Security Experts:

NSA Shares Guidance for Government Employees on Securing Wireless Devices in Public

The National Security Agency (NSA) has published a new document to provide a series of recommendations on how governmental agencies in the United States can mitigate the cybersecurity risks associated with the use of wireless devices in public settings.

Given the wide adoption of telework due to the COVID-19 pandemic, both businesses and end users need to ensure increased protection of personal and corporate data, especially in public settings. The NSA points out that securing devices for the use of public Wi-Fi hotspots is not enough, as their Bluetooth and Near Field Communications (NFC) functions require similar attention as well.

“To ensure data, devices, and login credentials remain secure and uncompromised, cybersecurity is a crucial priority for users and businesses. This includes identifying higher-risk public networks and implementing security best practices while in public settings, whether connecting laptops, tablets, mobile phones, wearable accessories, or other devices with the ability to connect to the internet,” the NSA says.

The guidance is aimed at National Security System (NSS), Department of Defense (DoD), and Defense Industrial Base (DIB) users, but it can also be useful to the general public. The agency’s infosheet recommends a series of best practices for securing wireless devices when they are used in public places.

Connecting to public Wi-Fi networks is not recommended, as this may expose devices to various attacks. When such connections are necessary, however, the use of a virtual private network (VPN) to encrypt the traffic is recommended, along with secure browsing methods, to ensure data is protected from Wi-Fi snooping.

Bluetooth, the NSA notes, may be convenient for transmitting data between devices within short distances, but could pose a risk in public settings, where attackers may abuse the technology to access information about targeted devices or “send, collect, or manipulate data and services on the device” by leveraging various Bluetooth compromise techniques.

[Also read: One Year Later, Over 2 Billion Devices Still Exposed to BlueBorne Attacks]

NFC, which is used for various applications such as contactless payments and close device-to-device data transfers, could also be abused for malicious attacks, albeit the NFC range limitations minimize opportunities to exploit vulnerabilities in the protocol. Even so, the NSA recommends that users disable the function when it is not in use.

The agency also recommends keeping device operating systems and other software updated at all times, using security applications, using multi-factor authentication whenever possible, rebooting mobile devices after using public Wi-Fi, enabling firewalls on laptops, configuring Web-Proxy Autodiscovery Protocol (WPAD) for corporate proxies, and disabling Link-Local Multicast Name Resolution (LLMNR) and Netbios Name Service (NBT-NS), where applicable.

Should connecting to a public Wi-Fi network be necessary, the NSA recommends connecting to secured Wi-Fi hotspots only, and only if the network uses WPA2-encryption at a minimum. Moreover, users are advised to delete the Wi-Fi network from the device after disconnecting from it, erase any other unused Wi-Fi networks from the device, and limit browsing to the necessary websites and accounts.

Furthermore, users are advised to periodically monitor Bluetooth connections, disable the function when it is not in use, disable discovery mode if not needed when Bluetooth is active, and be selective of the applications that are allowed to use Bluetooth.

“Users should consider additional security measures, including limiting/disabling device location features, using strong device passwords, and only using trusted device accessories, such as original charging cords,” the NSA also says.

Jake Williams, co-founder and CTO at incident response firm BreachQuest, commented, “While people should be generally cautious when connecting to public WiFi, advising them never to use public WiFi is not realistic for most. With the rise of ubiquitous encryption, particularly the use of HTTPS, the risks of using public WiFi today are a fraction of what they were even a few years ago.”

“Security practitioners should also be communicating the relative risks of using public WiFi with a laptop versus a cellphone or tablet. Laptops frequently use technologies, such as LLMNR, that make using public WiFi significantly more risky. Cell phones and tablets on the other hand typically do not use such technologies,” Williams added.

Related: NSA Issues Guidance on Securing IT-OT Connectivity

Related: NSA Publishes Guidance on Adoption of Zero Trust Security

Related: NSA, DHS Issue Guidance on Protective DNS

view counter