Nine Tips for Securing Mobile Devices When Traveling

Thursday, March 03, 2011

Headlines

69dafe8b58066478aea48f3d0f384820

Logan Kugler of PCWorld writes about his experience with being "Firesheeped" on a recent trip from California to Florida. Firesheep is a FireFox extension can harvest login credentials on unencrypted Wi-Fi networks.

Kugler's Facebook credential were intercepted, and he was later notified that someone in Chicago had logged into his account.

He interviewed information security expert Joe Nocera of PricewaterhouseCoopers and others to compile nine tips on locking down your mobile devices (iPads, smartphones, laptops, netbooks, etc.) when traveling.

The following are brief excerpts from the list of suggestions for protecting your mobile devices and yourself:

1. Make sure your software is up-to-date. The first line of defense, says Nocera, is making sure that all your software is up-to-date. "Almost every release of software patches a number of security vulnerabilities that are out there," he says...

2. Employ strong passwords. "Be sure to use some combination of letters, numbers and/or special characters of 8 characters or more," says Jeremy Miller, director of operations for Kroll Fraud Solutions. "Avoid using dictionary words. Instead, [use] acronyms for things like favorite songs, restaurants or other items known only to you...

3. Don't mess with the security settings. Nocera notes that most of the default browser settings in Android, iPhone, and Blackberry phones are fairly secure out of the box. "I recommend not going in to change browser security settings--they're pretty good already," he says...

4. Avoid unencrypted public wireless networks. Such Wi-Fi networks require no authentication or password to log into, so anyone can access them--including the bad guys. In some cases, bad guys set up an open network to snare unsuspecting people... Even encrypted networks, though, have risks... so be cautious about the sorts of things you do on such networks. [And] turn off Wi-Fi when you're not using it...

5. Paying to access a Wi-Fi network doesn't mean it's secure. Access fees do not equal security. Just because you pay a fee to access a Wi-Fi network doesn't mean that the network is secure...

6. URLs beginning with 'https:' are safer (but not foolproof). The s in https means that you're connected to the site via the Secure Socket Layer (SSL). In layman's terms, this means that all data transmitted to that particular Website over the Internet is encrypted. SSL is not foolproof though: If you're on an unencrypted network connection, you may still be subject to man-in-the-middle (MITM) attacks...

7. Use VPN. If you have access to a VPN (virtual private network), use it. A VPN provides secure access to an organization's network and allows you to get online behind a secure layer that protects your information...

8. Turn off cookies and autofill. If your mobile device automatically enters passwords and login information into Websites you visit frequently, turn that feature off. It's convenient, but it can also be a privacy threat...

9. Watch your apps! Nocera cautions, you should be selective about the apps you download, particularly in the Android market, because "the Android app market is a little bit more open"... Make sure that you trust the developer and have taken the time to review some of comments...

For the complete explanation behind each of the nine tips, see Kugler's article at PCWorld:

Source:  http://www.pcworld.com/article/218671/9_ways_to_keep_your_mobile_devices_secure_while_traveling.html

Possibly Related Articles:
11520
General
Encryption SSL Mobile Devices Smart Phone firesheep Headlines WiFi Travel
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.