SaferVPN says it takes the risk out of using public Wi-Fi connections
This column is available in a weekly newsletter called IT Best Practices. Click here to subscribe.
Bring-your-own-device (BYOD) has become a fairly standard practice in most businesses today. Who among us hasn’t pulled out their cell phone to do a quick check of company email while killing time in a restaurant or a checkout line? The prevalence of public Wi-Fi makes it so easy to connect and tend to a little business while on the go.
Many people look at public Wi-Fi as a convenience, or even as a requirement, when choosing where to spend time and money. Look in the window of any coffee shop today and count how many people are engaged with a laptop, tablet or mobile phone. How many of them would still be there if the shop didn’t provide free Wi-Fi?
Despite the convenience, public Wi-Fi can be risky unless security precautions are taken. Many people have a sense that it’s not quite safe to use an open Wi-Fi connection, but they figure it’s worth the risk since they’ll only be connected for a few minutes. The fact is, an attack using public Wi-Fi can happen in just a few seconds.
Here’s a sample of some of the common dangers that lurk in the public airwaves:
- Sniffers – Sniffing software, which is readily available to anyone, enables a hacker to passively intercept data between the user’s web browser and web servers on the Internet.
- Sidejacking – An attacker sniffs the packets to steal session cookies from the websites a user visits. Cookies often contain usernames and passwords in unencrypted form, which can be used to takeover a user’s session to steal valuable data.
- Evil Twin – This is a rogue Wi-Fi access point that appears to be legitimate, but which has been set up to lure users and eavesdrop on the traffic passing through. It’s the Wi-Fi equivalent of a phishing scam.
- Rogue networks – These ad hoc networks promise to provide “free public Wi-Fi.” Once a user connects to a rogue network, a hacker (and anyone else on this network) can access shared folders on the user’s device.
- Man-in-the-middle – A device that sits between the user and a legitimate web server can intercept and modify data exchanged between the two systems. An Evil Twin is often used for this purpose.
Sometimes users aren’t even given the choice of whether to connect to a network or not; their device connects to a detected Wi-Fi network automatically. For example, a worker stops in his favorite coffee shop to grab a latte. He has used his PC there in the past and the computer remembers the Wi-Fi connection and automatically connects again—without any action on the user’s part. The connection gets broken when he walks out of the shop and out of range of the access point.
Cell phones, too, can automatically connect to unsecured Wi-Fi networks, unbeknownst to the phone’s owner. For example, the city of Tel Aviv in Israel offers public Wi-Fi to residents and visitors. Amit Bareket, founder of the technology company SaferVPN, says he signed up for the free Wi-Fi service and went about his daily routines in the city. Over the following six months, his phone got automatically connected to unsecured Wi-Fi networks in and around Tel Aviv 16,000 times. He didn’t do anything to invoke any of those connections; they just happened because his phone detected them.
The best way for users to protect themselves on public Wi-Fi networks – which truly are convenient in a pinch – is to use a virtual private network (VPN). SaferVPN says it has developed several solutions that make it convenient for users and businesses to establish a secure VPN connection every time over public Wi-Fi.
Individuals can download the SaferVPN app to their smartphone, tablet or notebook computer, which creates an automatic connection to a secure VPN in the cloud. It creates a virtual network within any Wi-Fi network, establishing a secured connection to the public Internet. Once the VPN is invoked, an attacker cannot access or alter the user’s information traversing the network or within shared folders. SaferVPN says it utilizes 256-bit encryption to protect network traffic.
This app is available for Android, iOS, Windows and Mac. SaferVPN got special approval from Apple to activate its VPN automatically when a Mac or iPhone user gets connected to an unsecured network. (Approval wasn’t necessary from Google and Microsoft, since the Android and Windows platforms are open for developers.) With this app, the worker on the go doesn’t need to worry about a device automatically detecting and connecting to public networks in an unsecured way. Instead the device connects to the SaferVPN cloud infrastructure.
For organizations that want to provide a VPN solution for all on-the-go employees, SaferVPN supports integration to Lightweight Directory Access Protocol (LDAP) and Security Assertion Markup Language (SAML) authentication mechanisms. Employees can authenticate to the corporate network and get different user and group policies based on their credentials. The organization makes some initial configurations to make it easy for employees to login using unified logins, but then everything is managed and supported by SaferVPN.
The vendor is working to integrate its solution to leading Enterprise Mobility Management (EMM) and Mobile Device Management (MDM) solutions so customers can use those services to push the VPN application to all users’ devices. The app can be deployed through an EMM or MDM tool and all configuration is done automatically. For organizations without a mobility management solution, SaferVPN has ad hoc integration to Active Directory or SAML services. Once it is configured, users can download the app via a dedicated link and login with their company’s details.
The SaferVPN cloud-based solution eliminates the need for an organization to maintain its own VPN infrastructure. This should simplify operations, and could also improve the customer experience by eliminating the latency of having to backhaul traffic through the corporate infrastructure.
SaferVPN has deployed its cloud VPN infrastructure in numerous countries worldwide, which enables a quick and efficient connection for end users. For example, if a worker travels to Israel from his home location in the United States and connects to the cloud-based VPN, SaferVPN establishes the connection with a server in Israel to eliminate latency and create a seamless customer experience.
The traditional Secure Sockets Layer (SSL) VPN market hasn’t changed much in 15 years. With its automatic secure connections and the ability to run a scalable VPN in the cloud, SaferVPN believes it is bringing real innovation to the world of the VPN as we know it.