Why Securing Public Wi-Fi- is More Important Than Ever
Originally recorded on June 6, 2024
[00:00:00] Kory Underdown: Joining us today for Why Securing Public Wi-Fi is More Important Than Ever. My name is Kory Underdown. I'm the Senior Content Manager here at DNSFilter, and today's conversation is going to be between SmartBrief's Scott Becker and DNSFilter's, Carl Levine. So we will be recording the session and you will receive the recording in your inbox later today.
But I'm very excited to go ahead and hear about securing public Wi-Fi. So let's go ahead and hand it over to Scott and Carl.
[00:00:32] Scott Becker: Thanks for joining me today.
[00:00:34] Carl Levine: Scott, my pleasure.
[00:00:36] Scott Becker: I can't tell you how excited I am to talk about the security of free public Wi-Fi because I'm a guy who bought a cheap Wi-Fi router back in the day to learn how to knock down web networks and I'm also a guy who's still gets nervous every time a hotel asked me to connect to their unsecured network and then enter my room number.
What is going on here? Is this secure? I don't know. But before we get started and speaking of your expertise, would you mind introducing yourself and your experience in managing network security?
[00:01:07] Carl Levine: Sure. My name is Carl Levine. I'm the Manager of Sales Engineering at a company called DNSFilter, as you can see on my shirt.
So I've been playing with the internet for damn near 30 years at this point. And Wi-Fi has been kind of part and parcel of that experience for about the last 20. As far as I go I've managed small networks in the workplace. But really my forte is more on the internet infrastructure side where it comes to what happens when that information leaves the network and goes out to the public internet.
That being said, there's certainly some trends and some threats that we should explore as we discuss today.
[00:01:45] Scott Becker: Okay. Alright. Excellent. Alright countless trainings and security advice articles pretty much say the same thing. They say, don't secure to unsecured or don't connect to unsecured Wi-Fi networks.
So what are the primary security risks associated with unsecured Wi-Fi networks?
[00:02:03] Carl Levine: I think, it lies right there in the word "unsecured." What you're talking about is, you have a computer, a handheld device, et cetera, communicating with a router, and in that transmission. Is information that could otherwise be disseminated and unpacked to understand what you're trying to do.
And depending on the protocols that are being used in the transmission, you could have unsecured personal identifiable information or financial information or anything that could really be used to exact, some pretty nasty stuff.
[00:02:40] Scott Becker: Yeah. And that's on the user side. That's a problem.
For the organization that's hosting the unsecured network, are there any risks for them? Absolutely,
[00:02:51] Carl Levine: depending on how they have their network set up. The Wi-Fi service is not segregated from their production environment or, an employee network where other information could be, potentially uncovered you're effectively leaving the gates open to your castle.
[00:03:07] Scott Becker: Not a good idea.
[00:03:08] Carl Levine: No.
[00:03:11] Scott Becker: So speaking of that, from the attacker standpoint, what are some of the common methods that they're using to exploit the vulnerabilities of unsecured Wi-Fi networks?
[00:03:20] Carl Levine: Yeah, as you said earlier, you were crack cracking open WEP networks back in the day.
There's a bevy of tools available that fraudsters hacks know hackers can use not only on their own, laptops or mobile devices to exploit what's going on in an unsecured network. There's also third party devices, things like pineapples for instance which are a small little device that can connect to the Wi-Fi and, wreak some havoc.
[00:03:43] Scott Becker: Yeah. So what are the potential consequences you know of users such as employees just accessing sensitive information over an unsecured public Wi-Fi network?
[00:03:58] Carl Levine: Trade secrets are a big thing, especially as more and more of us work remote. A DMS filter, we've been a hundred percent remote since we were founded.
So we did it before it was cool. But then you had a bunch of people who, usually would work in an office where they were at a workstation or even a laptop that was hardwired into a network and, all the access controls were ran from the firewall. When you decouple that and you take things to the field, you run the risk then of sending information that may or may not be, suitable for all audiences.
Think about trade secrets, proprietary information especially, remote coding, GitHub and all sorts of things like that. If that's all being transmitted over an unsecured Wi-Fi connection. There's trade secrets and other things that could be potentially harmful to a business and their viability or all the same.
Your personal information could also be intercepted and identity theft and other sort of maladies of that nature could certainly arise. Yeah,
[00:04:56] Scott Becker: yeah. Okay. Alright. No, it makes sense. So what security measures would you recommend for businesses to implement that, to secure their public Wi-Fi networks and protect both their customers and their own data?
[00:05:11] Carl Levine: Yeah, certainly. Any of the, Wi-Fi methods that are not just a wide open network will have some degree of encryption. There are protocols that are built right into Wi-Fi that allow you to connect securely. Hence the little lock to that wireless network. And in doing so, that means that the, that 2.4 gigahertz or five gigahertz or even, we look down the road at, some of the other, more advanced, Wi-Fi six, Wi-Fi seven technology, all of that information is then encrypted from an end to end.
Somebody couldn't disseminate that without having a, private key to unlock the public key. It's generally a lot safer.
[00:05:49] Scott Becker: Okay. How do regulatory frameworks impact the security requirements for public Wi-Fi networks and what are the compliance considerations for businesses there?
[00:05:59] Carl Levine: Compliance is the hot word in 2024 with, frameworks like CMMC and people wanting to be, SOC two compliant and, making sure that all that data stays where it's supposed to stay. And by securing your Wi-Fi, that's a big part of that. You're able to then, say that you meet the requirements of those compliance frameworks, which is absolutely crucial if your business requires any sort of cyber insurance.
Cyber insurance policies won't typically cover you if your just opening up your network for everybody to go and poke away at.
[00:06:31] Scott Becker: Good point. What is the, some of the trends that you're seeing when it comes to the security of Wi-Fi networks?
[00:06:40] Carl Levine: So I think that, from that compliance standpoint, there becomes this, idea of liability as well.
Yeah. You know, if I walked into the Starbucks at the end of my street and I saw somebody looking at porn, I'd be absolutely flabbergasted, first of all who does that in a public place? But the fact of the matter is. There's people out there that do that, and that actually creates a liability because then, say I'm there with my son.
Isn't old enough to understand what that is. In a couple of years you'd be like, if look, everybody's hugging, oh no, we don't want that. That's bad. And people can sue for that. They, and that can have a direct implication on the brand, on, not only just for that one location, but the entire chain.
Hey, did you hear about that coffee shop that you can walk into? And people can just go and do whatever they the heck they want on the internet. Bad. You have to, really think about what you're rendering as a service.
[00:07:33] Scott Becker: Yeah.
[00:07:34] Carl Levine: And then, look at, how to, pare down what people can do on a public Wi-Fi network.
[00:07:41] Scott Becker: Are there still a lot of unsecured networks out there?
[00:07:44] Carl Levine: I see quite a bit. And I think that it's gonna come to an inflection point where, you know. Yeah I look back on, HTT P versus http s for web browsers. Sure. Now, your Google rank for your website won't even come up if you don't offer, TLS encryption on your website.
Who's to say that, in coming years, that we could have some kind of regulatory function in place? It says, you can't provide an unsecured web, unsecured Wi-Fi, maybe they'll stop selling unsecured Wi-Fi routers. They'll take that right out of the equation. And I think that'd be a great thing because again, you reduce the risk of any of these sort of bad things happening.
Yeah. And I think that, ultimately, between that and like good content filtering and just making sure that, the people that are connecting to this are legit. You certainly, reduce that risk. But, I've seen, I'm still seeing quite a bit of, free public Wi-Fi out there and.
It's an interesting trend because I think about, the last iPhone that I bought.
I went from a 4G LTE phone that I very rarely ever had to connect to somebody's Wi-Fi to get a good signal to this 5G. 5G, it's got this millimeter wave technology that doesn't penetrate a building the way that LTE did.
LTE had these nice long flowing wave forms that, could, penetrate a, a steel building, a concrete building, concrete reinforced steel, that sort of stuff. So like for instance, I'd walk into the grocery store and my wife could text me and say, Hey, you forgot the milk.
That really can't happen these days. And granted, the grocery store I go to doesn't have Wi-Fi, at least in most of their stores.
But it's becoming more and more of a trend now that, retail establishments not only having to stay ahead of the curve with, online retailers. I need to offer an online experience.
Like when I go to Home Depot, for instance, like I'm always on their Wi-Fi, not because I need my wife telling me what to buy at Home Depot. But more Hey, I need to locate this special piece of hardware, what aisle is that in? And if I have one bar of 5G versus, a big old Wi-Fi icon on my screen, that's indicating a strong signal.
[00:09:55] Scott Becker: Yeah.
[00:09:56] Carl Levine: I'm gonna be using that Wi-Fi to go track down what I need.
[00:09:59] Scott Becker: In so many stores now it's required for the shopping experience that you have a phone with connectivity.
[00:10:05] Carl Levine: Absolutely. Try and find somebody in Home Depot these days doesn't work out so well. No,
[00:10:12] Scott Becker: that's really interesting what you're saying too, just about 5G i'm still on A 4G, LTE network and lucky you. Yeah. I guess because I never. Connect to Wi-Fi unless I'm at somebody's house for a weekend or something.
[00:10:26] Carl Levine: Sure.
[00:10:27] Scott Becker: And that, that was always the way I
[00:10:29] Carl Levine: still to this day I still think it's rude.
Like when, personally for me, if I'm going to someone's house, like if I walk in Hey, what's your Wi-Fi? I'm there to hang out with a person. I'm there to make a human connection.
So it's what's this doing now? It's 5G is now usurping all of our.
Personal connections maybe. I don't know.
[00:10:47] Scott Becker: Yeah.
[00:10:47] Carl Levine: Just something to think about.
[00:10:49] Scott Becker: Definitely. Now, one more thing on trends are you noticing an increase in the concern around protecting wireless networks?
[00:10:58] Carl Levine: I think there's just concern around everything these days. And rightfully everything's become more pervasive and ubiquitous, right? So we've all got these super computers in our pockets. We're opening up laptops at airports and Starbucks and, pretty much anywhere that we need to, transact business these days.
Yeah. And
so it's not getting any less, it's only getting bigger.
So I think that with, more ubiquity comes, more risk.
[00:11:24] Scott Becker: Can you explain the importance of regularly updating software and firmware on devices that connect to public Wi-Fi networks and how that contributes to overall security?
[00:11:36] Carl Levine: Absolutely. I've been party to, a lot of warnings coming from, not from, the device itself, but like third party software that our authentication, mechanism here at work is it's Okta and Duo and a bunch of other, systems like that. And if I use that for two FA and it says, Hey, your iOS is outdated, like there's a reason for that. And not a lot of people look at the release notes that come from the device manufacturers like.
Whenever Apple releases an update some people in my house are saying, oh, what new emojis do we get me? I'm saying, what new security do we get? What zero day threat did they find that they're now trying to squash? And that's probably the biggest thing is finding the exploits in these devices now.
I don't wanna spark an Apple versus Android debate here. That's something we can have another time. But, when it comes to the, different devices that are made, you look at an Android device and there's many different manufacturers, you use many different chip sets, many different, drivers that have to go into that operating system to allow those things to work.
And if say, somebody goes with a low bidder piece of, like a chip inside of an Android device. And, the manufacturer that put a backdoor in it. There's a zero day threat. Who knows what they can, potentially usurp from that device. Granted that's a pretty extreme case, keep in mind that, people that work for the device manufacturers and build the operating systems for them are constantly iterating that software.
There's constant iteration looking at bugs, looking at, other things that could cause potential, harm. It's always advisable to stay up to date as much as possible with the operating system and other software on your devices.
[00:13:18] Scott Becker: Yeah. Let's get into some myths. So what are some common misconceptions or myths about Wi-Fi security that you frequently encounter and.
How can they be addressed? I,
[00:13:32] Carl Levine: I like the one where, people are like, oh, I've got a VPN, I'm safe. You're still going over an unencrypted public Wi-Fi to, to get there. So who's to say that's not, getting in the path of danger? I think that, people are like I've got the old version of my os, and that works fine.
Huh? No, that goes back to my point I just made about updating your software. You wanna avoid that
yeah.
I, just, as a funny aside I have a virtual machine that I have to run. I play with cars a lot in my garage and and one of the scan tools that I have in order to update, the only way you can update it is through Windows xp.
That's the newest version of the software that's used to update the specific device. And I've made it a point so this virtual machine that I have I've always air gapped it. When I run it in a virtual box, I'm like, okay, like it doesn't need internet. All it needs is access to the USB port to, RSS 2 32 converter back to this thing.
And
I opened it up to the internet one day. And incidentally because it was running on my Mac with DNSFilter. I could see all the requests that Windows was trying to make and a lot of malicious threats came up on that query log, and it was a Virgin XP machine, so you know, it's only designed to work with this one scan tool.
That's all the things that ever, was installed. It's never seen the internet besides that. Yeah, the fact that I just immediately fired up Windows XP and it was like I opened Internet Explorer and it. That's frightening to me. So again, this goes back to, maintaining, all the system software on your devices to ensure that you're not falling victim to even yesterday's threats.
[00:15:12] Scott Becker: Yeah. Yeah. No, that's a great, that's a great example. 'cause that was one of the, I used to spend, I, I used to work at a Windows focused publication and
we spent a lot of time writing about, upgrades and migration cycles. And that was the biggest thing keeping people on XP was they had some application that was, mission critical and it was never gonna be updated.
And so they were stuck with a box and trying to do solutions like you're doing.
[00:15:37] Carl Levine: Exactly, yeah. So I had to isolate that, save for going and building like another, an old pen two or something. Yeah, it's a little more sustainable running that on my Mac.
[00:15:48] Scott Becker: So are there any emerging technologies or trends that have the potential to improve the security of public Wi-Fi networks in the future?
[00:15:57] Carl Levine: I'd be remiss if I didn't say that DNSFilter plays a big role in that. Our technology is actually one of the largest retail chains in North America. Every one of their stores their guest Wi-Fi, which admittedly is public. When you go and you log in. But on the other side of that, they're, looking at threats, they're looking at, certain content types they wanna keep users away from when they're in the store.
That's twofold. It's not just the people that are coming into the store, consumers think about all of the Instacart and like other delivery services that rely on a reliable internet connection to complete those transactions.
[00:16:37] Speaker 4: Right.
[00:16:37] Carl Levine: It's important that they have connectivity and that, we're not, blocking that.
But what that has done as a collateral effect in a good way. Is because we run the fastest DNS resolver in the world. Anywhere in any one of these stores, you're getting connected to the closest, most logical DNS server in the, in our network and getting, an actual performance improvement despite the upstream provider that may be providing bandwidth to that store.
So even in far-flung locations like Holton, Maine, or, any. Weird far off corner of the country. You're in one of their stores and you can reliably access the internet while knowing that you're being protected. Yeah. From certain threats.
[00:17:19] Scott Becker: Hey, just for anybody in the audience who's not familiar with DNSFilter, what do you guys do in terms of, unsecured wireless networks or, related to unsecured wireless networks?
[00:17:30] Carl Levine: Yeah, whether you're running secured or unsecured we do have a guest Wi-Fi option, which effectively secures the guest Wi-Fi network and the way that we do that, and I mentioned we have the, huge network. It's, well over, 80 different locations over the world dual any cast, which means that we have two networks.
That regardless of where you are in the world, they're gonna route you to the fastest location, logically to where you sit. We have a machine learning engine under this product that is categorized over a billion fully qualified domain names. What that means for you out there in, non DNS speak land is that we've, gone and scanned.
Pretty much the entire internet at this point. And what we've done is we've categorized it, but also identified threats. So that machine learning engine does about 60 40 split. 60% comes from us, 40% comes from third party lists, which other providers tend to use as their primary source of data. We fact check that against our machine learning engine.
There's even components that, can, reliably predict 50 days ahead of third party lists. A, domain generation algorithm situation where you have a domain name that was just, keyboard smashed out of nowhere, but already serving bad content, we were already blocked it.
So really for guest Wi-Fi operators, what this means is that, we can provide a very effective and fast, name resolution service because, DNS is at the core of everything that we do. If you go anywhere on the internet, you're touching a DNS server somewhere. Why not touch the fastest one out there?
And get that, figured out quicker. And in doing so, we, stop threats. We recently contracted with a major hotel chain who, this didn't come from their Cybersec team, it came from their, corporate responsibility. They wanted to cut down on, the threat of, sex trafficking child pornography being, accessed from within their properties.
And DNSFilter. We block those resources immediately right out of the gate. Like you don't even have to press a button. That is like table stakes for us.
[00:19:27] Speaker 4: And it
[00:19:28] Carl Levine: was extremely important that they understood, where these trends were happening so that, they can re you know, look at how they deploy networks and how they potentially, could save lives by preventing, something, physically happening, between people.
[00:19:42] Speaker 4: Yeah.
[00:19:43] Carl Levine: For me like that, I don't think about things as much, when it comes to the business yeah, the, we wanna be a going concern, we wanna make money, this is America, capitalism yada. The more important thing to me is like, how many lives are we protecting, potentially saving with, a DNS request that doesn't go through, that could have, triggered a course of events.
[00:20:02] Speaker 4: And I
[00:20:03] Carl Levine: think that what you're going to see in coming years is that it's not gonna necessarily be a cybersecurity initiative as much as a physical security. Especially, in the hospitality and, travel industries.
Where you tend to see a lot of these, wide open networks.
Like even, I'm just here north of Boston. Anytime I go to Logan Airport, their Wi-Fi's wide open. And why? Because it's easy. If, maybe if they just put their, Wi-Fi password up, everywhere people would be more inclined. But, it's a double-edged sword. If maybe they put up a QR code who's to say that QR code couldn't be like stickered over by some bad actor and it goes to some site.
Looks like a login page. This is like layers to this, Scott. It's crazy. And we could certainly go down the rabbit hole of all the different ways that fraudsters could go and screw all this up, but like at the end of the day, it's you almost have to wonder.
It's yeah, there's no little lock icon on that Wi-Fi, but what's going on underneath that Wi-Fi that potentially makes it safe? And you mentioned captive portals earlier, oh, let's put in my room number, let's put in my, oh, let, I'm a Marriott gold wheat member, so I get free internet.
That's good. That's trusted because that's, a brand.
[00:21:17] Speaker 4: But
[00:21:18] Carl Levine: I've, I'm sure you've traveled internationally, I've traveled internationally. You log onto a free Wi-Fi in any other country and it's like 1998 with the popup ads. Yeah. Nuts. So there's, there's a lot of nuance and like weirdness to all this, but I think that, the most important thing you can do is, as an operator provide protective DNS.
Another cheap shot there, but also consider that, as an end user, a privacy focused VPN. And it just so happens DNSFilter sells one called Guardian
uhhuh.
You'll actually find that if you go and buy an Euro router. Guardian is built right in. You have our point of our privacy focused VPN built right in.
What that does is it obscures your browsing information from third parties, but also encrypts all that traffic as it moves back and forth on the internet. If you think our DNS is fast, take our VPN for a ride. Yeah, I think you'll be really impressed.
[00:22:15] Scott Becker: Oh, okay. Alright. Do you have any hot takes on the security, or risks of offering free public Wi-Fi or using Wi-Fi networks for business purposes?
[00:22:27] Carl Levine: Yeah, for sure. Again, and this all comes down to configuration. If you're, you gotta, one ISP coming into the building and everything's connected to it, including your guest Wi-Fi router. And it, maybe it's in a separate IP space, but it still goes back to the same, point on the network.
Just be very careful about how you set up VLANs and figure out like who's going where and when consider locking it down. You can schedule your Wi-Fi to turn off at a certain point. Could you imagine just rolling up outside the Starbucks at the end of my street and just getting on their Wi-Fi at two in the morning?
They don't, I'm sure they shut that stuff down and they reopen it at 5:00 AM when they reopen. Yeah. That's smart. Just, control the access where you can and just be, diligent in ensuring that you know that your users will have a safe experience, but at the same time that your data won't be compromised by running an open Wi-Fi network.
[00:23:18] Scott Becker: Right.
[00:23:21] Carl Levine: But wherever practical, lock it down.
[00:23:23] Scott Becker: Yeah. Yeah. Great advice. I guess finally in your role and, having a great understanding of how wireless networks operate and your security risks what's your personal protocol for connecting to a free guest Wi-Fi network?
Do you connect to Wi-Fi when traveling?
[00:23:42] Carl Levine: Primarily, unless it is secured and they've given me a password free Wi-Fi is gonna be something that I've gotta be in a hell of a pinch to want to jump on that. I'm gonna call out Harbor Freight Tools right now because that's one of my favorite stores, and if I want to use their coupons I have to get on their free Wi-Fi.
Because, 5G situation works out, 1960s, strip mall with, all sorts of reinforced concrete and a big, aluminum facade. It's not gonna, when I'm, deep in the, the aisles of Harbor Freight and I wanna pull up a coupon, I gotta use their free Wi-Fi.
I have to trust them. And then just as soon as I've got that coupon, like screenshotted, I disconnect. So for me free Wi-Fi, if you'd asked me that question 15 years ago, I'd be, oh, hell yeah, I'm all over that. Why? Because cellular connectivity wasn't what it was. I had a Verizon flip phone with one x, whatever that thing was, and you couldn't do crap on the internet with that.
Now, as soon as 3G came along and it was like, oh, look at this, and then like hotspots came out and it's I can have my own Wi-Fi. And it's mine. And then businesses, obviously, coffee shops got smarter. There was a coffee shop I used to frequent probably just as many years ago who, like they purposely locked down their Wi-Fi and only gave out the password to certain people because they didn't want a bunch of people with computers sitting around.
They're not in business anymore, but they may have missed the mark just a little on that one, but I think that just in general, my personal protocol is avoid free Wi-Fi wherever possible. Unless, you are absolutely certain that you understand the brand. But, and again, anybody can just fire up a pineapple or, a random rogue router somewhere and be like, oh yes, this is definitely Harbor Freight Wi-Fi.
Right.
Yep.
[00:25:34] Scott Becker: Yeah,
[00:25:34] Carl Levine: it's crazy.
[00:25:36] Scott Becker: I think you've you've talked me into hanging onto my LTE phone for a little bit longer.
[00:25:41] Carl Levine: It's fine. As long as it takes software updates. You're okay.
[00:25:43] Scott Becker: I do. I do. The day they're available. All right. As one does, this has been a great conversation.
But I'm very excited to go ahead and hear about securing public Wi-Fi. So let's go ahead and hand it over to Scott and Carl.
[00:00:32] Scott Becker: Thanks for joining me today.
[00:00:34] Carl Levine: Scott, my pleasure.
[00:00:36] Scott Becker: I can't tell you how excited I am to talk about the security of free public Wi-Fi because I'm a guy who bought a cheap Wi-Fi router back in the day to learn how to knock down web networks and I'm also a guy who's still gets nervous every time a hotel asked me to connect to their unsecured network and then enter my room number.
What is going on here? Is this secure? I don't know. But before we get started and speaking of your expertise, would you mind introducing yourself and your experience in managing network security?
[00:01:07] Carl Levine: Sure. My name is Carl Levine. I'm the Manager of Sales Engineering at a company called DNSFilter, as you can see on my shirt.
So I've been playing with the internet for damn near 30 years at this point. And Wi-Fi has been kind of part and parcel of that experience for about the last 20. As far as I go I've managed small networks in the workplace. But really my forte is more on the internet infrastructure side where it comes to what happens when that information leaves the network and goes out to the public internet.
That being said, there's certainly some trends and some threats that we should explore as we discuss today.
[00:01:45] Scott Becker: Okay. Alright. Excellent. Alright countless trainings and security advice articles pretty much say the same thing. They say, don't secure to unsecured or don't connect to unsecured Wi-Fi networks.
So what are the primary security risks associated with unsecured Wi-Fi networks?
[00:02:03] Carl Levine: I think, it lies right there in the word "unsecured." What you're talking about is, you have a computer, a handheld device, et cetera, communicating with a router, and in that transmission. Is information that could otherwise be disseminated and unpacked to understand what you're trying to do.
And depending on the protocols that are being used in the transmission, you could have unsecured personal identifiable information or financial information or anything that could really be used to exact, some pretty nasty stuff.
[00:02:40] Scott Becker: Yeah. And that's on the user side. That's a problem.
For the organization that's hosting the unsecured network, are there any risks for them? Absolutely,
[00:02:51] Carl Levine: depending on how they have their network set up. The Wi-Fi service is not segregated from their production environment or, an employee network where other information could be, potentially uncovered you're effectively leaving the gates open to your castle.
[00:03:07] Scott Becker: Not a good idea.
[00:03:08] Carl Levine: No.
[00:03:11] Scott Becker: So speaking of that, from the attacker standpoint, what are some of the common methods that they're using to exploit the vulnerabilities of unsecured Wi-Fi networks?
[00:03:20] Carl Levine: Yeah, as you said earlier, you were crack cracking open WEP networks back in the day.
There's a bevy of tools available that fraudsters hacks know hackers can use not only on their own, laptops or mobile devices to exploit what's going on in an unsecured network. There's also third party devices, things like pineapples for instance which are a small little device that can connect to the Wi-Fi and, wreak some havoc.
[00:03:43] Scott Becker: Yeah. So what are the potential consequences you know of users such as employees just accessing sensitive information over an unsecured public Wi-Fi network?
[00:03:58] Carl Levine: Trade secrets are a big thing, especially as more and more of us work remote. A DMS filter, we've been a hundred percent remote since we were founded.
So we did it before it was cool. But then you had a bunch of people who, usually would work in an office where they were at a workstation or even a laptop that was hardwired into a network and, all the access controls were ran from the firewall. When you decouple that and you take things to the field, you run the risk then of sending information that may or may not be, suitable for all audiences.
Think about trade secrets, proprietary information especially, remote coding, GitHub and all sorts of things like that. If that's all being transmitted over an unsecured Wi-Fi connection. There's trade secrets and other things that could be potentially harmful to a business and their viability or all the same.
Your personal information could also be intercepted and identity theft and other sort of maladies of that nature could certainly arise. Yeah,
[00:04:56] Scott Becker: yeah. Okay. Alright. No, it makes sense. So what security measures would you recommend for businesses to implement that, to secure their public Wi-Fi networks and protect both their customers and their own data?
[00:05:11] Carl Levine: Yeah, certainly. Any of the, Wi-Fi methods that are not just a wide open network will have some degree of encryption. There are protocols that are built right into Wi-Fi that allow you to connect securely. Hence the little lock to that wireless network. And in doing so, that means that the, that 2.4 gigahertz or five gigahertz or even, we look down the road at, some of the other, more advanced, Wi-Fi six, Wi-Fi seven technology, all of that information is then encrypted from an end to end.
Somebody couldn't disseminate that without having a, private key to unlock the public key. It's generally a lot safer.
[00:05:49] Scott Becker: Okay. How do regulatory frameworks impact the security requirements for public Wi-Fi networks and what are the compliance considerations for businesses there?
[00:05:59] Carl Levine: Compliance is the hot word in 2024 with, frameworks like CMMC and people wanting to be, SOC two compliant and, making sure that all that data stays where it's supposed to stay. And by securing your Wi-Fi, that's a big part of that. You're able to then, say that you meet the requirements of those compliance frameworks, which is absolutely crucial if your business requires any sort of cyber insurance.
Cyber insurance policies won't typically cover you if your just opening up your network for everybody to go and poke away at.
[00:06:31] Scott Becker: Good point. What is the, some of the trends that you're seeing when it comes to the security of Wi-Fi networks?
[00:06:40] Carl Levine: So I think that, from that compliance standpoint, there becomes this, idea of liability as well.
Yeah. You know, if I walked into the Starbucks at the end of my street and I saw somebody looking at porn, I'd be absolutely flabbergasted, first of all who does that in a public place? But the fact of the matter is. There's people out there that do that, and that actually creates a liability because then, say I'm there with my son.
Isn't old enough to understand what that is. In a couple of years you'd be like, if look, everybody's hugging, oh no, we don't want that. That's bad. And people can sue for that. They, and that can have a direct implication on the brand, on, not only just for that one location, but the entire chain.
Hey, did you hear about that coffee shop that you can walk into? And people can just go and do whatever they the heck they want on the internet. Bad. You have to, really think about what you're rendering as a service.
[00:07:33] Scott Becker: Yeah.
[00:07:34] Carl Levine: And then, look at, how to, pare down what people can do on a public Wi-Fi network.
[00:07:41] Scott Becker: Are there still a lot of unsecured networks out there?
[00:07:44] Carl Levine: I see quite a bit. And I think that it's gonna come to an inflection point where, you know. Yeah I look back on, HTT P versus http s for web browsers. Sure. Now, your Google rank for your website won't even come up if you don't offer, TLS encryption on your website.
Who's to say that, in coming years, that we could have some kind of regulatory function in place? It says, you can't provide an unsecured web, unsecured Wi-Fi, maybe they'll stop selling unsecured Wi-Fi routers. They'll take that right out of the equation. And I think that'd be a great thing because again, you reduce the risk of any of these sort of bad things happening.
Yeah. And I think that, ultimately, between that and like good content filtering and just making sure that, the people that are connecting to this are legit. You certainly, reduce that risk. But, I've seen, I'm still seeing quite a bit of, free public Wi-Fi out there and.
It's an interesting trend because I think about, the last iPhone that I bought.
I went from a 4G LTE phone that I very rarely ever had to connect to somebody's Wi-Fi to get a good signal to this 5G. 5G, it's got this millimeter wave technology that doesn't penetrate a building the way that LTE did.
LTE had these nice long flowing wave forms that, could, penetrate a, a steel building, a concrete building, concrete reinforced steel, that sort of stuff. So like for instance, I'd walk into the grocery store and my wife could text me and say, Hey, you forgot the milk.
That really can't happen these days. And granted, the grocery store I go to doesn't have Wi-Fi, at least in most of their stores.
But it's becoming more and more of a trend now that, retail establishments not only having to stay ahead of the curve with, online retailers. I need to offer an online experience.
Like when I go to Home Depot, for instance, like I'm always on their Wi-Fi, not because I need my wife telling me what to buy at Home Depot. But more Hey, I need to locate this special piece of hardware, what aisle is that in? And if I have one bar of 5G versus, a big old Wi-Fi icon on my screen, that's indicating a strong signal.
[00:09:55] Scott Becker: Yeah.
[00:09:56] Carl Levine: I'm gonna be using that Wi-Fi to go track down what I need.
[00:09:59] Scott Becker: In so many stores now it's required for the shopping experience that you have a phone with connectivity.
[00:10:05] Carl Levine: Absolutely. Try and find somebody in Home Depot these days doesn't work out so well. No,
[00:10:12] Scott Becker: that's really interesting what you're saying too, just about 5G i'm still on A 4G, LTE network and lucky you. Yeah. I guess because I never. Connect to Wi-Fi unless I'm at somebody's house for a weekend or something.
[00:10:26] Carl Levine: Sure.
[00:10:27] Scott Becker: And that, that was always the way I
[00:10:29] Carl Levine: still to this day I still think it's rude.
Like when, personally for me, if I'm going to someone's house, like if I walk in Hey, what's your Wi-Fi? I'm there to hang out with a person. I'm there to make a human connection.
So it's what's this doing now? It's 5G is now usurping all of our.
Personal connections maybe. I don't know.
[00:10:47] Scott Becker: Yeah.
[00:10:47] Carl Levine: Just something to think about.
[00:10:49] Scott Becker: Definitely. Now, one more thing on trends are you noticing an increase in the concern around protecting wireless networks?
[00:10:58] Carl Levine: I think there's just concern around everything these days. And rightfully everything's become more pervasive and ubiquitous, right? So we've all got these super computers in our pockets. We're opening up laptops at airports and Starbucks and, pretty much anywhere that we need to, transact business these days.
Yeah. And
so it's not getting any less, it's only getting bigger.
So I think that with, more ubiquity comes, more risk.
[00:11:24] Scott Becker: Can you explain the importance of regularly updating software and firmware on devices that connect to public Wi-Fi networks and how that contributes to overall security?
[00:11:36] Carl Levine: Absolutely. I've been party to, a lot of warnings coming from, not from, the device itself, but like third party software that our authentication, mechanism here at work is it's Okta and Duo and a bunch of other, systems like that. And if I use that for two FA and it says, Hey, your iOS is outdated, like there's a reason for that. And not a lot of people look at the release notes that come from the device manufacturers like.
Whenever Apple releases an update some people in my house are saying, oh, what new emojis do we get me? I'm saying, what new security do we get? What zero day threat did they find that they're now trying to squash? And that's probably the biggest thing is finding the exploits in these devices now.
I don't wanna spark an Apple versus Android debate here. That's something we can have another time. But, when it comes to the, different devices that are made, you look at an Android device and there's many different manufacturers, you use many different chip sets, many different, drivers that have to go into that operating system to allow those things to work.
And if say, somebody goes with a low bidder piece of, like a chip inside of an Android device. And, the manufacturer that put a backdoor in it. There's a zero day threat. Who knows what they can, potentially usurp from that device. Granted that's a pretty extreme case, keep in mind that, people that work for the device manufacturers and build the operating systems for them are constantly iterating that software.
There's constant iteration looking at bugs, looking at, other things that could cause potential, harm. It's always advisable to stay up to date as much as possible with the operating system and other software on your devices.
[00:13:18] Scott Becker: Yeah. Let's get into some myths. So what are some common misconceptions or myths about Wi-Fi security that you frequently encounter and.
How can they be addressed? I,
[00:13:32] Carl Levine: I like the one where, people are like, oh, I've got a VPN, I'm safe. You're still going over an unencrypted public Wi-Fi to, to get there. So who's to say that's not, getting in the path of danger? I think that, people are like I've got the old version of my os, and that works fine.
Huh? No, that goes back to my point I just made about updating your software. You wanna avoid that
yeah.
I, just, as a funny aside I have a virtual machine that I have to run. I play with cars a lot in my garage and and one of the scan tools that I have in order to update, the only way you can update it is through Windows xp.
That's the newest version of the software that's used to update the specific device. And I've made it a point so this virtual machine that I have I've always air gapped it. When I run it in a virtual box, I'm like, okay, like it doesn't need internet. All it needs is access to the USB port to, RSS 2 32 converter back to this thing.
And
I opened it up to the internet one day. And incidentally because it was running on my Mac with DNSFilter. I could see all the requests that Windows was trying to make and a lot of malicious threats came up on that query log, and it was a Virgin XP machine, so you know, it's only designed to work with this one scan tool.
That's all the things that ever, was installed. It's never seen the internet besides that. Yeah, the fact that I just immediately fired up Windows XP and it was like I opened Internet Explorer and it. That's frightening to me. So again, this goes back to, maintaining, all the system software on your devices to ensure that you're not falling victim to even yesterday's threats.
[00:15:12] Scott Becker: Yeah. Yeah. No, that's a great, that's a great example. 'cause that was one of the, I used to spend, I, I used to work at a Windows focused publication and
we spent a lot of time writing about, upgrades and migration cycles. And that was the biggest thing keeping people on XP was they had some application that was, mission critical and it was never gonna be updated.
And so they were stuck with a box and trying to do solutions like you're doing.
[00:15:37] Carl Levine: Exactly, yeah. So I had to isolate that, save for going and building like another, an old pen two or something. Yeah, it's a little more sustainable running that on my Mac.
[00:15:48] Scott Becker: So are there any emerging technologies or trends that have the potential to improve the security of public Wi-Fi networks in the future?
[00:15:57] Carl Levine: I'd be remiss if I didn't say that DNSFilter plays a big role in that. Our technology is actually one of the largest retail chains in North America. Every one of their stores their guest Wi-Fi, which admittedly is public. When you go and you log in. But on the other side of that, they're, looking at threats, they're looking at, certain content types they wanna keep users away from when they're in the store.
That's twofold. It's not just the people that are coming into the store, consumers think about all of the Instacart and like other delivery services that rely on a reliable internet connection to complete those transactions.
[00:16:37] Speaker 4: Right.
[00:16:37] Carl Levine: It's important that they have connectivity and that, we're not, blocking that.
But what that has done as a collateral effect in a good way. Is because we run the fastest DNS resolver in the world. Anywhere in any one of these stores, you're getting connected to the closest, most logical DNS server in the, in our network and getting, an actual performance improvement despite the upstream provider that may be providing bandwidth to that store.
So even in far-flung locations like Holton, Maine, or, any. Weird far off corner of the country. You're in one of their stores and you can reliably access the internet while knowing that you're being protected. Yeah. From certain threats.
[00:17:19] Scott Becker: Hey, just for anybody in the audience who's not familiar with DNSFilter, what do you guys do in terms of, unsecured wireless networks or, related to unsecured wireless networks?
[00:17:30] Carl Levine: Yeah, whether you're running secured or unsecured we do have a guest Wi-Fi option, which effectively secures the guest Wi-Fi network and the way that we do that, and I mentioned we have the, huge network. It's, well over, 80 different locations over the world dual any cast, which means that we have two networks.
That regardless of where you are in the world, they're gonna route you to the fastest location, logically to where you sit. We have a machine learning engine under this product that is categorized over a billion fully qualified domain names. What that means for you out there in, non DNS speak land is that we've, gone and scanned.
Pretty much the entire internet at this point. And what we've done is we've categorized it, but also identified threats. So that machine learning engine does about 60 40 split. 60% comes from us, 40% comes from third party lists, which other providers tend to use as their primary source of data. We fact check that against our machine learning engine.
There's even components that, can, reliably predict 50 days ahead of third party lists. A, domain generation algorithm situation where you have a domain name that was just, keyboard smashed out of nowhere, but already serving bad content, we were already blocked it.
So really for guest Wi-Fi operators, what this means is that, we can provide a very effective and fast, name resolution service because, DNS is at the core of everything that we do. If you go anywhere on the internet, you're touching a DNS server somewhere. Why not touch the fastest one out there?
And get that, figured out quicker. And in doing so, we, stop threats. We recently contracted with a major hotel chain who, this didn't come from their Cybersec team, it came from their, corporate responsibility. They wanted to cut down on, the threat of, sex trafficking child pornography being, accessed from within their properties.
And DNSFilter. We block those resources immediately right out of the gate. Like you don't even have to press a button. That is like table stakes for us.
[00:19:27] Speaker 4: And it
[00:19:28] Carl Levine: was extremely important that they understood, where these trends were happening so that, they can re you know, look at how they deploy networks and how they potentially, could save lives by preventing, something, physically happening, between people.
[00:19:42] Speaker 4: Yeah.
[00:19:43] Carl Levine: For me like that, I don't think about things as much, when it comes to the business yeah, the, we wanna be a going concern, we wanna make money, this is America, capitalism yada. The more important thing to me is like, how many lives are we protecting, potentially saving with, a DNS request that doesn't go through, that could have, triggered a course of events.
[00:20:02] Speaker 4: And I
[00:20:03] Carl Levine: think that what you're going to see in coming years is that it's not gonna necessarily be a cybersecurity initiative as much as a physical security. Especially, in the hospitality and, travel industries.
Where you tend to see a lot of these, wide open networks.
Like even, I'm just here north of Boston. Anytime I go to Logan Airport, their Wi-Fi's wide open. And why? Because it's easy. If, maybe if they just put their, Wi-Fi password up, everywhere people would be more inclined. But, it's a double-edged sword. If maybe they put up a QR code who's to say that QR code couldn't be like stickered over by some bad actor and it goes to some site.
Looks like a login page. This is like layers to this, Scott. It's crazy. And we could certainly go down the rabbit hole of all the different ways that fraudsters could go and screw all this up, but like at the end of the day, it's you almost have to wonder.
It's yeah, there's no little lock icon on that Wi-Fi, but what's going on underneath that Wi-Fi that potentially makes it safe? And you mentioned captive portals earlier, oh, let's put in my room number, let's put in my, oh, let, I'm a Marriott gold wheat member, so I get free internet.
That's good. That's trusted because that's, a brand.
[00:21:17] Speaker 4: But
[00:21:18] Carl Levine: I've, I'm sure you've traveled internationally, I've traveled internationally. You log onto a free Wi-Fi in any other country and it's like 1998 with the popup ads. Yeah. Nuts. So there's, there's a lot of nuance and like weirdness to all this, but I think that, the most important thing you can do is, as an operator provide protective DNS.
Another cheap shot there, but also consider that, as an end user, a privacy focused VPN. And it just so happens DNSFilter sells one called Guardian
uhhuh.
You'll actually find that if you go and buy an Euro router. Guardian is built right in. You have our point of our privacy focused VPN built right in.
What that does is it obscures your browsing information from third parties, but also encrypts all that traffic as it moves back and forth on the internet. If you think our DNS is fast, take our VPN for a ride. Yeah, I think you'll be really impressed.
[00:22:15] Scott Becker: Oh, okay. Alright. Do you have any hot takes on the security, or risks of offering free public Wi-Fi or using Wi-Fi networks for business purposes?
[00:22:27] Carl Levine: Yeah, for sure. Again, and this all comes down to configuration. If you're, you gotta, one ISP coming into the building and everything's connected to it, including your guest Wi-Fi router. And it, maybe it's in a separate IP space, but it still goes back to the same, point on the network.
Just be very careful about how you set up VLANs and figure out like who's going where and when consider locking it down. You can schedule your Wi-Fi to turn off at a certain point. Could you imagine just rolling up outside the Starbucks at the end of my street and just getting on their Wi-Fi at two in the morning?
They don't, I'm sure they shut that stuff down and they reopen it at 5:00 AM when they reopen. Yeah. That's smart. Just, control the access where you can and just be, diligent in ensuring that you know that your users will have a safe experience, but at the same time that your data won't be compromised by running an open Wi-Fi network.
[00:23:18] Scott Becker: Right.
[00:23:21] Carl Levine: But wherever practical, lock it down.
[00:23:23] Scott Becker: Yeah. Yeah. Great advice. I guess finally in your role and, having a great understanding of how wireless networks operate and your security risks what's your personal protocol for connecting to a free guest Wi-Fi network?
Do you connect to Wi-Fi when traveling?
[00:23:42] Carl Levine: Primarily, unless it is secured and they've given me a password free Wi-Fi is gonna be something that I've gotta be in a hell of a pinch to want to jump on that. I'm gonna call out Harbor Freight Tools right now because that's one of my favorite stores, and if I want to use their coupons I have to get on their free Wi-Fi.
Because, 5G situation works out, 1960s, strip mall with, all sorts of reinforced concrete and a big, aluminum facade. It's not gonna, when I'm, deep in the, the aisles of Harbor Freight and I wanna pull up a coupon, I gotta use their free Wi-Fi.
I have to trust them. And then just as soon as I've got that coupon, like screenshotted, I disconnect. So for me free Wi-Fi, if you'd asked me that question 15 years ago, I'd be, oh, hell yeah, I'm all over that. Why? Because cellular connectivity wasn't what it was. I had a Verizon flip phone with one x, whatever that thing was, and you couldn't do crap on the internet with that.
Now, as soon as 3G came along and it was like, oh, look at this, and then like hotspots came out and it's I can have my own Wi-Fi. And it's mine. And then businesses, obviously, coffee shops got smarter. There was a coffee shop I used to frequent probably just as many years ago who, like they purposely locked down their Wi-Fi and only gave out the password to certain people because they didn't want a bunch of people with computers sitting around.
They're not in business anymore, but they may have missed the mark just a little on that one, but I think that just in general, my personal protocol is avoid free Wi-Fi wherever possible. Unless, you are absolutely certain that you understand the brand. But, and again, anybody can just fire up a pineapple or, a random rogue router somewhere and be like, oh yes, this is definitely Harbor Freight Wi-Fi.
Right.
Yep.
[00:25:34] Scott Becker: Yeah,
[00:25:34] Carl Levine: it's crazy.
[00:25:36] Scott Becker: I think you've you've talked me into hanging onto my LTE phone for a little bit longer.
[00:25:41] Carl Levine: It's fine. As long as it takes software updates. You're okay.
[00:25:43] Scott Becker: I do. I do. The day they're available. All right. As one does, this has been a great conversation.
Unsecured public Wi-Fi leaves your organization and customers at risk. Plus, 80% of Americans surveyed are concerned about the security of connecting to free Wi-Fi networks.
So how do you protect your organization and secure your free guest Wi-Fi? We will answer that question and more in this live presentation featuring experts from DNSFilter.
Join us and learn about:
- Benefits of offering free public Wi-Fi to guests
- The importance of securing your guest Wi-Fi networks
- DNSFilter’s role in providing secure public Wi-Fi
- And more!