Understanding Computer Network Security Part 1: Wireless Network Sniffing

Welcome to the first part in my newest series, "Understanding Computer Network Security", where I try and give a brief overview of the general topics of computer security, and how to protect yourself.

The first attack I'm going to talk about in this series is what happens the moment that information leaves your computer and enters a wireless network. Imagine you visit a website called generic-example.com. The first thing that is going to happen is your computer will send out a request asking generic-example.com for the homepage. Generic-example.com responds with the information that you requested and the process is pretty much complete. It seems pretty harmless, so lets look at a more dangerous example.

Imagine that website X wants you to sign up for their great new photo sharing service. You enter in your email and your desired password and your in, but not without caveats. When you submit your email and your password to website X, your browser actually puts that information in the URL (it's how the data is transported), and then broadcasts it all across the wireless network you are on. Wireless communications broadcast in all directions, indiscriminantly. Now anyone on your network will see a request being made to generic-ecample.com/users/sign_up?email=testemail@example.com&password=my_generic_password. All data that gets sent over the internet gets sent in a format similiar to this. Bank accounts, credit cards, passwords, emails, SSN's, etc. All of it.

Ok, so I maybe massaged the truth a little bit for the sake of riling you up, there are ways of hiding your information from other people on wireless networks. It's called encryption. On a wireless network, there are two layers of encryption, there is the encryption that is generated when you enter the password for the network, this only occurs if you are on a password protected network, and anyone else who has the password can break this encryption protocol with little to no effort. The second form of encryption is called SSL, which stands for Secure Socket Layer. Use of SSL changes on a website to website basis, but theres a really easy way to tell. Almost all browsers in use now will have a green bar at the top, or a lock, or some form of reassuring security icon by the URL that will inform you that you are using safe browsing.

Not all websites offer SSL, and that's OK, it's not absolutely necessary for every site, but you should be aware that you should NEVER share credit card info with a site that doesn't use SSL, and you should probably pick different passwords for sites using SSL and sites that aren't.