8. Attaching to an Unknown, Untrustworthy WiFi Network
There's nothing more soothing than a good cup of java (lower-case) and a free WiFi connection at your local coffee shop. But watch that guy at the booth next door -- he may be hacking into your laptop over that very same WiFi link.
Your users are even more at risk if their wireless card uses the Wireless Access Protocol (WAP), which is notoriously simple to hack. A hacker can use a sniffer and grab your corporate user name and password, for instance, or infect you with a worm, says Daniel Peck, a security researcher with SecureWorks.
Even if they're only sipping coffee and working offline, an attacker could use your employee's wireless card to access his machine -- and eventually, your corporate network.
It's tempting for a user on the road to jump on the closest WiFi connection they pick up while waiting at the airport or some other public place. "There is no way of ensuring that the networks they connect to aren't run by a malicious attacker," says Matasano Security's Goldsmith. "While the unsuspecting user surfs the Web, an attacker could be using a man-in-the-middle attack to monitor their traffic -- or even worse, use a client side attack toolkit to compromise their machine."
A personal firewall can help, says the Enderle Group's Enderle -- as long as your users keep it turned on, that is.
"Attach away. Just tunnel through with SSH or a VPN client," says Cigital's McGraw. "Also be aware of low-level attacks, and don't do anything too sensitive."
But the only way to ensure that your users won't get hacked via WiFi is to have them disable their wireless card altogether while they work from public places, says Matasano Security's Ptacek. "The safest reasonable attitude right now is that even browsing available wireless networks is risky."