The US National Security Agency (NSA) has warned of the risks to wireless devices when used in public. It is more than the usual “beware of public hotspots” warning. It calls out all wireless connections, including Bluetooth, Wi-Fi and Near-Field Communications (NFC). The latter is something that most users won’t realise is a risk. Importantly, it also makes it clear that this warning is not just about laptops. It also includes tables, mobiles and wearables.
In its press release, it writes: “NSA lists malicious techniques used to target each technology and provides specific recommendations, such as avoiding public Wi-Fi and instead using a personal or corporate mobile hotspot with strong authentication and encryption. If users must connect to public Wi-Fi, they should take necessary precautions, such as using a personal or corporate-provided virtual private network (VPN) to encrypt the traffic.”
The details of what to do are contained in a short 8-page blog. It contains four tables giving Do’s and Don’ts for wireless devices, Wi-Fi, Bluetooth and NFC.
What is in the NSA guidance?
As might be expected, the three key pieces of advice are to patch regularly, use endpoint protection software and use MFA (multi-factor authentication). What is less expected is the advice to reboot devices after using untrusted public Wi-Fi.
There is specific advice for laptops users. The challenge is that this advice is only likely to be of interest to technical users. Enabling firewalls should be a given but asking users to check the inbound and outbound connections that applications use is not a given. It requires that organisations make it easy and do this for the users.
The same is true for the Windows laptop specific advice. Users are not going to play around with their network settings without advice from corporate IT. In many cases, these will be locked down. It puts the onus on IT network teams to push changes. However, for smaller organisations without an IT department, this will be left to users, making it less likely to happen.
For specific wireless connections the advice, while sensible, is also less likely to be followed. Telling people to disable Wi-Fi, Bluetooth and NFC when not in use is unlikely to happen. Most users will not listen to this advice and will see the additional steps to turn on/off as an issue.
Some of the Don’t advice will also be ignored by users. Access to public Wi-Fi is something people actively hunt out. This is not just to use social media or check web pages. It is often about online shopping or connecting to pick up email and even do work. As such, many will ignore the warnings around public Wi-Fi.
Enterprise Times: What does this mean?
The NSA has issued solid guidance on the Do’s and Don’ts or wireless connectivity in public places. The question is, how many people and organisations will follow it? It contains not just technical settings but warnings about behaviour. For large organisations, most of this can be managed by pushing policy and configuration updates to computers. For smaller organisations, this will be down to individuals and how much it will be followed is questionable.