Have you ever been on the road towards a meeting or a vacation, and then just suddenly stumbled upon an open network while waiting for a plane or drinking a cup of coffee? Most people probably have..

And have you even been a bit too tempted and logged onto this open network? Again, most probably have.

Now, have you then started working while on this network and directly sent corporate information or handled information on your corporate systems? Sadly, many have and if you’re one of them: Read on! Using open networks directly for sensitive data (like corporate data) is a big security no-no!

So why would this be a problem? Isn’t it just free internet for the masses? Well, yes and no. Yes it’s probably a network you are completely free to use. It might even be a network owned by the office building, hotel, airport or which ever company you’re at. But due to the way wifi-networks are designed, everything you send over this network is completely public. Every person, on the network or simply in the vicinity, can easily set up a simple network scanner like Wireshark or Kismet and directly save all the information you send over this network, including all e-mails, websites you visit, data you send to websites, data you receive – plain and simply everything! And you have no way of detecting this! None what so ever! There is absolutely no way to check for eavesdroppers on an open unencrypted network.

To add insult to injury, eavesdropping on a network is extremely easy to do and there are several easy to use tools out there that hordes of 15 year old script kiddies love to use to steal as much information as they possibly can – for no other reason than: They can!

So are we advocating not using public open wifi-networks? No, not at all – you just need to use them correctly!

You can look at it like this: A public open wifi-network gives you a gateway on which you can build a connection to your workplace and work from there. How do you do this? Well basically there are several solutions here:

• Make the network encrypted.
  Well normally you won’t have the option of doing this, but in most cases it is simply better to keep smaller networks encrypted and then only use encrypted networks. Preferably using WPA2-PSK or WPA-Enterprise as encryption schemes. This is however most likely not a possible solution!
• Use a VPN connection
  A VPN (Virtual Private Network) is a technology with which you can remotely connect to your organization’s network in a completely encrypted manner. It is by far the most transparently secure solution available and is generally the one we would suggest to companies wanting their employees to be mobile always.
  There are several VPN solutions available out there, including big corporate solutions from companies like Cisco and open source solutions like OpenVPN.
• Access resources with SSL/TLS
  While VPN applies to all network traffic sent from your computer, there is also the other option of encrypting critical parts of your work like e-mail, FTP access, critical websites etc. There are protocols to support this for almost all the different kinds of traffic including: POP3S and IMAPS for email, SFTP for FTP and HTTPS for websites.
  Using this solution may in many ways be simpler, but it assumes you know beforehand every place from which you will be needing critical information. It also puts a considerable extra security concern onto the individual employee, since this person now has to deduce whether or not the given communication he/she is doing at the moment is secure or not. Using VPN, these concerns go away in most cases.
• Remote desktop solutions
  Another option, that’s somewhat similar to the VPN option, is to have the employee make a secure connection to a server at the workplace and from there open up a terminal service running another computer remotely. Solutions like this are available in many forms like VNC, RDP and proprietary solutions from companies like Citrix. This gives the employee a remote view of his/her workstation desktop even though he/she is no way near the actual office and, most importantly, it makes it possible for him/her to work securely from any network.

So you can look at it like this: If you’re not doing any of the above, you have a problem and should take it up with your company in order to get a security policy on the matter and making it safe for the company to work from anywhere! Mobility is one of the top priorities in business these days, and you really want to use the opportunities laid before you well, without screwing yourself because of bad security.

So remember: Public open networks aren’t bad, but you need to keep your assets safe while using them!

We have now released a native Microsoft Windows installer for the second release of our application Aconiac Password Generator, release 1.2.
It’s available at our website for download, alongside a cross-platform version for Mac, Linux, BSD etc. We are currently working on releasing a bunch of other native installers for Mac, Ubuntu Linux, Redhat/Fedora and more, however with clients needing to be serviced, it might be a few weeks before these will be finished. If you have experience packaging software for these systems and would like to help, please feel free to contact us.

The download page for Aconiac Password Generator can be found here

NOTE: This news item was orignally posted on December 3, 2008

Since our password generator has always been free and is fairly simple software, we have now decided to release the software as open source under the so called 3-clause BSD license.

This means that if you need a password generation feature for your software, you can actually take our code and use it directly in your code without paying us a dime. Just as long as you write publicly that you are using our code.

You can read more about the BSD license on Wikipedia

The code is stored on SourceForge.Net and there is a direct link to the project here on the website