless user

  • Theft of your Surf2Go login username and password

  • Evil Twin Access Points

 

What measures can you take to avoid risks ?

  • Users 'sniffing' packets as you  browse the Internet

The term 'sniffing' refers to the practice of listening to traffic on a network that is not meant for you.  This is just as possible on wired networks as it is on wireless networks.  With a wired network - anyone at any point between the source and destination could potentially listen in to the transmission.  On a wireless network the sniffer must be within range of your machine.  For this reason encryption routines are regularly used on any web site that is handling financial or sensitive personal data.  You know you are accessing a site in encryption mode when a small closed lock appears at the bottom of your browser and the URL you are accessing begins with 'https' and not 'http'.  The protocol for this transaction is called SSL.

Secure Sockets Layer (SSL) is a cryptographic protocol to provide secure communications on the Internet. It is used during the login stage when you are gaining access to a Surf2Go HotSpot. This means that even though the initial login transmission between your machine and the access point takes place in a wireless environment, and is potentially open for any other wireless user to 'listen in', it is encrypted to the extent that no-one will be able to.

After you have connected to the network, ongoing traffic between your machine and the sites or applications you access over the web is not specifically encrypted unless the destination site or application includes some level of security.  Examples of this might be financial based web sites which will almost always include SSL in their transmissions, while search engines will not.

Therefore - be aware that transactions to non-secure web sites could potentially be monitored by unscrupulous users at any point along the path between the two machines. This is true of open wireless hotspots.

In the end - it is your responsibility to ensure the traffic passing from your machine to your destination web site is secured to your own requirements.  Corporate users will have VPN software, home users will rely on the SSL capabilities of the sites they visit.  Know the technologies and understand the implications.

  • Attacks on your machine from another wireless user

The threat of attack from another user is extremely low.  A machine connected to the Internet on a home DSL modem or cable modem is open for attack from hundreds of millions of other Internet users, a machine connected to a wireless Surf2Go hotspot is potentially open for attack from other Surf2Go users at that location - typically less than 10 at any time.

However - it is the users responsibility to ensure their machine is protected from any attempts to access it by unauthorized users.  We recommend a personal firewall software package such as ZoneAlarm.

  • Theft of your Surf2Go Username and Password

When you log in to the Surf2Go portal you provide your username and password. Be careful that passers by don't see this information as it has an intrinsic value.  Communications with the authentication system are done using a secure web site so once in transit your details are safe from harm.

 

  • Evil Twin Access Points

What is an “Evil Twin”? An Evil Twin, sometimes referred to as Wiphishing, is a potential security threat to users of Wi-Fi, predominantly in public hotspots. A hacker sets up what is called a “rogue access point” which mimics the characteristics of the network to which users expect to connect. Users unknowingly connect to the rogue access point and the hacker’s network instead of the intended network. The Evil Twin hijacks data, such as passwords, account information, credit card information, etc., and then connects the user to the Internet as intended. A sophisticated evil twin can even control what Web site appears when the Internet is accessed, often mimicking the intended starting Web site, for the purposes of capturing the user’s private information.

To date, there have been no reported large-scale incidences of Evil Twin attacks, but most network administrators have been aware of this theoretical threat for some years. Recent media coverage of Evil Twin threats has directed consumer attention to the matter, making users concerned about the problem and how they can protect themselves.

The Wi-Fi Alliance recommends that users of wireless networks exercise the same level of caution they’ve learned to use to avoid scams in the wired world. End users should change their passwords regularly, not respond to questionable e-mails, and look for secure connections. As Wi-Fi continues to grow in reach and popularity, consumers need to make some new simple security precautions a habit, like connecting through a provider that uses encryption with a list of trusted hotspots, using a VPN, and always enabling security within a home network. Also, users should make it a point to look for products that are Wi-Fi CERTIFIED for WPA™ (Wi-Fi Protected Access) or WPA2™ security.

Who is affected? Users of Wi-Fi in public hotspots should be aware of the threat posed by an “evil twin”. An evil twin can capture sensitive data, even through instant messaging.

How likely is this type of attack? In reality, the likelihood of attack is low but users should be cautious and use some fairly simple security precautions to avoid becoming a victim.

How can Wi-Fi users protect themselves from Evil Twin threats?

There are a number of other steps you can take to reduce your risk.

At Wi-Fi Hotspots, be sure to take at least one of these measures:

Only log-in to known hotspots using an SSL (https) connection. Your browser will typically show a lock icon at the bottom of the login page when you have a secure SSL connection. To be certain of the secure connection, check the digital certificate on the login page. You can do this in Internet Explorer by selecting File: Properties: Certificates. This will show the name on the digital certificate as backed by the Certificate Authority. These are very difficult to forge.

  • Use the VPN tool provided by an employer. If the employer does not provide a VPN, users can downoad a commercially-available VPN based on the IETF’s IPSec framework – there are a number of these available online. If you cannot make a successful VPN connection, there is a chance you’ve connected to a rogue network. You should disable your Wi-Fi card and inform your company’s IT staff, as well as the hotspot operator.

  • Connect through a hotspot service provider that provides a list of trusted hotspots

  • Disable your laptop’s Wi-Fi card unless you are planning to use it

 

 

Surf2Go
30a Lough Road
Ballinderry
Co. Antrim
support@surf2go.com

Venue Owners - Promotion

Sign up for a HotSpot in a Box and we'll give you 100 pounds of free scratch cards - sellable over the counter.
Legal