Resources‎ > ‎

Portable Devices

Our tablets and smart phones can go everywhere with us.  To work, on vacation, to the homes of friends and relatives, in cabs, planes and trains.  When we're on the move, we don't want to have to think about keeping our banking password private, or keeping business plans confidential.  The trouble is, data thieves know this.  They are opportunistic, and laptops, tablets, smart phones and computer accounts with distracted owners are a prime opportunity.

While there isn't a good way to keep out a determined hacker who has targeted you personally -- other than to not take technology with you, and not borrow any while you're away -- there are several things you can do to make yourself a more difficult target, and so keep away the opportunists and amateurs.  Here are some of those things.

This is by necessity a very summary overview.  This topic is under development for presentation to student, faculty or staff groups; please contact me if you're interested.

What the threats are

Untrusted Networks

Coffee shops, hotels, airports, McDonalds -- you can get free WiFi access in a lot of convenient places these days.  Unhappily, you can also get a phony WiFi hotspot in a lot of these same places.  The hacker will set up his own equipment with the same network name as the legitimate business, and your "secure" connection goes right to the device which the hacker can read.  Another possibility is that the service provider, having understandably economized on the free service, doesn't know that the hackers have compromised his legitimate equipment.

Untrusted Computers

Hotels often have a "business center" with computers for their guests to use.  There has always been a risk of these computers being compromised; in the summer of 2014, the Secret Service was warning the hospitality industry about an uptick in such attacks.

Broadly speaking, this can take two different forms:  Software that the hacker places on the guest computer to watch for account login passwords; or a hardware key logger, plugged in between the keyboard and computer, to catch usernames and passwords as they're typed in.

Lost Devices

You can avoid untrusted computers (if not untrusted networks) entirely by bringing your own phone, tablet or laptop.  Just don't let it get lost or stolen!  Studies have shown that people who find lost devices almost always snoop, even when they ultimately try to return the device.

What to do about them

Encryption by the application

The simplest way to keep network snoops from looking at your browsing over the wire (or over the air) is to use secure web pages where available.  Look for a padlock icon near the address in the web browser, and https instead of http in the address itself.  If it's not there, add that little 's'.

This is not foolproof, but it's better than nothing.

Email servers can be set to use encryption as well, although it's a little more involved.  Applications like Outlook, Thunderbird or the Apple Mail app can be told to use "Connection Security" -- options include SSL/TLS or sometimes STARTTLS.  Find out what your email provider supports, and set your email application to match.  Your email provider should have instructions for doing this.

Note that this only protects your email between the device you're using and your email provider's server.  Once your email provider sends the email on to its destination, the email may no longer be encrypted.

Encryption on the network

VPN (Virtual Private Networking) is a technology that encrypts all traffic from your computer and sends it out to the VPN provider; from the VPN provider, it is no longer encrypted unless you've used the application encryption described above.  This gets you past network eavesdropping in public WiFi hotspots, making your connection about as safe as (but no more than) a typical home cable network connection.

PC Magazine did a review in January 2014 of different consumer VPN services for Windows and Linux.  Users of Apple devices and other tablets can look at the Cloak product, which was not included in the review.  Note that while some of these are free, many require some monthly fee.  (Update 6/25/2016:  Brian Krebs notes that the free proxy services are not really all that secure.  Based on this, as well as general principles, I suggest you use a paid VPN service that offers Service Level Agreement type accountability.)

Delaware Tech employees who want secure remote access to college systems and services should use our remote access terminal server.

Passwords and PINs, and Remote Wipe

If you misplace your device, make sure it isn't useful to a thief.  Laptop computers can usually take a boot password or hard drive password in their hardware setup screens.  Tablets and phones should be able to use PIN passwords, and some have a "remote wipe" or "find my phone" capability.  Look into these features before you travel, and become familiar with them.  If you have confidential data on your device, you probably should be using these features at all times.

Huffington Post did a feature recently on how to secure an iPhone.

Lifehacker reviews remote wipe utilities for Android / Windows devices.