A VPN (Virtual Private Network) is a computer network that allows users to use the internet to connect to a secured network (usually their office’s private network).
The benefit of a VPN is that a user can access their organization’s resources from home (well anywhere for that matter) over the internet, but any data that is transferred over the VPN is secured. All data is run through the virtualized private network using the internet as the communications channel.
The reason I decided to talk about VPNs today is thanks to an article I read on CNN.com. Amy Gahran published a report about Firesheep and how it can compromise your computer’s security.
A new Firefox extension called Firesheep allows users to steal credentials for Gmail, Facebook, and other personal accounts from other users who are on the same Wi-Fi network. This means Johnny D. can steal Google Account information by using Wi-Fi at the local Starbucks (sounds like a hacker’s dream).
Gahran states that once she installed Firesheep, she was “able to open a sidebar in Firefox and tell it to ‘start capturing’ data.” Soon enough her browser had taken icons and usernames from other users on the network that allowed her to log into a stranger’s Facebook account, and act as the user.
There are a couple of ways to protect your computer from Firesheep.
Gahran recommends:
1) Don’t use public Wi-Fi
2) Use your mobile devices 3G (or 4G) connection as a mobile modem
I recommend:
3) Use a VPN to do any work off-site
4) HTTPS Everywhere – a Firefox extension that encrypts communications with many websites
5) Installing FireShepherd – which jams the Wi-Fi network with packets to block Firesheep
If these options seem too complex, a simple solution would be to limit your public web browsing activities to just web browsing. Check your personal accounts (Facebook, Gmail, Banks, etc.) at home.