How to secure a public Wi-Fi

how to secure a public Wi-Fi ?

As we explained to you in the last infographic, data piracy has increased last years years and cybercrime became more and more professional. However, there are ways to block threats and protect users’ activities. So it’s not up to the user to take care of protecting himself from the dangers of public Wi-Fi. It’s up to Wi-Fi provider to make sure their connections are 100% secure. Heavy financial penalties are applied if an establishment does not respect the law.

Who is responsible for securing the public Wi-Fi network? If you have installed one or more Wi-Fi access points in a public place or in your establishment, you are considered an Internet Service Provider (ISP). As an ISP, the Hadopi law oblige you to secure your Internet network to prevent any illegal activity.

How to secure a public Wi-Fi network ?

Rename SSID

There are different ways. Choosing a specific network name (SSID) for guests to help them to easily recognize the network of the establishment, is a first solution to secure the network. Some hotspots are indeed fake. In other words, these are real hotspots but they are created by hackers who make their network look like an official one. The hackers became then administrator of this network, and they can scan all information exchanged on the wireless zone. To be sure that the hotspot to which you are about to connect is the right one, do not hesitate to check the authenticity of the network with the supposed owner (restaurant owner for example).

Separate professional Wi-Fi and guest Wi-Fi

It is also possible to separate the professional network from the guest network. For example, a company will offer a Wi-Fi network to guests that will be different from the one offered to employees working there. The company may choose to hide the internal SSID: this network will not even appear to visitors looking for a surrounding Wi-Fi network.

Use a captive portal

A captive portal is a solution for securing Wi-Fi. A captive portal is first an additional evidence testifying to the “official” nature of the Wi-Fi network of an establishment. The captive portal is designed with the colors of the establishment and users can generally find information about the establishment. This is the first way to ensure that you connect to the “official” Wi-Fi network of the establishment, and not its malicious clone (as explained in our third paragraph). The captive portal allows Wi-Fi users to authenticate and connect to a Wi-Fi via the creation of guest accounts. Each Wi-Fi user is registered and has unique ID. The encryption of authentication flows is done through the use of the HTTPS protocol. This primarily ensures that user-transmitted data, such as passwords, is not hacked by another malicious user.

The captive portal allows you to choose the type of authentication. Several authentications are possible:

  • simple without information to provide
  • simple with information to provide (email address, name, first name)
  • login via social networks
  • vouchers or sponsorship system
  • authentication via recognition of the MAC address.

For example, a company can only allow employees’ computers (recognized by their MAC address) to connect to Wi-Fi. The level of security is thus considerably increased. 

Iphone with an example of captive portal

Did you like this article ? Read more article every week on our Linkedin page. Follow us to get information about Wi-Fi Hotspot Market. Click on the logo bellow to follow us.