Every access to remote content, whether published online or stored on a private machine connected to a network, implies that the requests and eventual authentication data are transmitted through data communication networks alongside the target content itself. This content, in turn, can be private and may contain sensitive information. For secure access, it is necessary that all network elements, which consist of data links and traffic control devices, belong to, and are managed by trustworthy entities. This is the case when we are using our own company’s network or when using an Internet service provider with whom we have a legal service provision contract.
If a point in the network is compromised, it can be exploited for spying on the data passing through it (a process known as ‘sniffing the network’) and obtaining and storing relevant information. Moreover, this can occur without the person who set up that data link realizing that it is happening. There are no visible signs for the user. In fact, service providers conduct procedures like this, but without spying, for measuring network performance and ensuring an adequate quality of service.
Practical example
Consider Pat, who is traveling abroad and wants to check their e-mail while waiting at the airport. There are various networks available, some of which are freely accessible, and Pat wonders if it’s okay to use one of these to save some of their smartphone data plan allowance for later use. In the list of available Wi-Fi access points, Pat can find two or three well-known brands. Can these be trusted?
The safest course of action for Pat is to use the contracted data plan to connect online. Even if the data allowance is almost used up, there might be Wi-Fi available later at the hotel, and the data allowance can be saved for that time. If this is not an option, the next best thing might be to purchase temporary Wi-Fi access or check if the airport offers Wi-Fi access. Pat can also choose a free Wi-Fi network from well-known brands, such as telecommunication companies. The key point in these latter cases is to ensure that the free Wi-Fi access is from the official companies and not from someone else. Please keep in mind that individuals with malicious intentions often impersonate well-known brands to attract potential victims. Pat should ask themselves the following questions:
- Is the (free) service being advertised by the brand (airport, telecommunication company, etc.)? Typically, brands advertise the availability of their services both for marketing purposes and to reassure users that it is safe to use their service. If Pat cannot find any advertising for the service, it would be best to ignore it or seek out someone they can ask about its legitimacy.
- Is the signal stable and available in multiple locations? The more stable and widespread the signals are, the less likely they are to be from fraudulent providers, as this would raise more suspicions among people familiar with the area.
- Do I need to access or provide sensitive information? In all cases, but especially when using the internet in unfamiliar places, make sure that if a password is requested, it is done using an SSL-enabled connection, such as https. It’s even better not to use passwords but authentication tokens. This is the standard procedure in modern and updated software, whether on a PC or mobile, such as e-mail clients. Therefore, using e-mail clients is preferable to using the login page at the e-mail service portal.
