Part 5 (If I See The Lock In My Browser’s URL, Does That Mean I’m Safe?)

We have learned the advantages the hacker has when he is on the same public network as you are. There is plenty of work that goes into the initial setup but once the system is running, he can become very responsive. The actual risk of compromise itself is extremely small. It’s not much higher than a victim on his personal secure LAN becoming compromised because he chose to click on some shady links while ignoring all the warnings. At some point, you may need to leave the safety of your own network fortress and go into the wild west of public LAN networks. There are plenty of steps you can take to defend yourself completely.

Update Everything

This is one of the most important yet least recommended solutions. If some malicious code successfully executes on your browser or someone injects malicious code into your system, then it’s likely due to unpatched software. Browser developers, operating system developers, and antivirus developers are very responsive when it comes to security vulnerabilities.

Turn Off Network Discovery

You won’t be needing to share files on public WiFi. Especially now that we have more secure online services for such a task (Dropbox, SpiderOak, SSH, etc).

Instructions:


Windows 10
Windows 7/Vista
OSX

Test Your Device For Vulnerabilities With Nessus

I have mentioned Nessus software in my first hack article. It is extremely useful for identifying vulnerabilities and the threat outcome on your device.

Use Cloudflare’s DNS

By using Cloudflare’s DNS, you can prevent DNS hijacking. As an added bonus, it will make your internet even faster because you will be using top of the line infrastructure to resolve DNS requests. When you first access a router, you may need to disable this in order to access the public WiFi’s terms of service page.

Instructions:


Windows 10
Windows 7
Windows Vista
[OSX][dnswinosx]
iOS
Android

Install HTTPS Everywhere

HTTPS Everywhere is a plugin invented by one of the most trusted non-profit names in cybersecurity. The EFF. that takes an HTTP request and redirect you to an HTTP equivalent. Keep in mind that this will not work if the website is not configured to use HTTPS. It will only work if the website you are visiting does not default to HTTPS. You can use the plugin to block all non-encrypted traffic after you have agreed to the public WiFi’s terms of service page.

Download: HTTPS Everywhere

Install NoScript Lite

NoScript is a plugin that will disable Javascript. If an attacker redirects you to a fake webpage or even gets you to connect to a fake AP then that webpage could be a page attempting to execute malicious code. If that is the case, malicious code is mostly executed with Javascript. Be sure to keep this off. You will notice your web pages loading faster since Javascript is also used to tracking scripts. If a webpage breaks while loading, you whitelist the page and reload it. The world is attempting to move away from Javascript web pages but some websites still depend on it.

Download: NoScript Lite

Install Brave

You won’t be able to get the previous two plugins for mobile browsers. Fear not, there is a more secure browser that allows HTTPS redirects and Javascript blocking. It is called Brave.

Download Brave

Uninstall Flash and Java

Much like javascript, Flash and Java can execute malicious code. You can not simply “update” them. Flash is notorious for getting hit all the time. Both are meaningless in today’s world. Everyone is trying to cut them out and Adobe themselves mentioned that Flash will be discontinued. Uninstall them both.

Disable Automatic WiFi

Keep this off. If a user attempts to deauthenticate you from the network, your computer will not reconnect to his evil-twin hotspot. If you are needed to type in a password before using the WiFi, then make sure you don’t see two of the same Access points on the list. If you do, then alert the owner.

Do Not Accept Unsigned Certificates

If you are on a website that you know very well, then do not accept unsigned certificates if asked. Good news is the browser will make it hard for you to continue unless you actively read the warning message.

BUY a VPN

If you buy a VPN, then all your traffic will be encrypted. This includes your DNS information so a hacker won’t even be able to look at what websites you have been visiting. Even if you connect to his router, it will not matter. Do NOT get a free VPN. They are free for a reason. The EFF recommends using That One Privacy Site in order to review which security features your VPN has. I personally use NordVPN. They give out coupon codes all over the internet.