So there you are, browsing the vast Internet in a coffee shop on your travels abroad. You log in to Facebook, as usual, and continue to peruse the postings of the day. Unbeknownst to you, there might be someone stealing your login info right as you press the return key. After all, it’s an open network at a coffee shop—anyone has access to your information.
The same goes for airport WiFi, and the library down the street. Luckily, there’s a way to protect yourself. In this tutorial, I’ll explain how people obtain your sensitive information on an unsecured network and how to prevent them from doing so.
Why Public Networks are Dangerous
A public, unencrypted, or open network is one that does not require users to enter a password to join it. This means anyone from a hacker to an average Reddit user can access the network. It also means that any of these people can access what you transmit to and from the router, or access point.
They can grab this information through a process called packet interception or packet sniffing. Additionally, they can assume your identity on the network trick you into thinking you’re sending all your information to a legitimate website when, in reality, it’s all going to a hacker.
A public network is different from your home connection because, if you set up the latter with encryption, you know everyone who’s using it—you had to give them the password. With a public network, you can’t know for sure that the person sitting next to you isn’t trying to steal your login cookies or just searching for the Next Big Thing.
Secure (HTTPS) websites help prevent your data from being intercepted by adding a level of encryption to your online presence. This is why Google recently switched its homepage to the secure protocol. It’s still possible, however, to steal, decrypt, and log in with your cookies in many circumstances.
Rather than mask the problem by using something like EFF’s HTTPS Everywhere plugin, I’ll show you how to patch it completely. You don’t have to stop using public Wi-Fi, I'll focus on making it as secure as possible using a few free tools.
1. Download the Necessary Software
Your Mac is a safe computer out of the box, but as soon as you connect to a network, you’re vulnerable to local attacks. The problem is that OS X doesn’t protect against the most minor threats, like local network packet interception. For that, you’ll need to download a few tools.
First, you’ll want to find either a virtual private network or a proxy. The former, abbreviated VPN, will use your Internet connection to talk to a new, virtual version of the local network. It creates a direct tunnel, of sorts, between you and the VPN server, which then talks to servers on the Internet on its own.
When people try to see what you’re doing, all they can perceive is your transmission of data to and from the VPN’s server. Any other activity is hidden behind the walls of the service.
A side effect of using a VPN is location spoofing, which reports your public IP address (your unique footprint on the Internet) as being one on the remote server, not the router you’re using. For more information about virtual private networks, refer to the How to Use VPN on Your Mac tutorial.
An alternative way to mask what you’re doing is to route your traffic through a proxy server, often simply referred to as a proxy. There are multiple types of proxies, but here are two you need to know about: HTTP and SOCKS.
The former will allow all Web traffic to run through it, but that’s often not enough, so we’ll be focusing on a SOCKS proxy, which allows you to route all your computer’s transmissions through the remote server.
There are pros and cons to Proxies and VPNs. For most, a VPN can be easier to use since the protocol allows for any type of Internet traffic to be routed through it out of the box. That means you don’t have to worry about things you type getting stolen anywhere else on the system. With a proxy, though, you have to find one that uses a SOCKS protocol to secure everything. As an alternative, you could use an HTTPS proxy to at least protect your web traffic; don’t even consider an HTTP proxy as it offers a very thin layer of security.
Each of these encryption methods has its own benefits and flaws. If you use a VPN, I recommend ThreatSpike, a free and fully native one. Setting it up on a Mac takes about ten minutes and, in the US, the server is incredibly fast for being stationed in Europe. If you prefer to use a proxy, there are hundreds of free options—varying greatly in speed, of course—out there. To get started you can find a large number of proxies at HideMyAss.
Lastly, to make things more convenient, you should download Sidestep, a free tool that automatically enables your proxy or VPN when you connect to a unsecured wireless network.
2. Switch on Your Firewall
I spoke with a security-versed friend about the first step someone should take if they want to prevent being hacked on a local network. He said, “Turn on your firewall.”
The firewall is not enabled, by default, on your Mac but it should be. Whenever a new type of incoming connection is detected, from any app, the firewall will instantly alert you and ask if you would like to Allow or Deny it.
Don’t get in a hurry and press Allow if you don’t know what it is. Read the description of the message and search Google to determine the connection’s identity, if necessary.
To switch on the built-in firewall, head to the Security & Privacy pane of System Preferences. In the Firewall tab, simply click Turn On Firewall to add a hefty layer of security to your Mac. Additionally, you can enable stealth mode in Firewall Options to stop a hacker from even detecting you on the network when he runs a scan.
3. Protect Your Connection from Local Attacks
Once you’ve configured your system’s integrated security settings, it’s time to set up some third-party stuff. (Remember, a firewall alone isn’t enough to protect you from local network packet interception.) To do this, follow these steps, depending on what security protocol you want to use.
Method 1: Use a Proxy Server You Found Online
This method is best if you do not want to bother configuring a VPN and have already found a nice-looking proxy in your research online. If you want to use your own Web server as a proxy, see the next method.
- Open the Sidestep app you downloaded. A new up-arrow icon will appear in your menu bar, and the app’s welcome screen will appear. It explains “the problem” and “the solution”. When you’re finished reading, click Next.
- You’ll be presented with a screen to set up your proxy server. I used my own server on DreamHost (see below) and the app asked for my password when I clicked Test Connection to Your Server! I initially checked the Save Password box, but discovered it doesn’t work with Sidestep, so I would recommend remembering the password since it will ask you for it each time you’re on unsecured Wi-Fi.
- When you’ve finished inserting your proxy’s details, click Next. Take note of the different icons Sidestep will use to tell you if you’re secure or not. I recommend starting Sidestep at login as well. Click Finish to wrap things up.
Method 2: Use Your Own Server as a Proxy
If you pay for a Web server that hosts your website, you’ll be happy to know that it can also be used as a proxy server. To get it up and running with Sidestep, you’ll need your SSH hostname, username, password, and port number (if applicable). If you don’t know what these are or you’re not sure if your server has them, it’s best you use a preconfigured proxy instead. Once you gather the details, follow the steps for a regular proxy.
Method 3: Use a VPN
If you used a proxy server, everything’s ready to use. If, however, you prefer to use a VPN you can configure Sidestep to connect to it automatically.
- Make sure you have a VPN set up in the Network pane of System Preferences. If you need help configuring it, refer to our guide.
- Click the menu bar icon, click Preferences, and select the Proxy Server tab.
- Rather than rerouting through SSH, select Reroute through VPN and select the one you have configured.
- That’s it! Sidestep will take it from here.
I’ve shown you the basic ways of protecting yourself from local network hackers. You should now feel more confident logging in to Twitter when on the go and checking your bank account’s balance in the local coffee shop.
If you found this interesting, there’s a lot more learning to be done in the field. I’d recommend looking into tools like Little Snitch to monitor all connections to and from your Mac—it the Great Wall of firewalls. Additionally, feel free to check out our other security tutorials.