The National Security Agency (NSA) has released guidance on securing wireless devices in public settings for government national defense entities and the general public.
The new 8-page guidance infosheet summarizes ways bad actors target wireless devices as well as good safeguards to protect against such cyberattacks.
The NSA warns that although connecting to public Wi-Fi networks may be convenient, doing so presents potential risks to end-user devices. For instance, threat actors can install malicious access points, redirect users to malicious websites, inject malicious proxies, and employ network sniffing to steal passwords or other sensitive data.
The guidelines includes multiple “Do’s and Don’ts” in the areas of wireless devices, Wi-Fi security, Bluetooth, and Near Field Communications (NFC).
Wireless Device security
User’s should follow these good safeguards or “Do’s” for wireless devices:
- Keep device software up to date.
- Install anti-malware software.
- Use multi-factor authentication (MFA).
- Reboot regularly after connecting to public wi-fi.
- All laptops: Enable firewalls to restrict inbound and outbound connections by app.
- Windows laptops: Disable Link-Local Multicast Name Resolution (LLMNR) and Netbios Name Service (NBTNS) if applicable.
- Corp laptops: configure proxy to use corp proxy and disable “auto-detect” in proxy settings.
As for the Don’ts, the NSA advises users to (obviously) not leave devices unattended in public places, as well as not use personal names in their devices.
The NSA also recommends the following Do’s for Wi-Fi security:
- Disable Wi-Fi when not in use.
- Disable Wi-Fi auto-connect.
- Use strong authentication and encryption where feasible.
- If you have to connect to public Wi-Fi:
- Only connect to networks that require password.
- Ensure WPA2-encryption at minimum is used.
- Log out and “Forget” the access point after using.
- Delete unused Wi-Fi networks.
- Use an IPsec VPN.
- Use HTTPS and only connect to necessary websites and accounts.
- For laptops:
- Turn off file and printer sharing on public networks.
- Use virtual machines (VMs) for an additional layer of security
If you connect to public Wi-Fi, don’t ever enter sensitive data (such as passwords and payment card information) when visiting sites such as banking, shopping, and medical sites. To add, you should avoid doing any financial transactions online and never click on unexpected links, attachments or pop-up messages.
For laptops, users should also never mark public wi-fi networks as trusted and don’t browse the internet with the administrator’s account for your device.
Readers can also check out a few of the many Wi-Fi related attacks to include: Kr00k, KRACK and FragAttack.
To enhance Bluetooth security on devices, users should:
- Monitor device Bluetooth connections for unauthorized connected devices.
- Not leave device in discovery mode when not needed.
- Use an allowlist or denylist of apps allowed to use Bluetooth.
- Disable Bluetooth when not in use.
In addition, users should never send any sensitive data such as passwords over Bluetooth and never accept pairing attempts from an untrusted source that you did not initiate.
Bluetooth cyberattacker methods that pose a cyberthreat in public settings include BlueBorne, Bluejacking, Bluesnarfing, and Bluebugging to name a few.
Readers can also check out NIST SP 800-121 Revision 2, Guide to Bluetooth Security for more information.
Finally, the NSA recommends users disable the NFC feature when not needed, if technically feasible.
In addition, users should not communicate passwords or sensitive data over NFC. Be cautious and avoid bringing your device near any unknown electronic devices that could trigger automatic communication.
“As telework becomes more common, users are more frequently bringing themselves and their data into unsecured settings and risking exposure,” the NSA stated in the infosheet.
Therefore, it is imperative users employ strong safeguards to protect their devices and sensitive data from threat actors.
- BlueBorne – Bluetooth cyber attacks
- Bluetooth BR/EDR supported devices vulnerable to cyber attacks
- Bluetooth vulnerability alert
- DHS warns of Iranian cybersecurity threats, issues guidance
- My 6 Favorite Mac Security Hardening Recommendations
- Kr00k: Wi-Fi encryption vulnerability impacts billion+ devices
- Wi-Fi Alliance introduces Wi-Fi CERTIFIED WPA3
- KRACK Wi-Fi cyber attack
- Cyber attack targets Docker installations