Coffee Shop Security
Hi,
Whilst watching the Network Infrastructures episode of the Network+ course it was mentioned that you wouldn't want to access your Banking website whilst connected to a hotspot wireless network in a coffee shop.
I get the whole security issue of using these types of connections, however, if I connect to an HTTPS website isn't the communication encrypted? If so, why is it such a security concern?
Many thanks.
Lee.
Hey Lee,
That is a great point and I agree that HTTPS is a secure method to connect to any website to protect the data between the client and server, it does not ensure the end user is applying operating system hardening techniques, we try to emphasize that in the larger scope of things if I can access your computer from the hotspot and steal session cookies, use-after-free vulnerabilities in the browser, "Remember me" option storing password info, remote-code exploitation-scenario being when you are using a password manager and it performs auto-logon, all I need is a remote connection and the password manager gives me access, installing software key loggers(capture your username and password then reuse it from my computer)...then HTTPS while a good start needs to be coupled with defense-in-depth such as antivirus/antimalware, updates, patches, the average user from these types of vulnerability exploitation.
In most situations you should be ok only utilizing HTTPS as your only method of securing yourself on a hotspot but there are still security concerns.
Thanks for the quick reply Wes!
That makes sense and was the kind of answer I did expect. I've just purchased a lifetime VPN membership which will also go some way to deter those pesky hacker types (If I ever decide to do some life administration in a coffee shop!)
Best regards.
Lee.
Yea VPN tech is the thing to have then your endpoints are protected and all communications (including HTTPS..lol). Another great point!
