Page 448 - Shaping smarter and more sustainable cities - Striving for sustainable development goals
P. 448

Recommendations
               Attention should be paid to the surrounding area when accessing hotspots, in order to verify
                 that nobody is able to read one's laptop screen. A privacy screen can be used for extra security.
               The  network  configuration  should  be  changed  in  order  to  manually  select  each  wireless
                 network that the system joins.

               File sharing should be turned off while at a hotspot. Highly sensitive or personal data should
                 be stored elsewhere, and when using instant messaging or e‐mail, nothing should be sent that
                 one would not want made public.

               There exist products that enable users to become “invisible” on the network by creating a
                 virtual private network (VPN). These products encrypt the username, password and other
                 confidential information that users may have entered online, allowing the users to control
                 what they share online, no matter where they connect to the Internet. Internet banking, stock
                 trading or other sensitive online financial transactions should be avoided while using a public
                 hotspot.
               Security software should be kept current and active.


            These Internet hotspots can be a virtual playground for beginning hackers or a potential gold mine
            for sophisticated veteran cybercriminals, as illustrated in Box 2.



             Box 2. How do cybercriminals exploit WiFi hotspots?

             Packet  sniffers  are  programs  that  allow  the  interception  of  wireless  transmissions  via  data
             packets. If the packets are unencrypted, someone with a packet sniffer can see information like
             personal communications, financial transactions and account passwords as plain text.

             Wi‐phishing,  or  The  evil  twin,  is  a  process  in  which  a  cybercriminal  pre‐empts  the  hotspot's
             wireless signal with one of his own, spoofs the legitimate network name, and replaces the sign‐
             up  page  with  one  that  looks  like  the  real  thing.  As  a  result,  credit  card  and  other  personal
             information can be supplied to the spoofer, rather than the hotspot provider.

               Firesheep is a free add‐on application created for the Firefox browser that wraps a friendly
                 interface  around  a  hacker's  tool,  allowing  cybercriminals  to  “side  jack”  or  intercept  login
                 credentials for a site or service that does not require a secure socket layer (SSL) (a security
                 feature that provides encryption).



            It is critical that free Wi‐Fi hotspots in SSC, whether provided by private entities like shops or by the
            city administration itself, are secured.
















            438                                                      ITU‐T's Technical Reports and Specifications
   443   444   445   446   447   448   449   450   451   452   453