Item saved to your backpack!

The modern college campus is often a world unto itself, providing everything from places to sleep, eat, workout, and of course, learn. There is a certain safety to living within campus boundaries, and this security extends (somewhat) to using the Internet. Of course, every student should exercise good judgment and caution when going online on a campus network, but for off-campus or those enrolled in online schools, some extra precautions are also in order.

1. Look out for fake hotspots

Chances are, when you are working online, you are using a mobile computer to connect to a wireless network, perhaps at a café or public library. Sometimes you will see several wireless networks available. It is important to know the name of and connect to the network officially provided by the venue. Otherwise you may fall prey to a "Viral SSID"--a fake wireless network with a tempting name like "Free Public Wifi" or "free internet."

These trick networks are broadcast by malware that has infected a machine of someone else in the nearby vicinity. Connecting to one of these could expose your private information, because they can capture your logins and passwords as you surf the web. When in doubt about which wireless network to connect to, ask an employee.

2. Use HTTPS for Facebook and other private sites

Most public wireless hotspots are open, meaning that they do not require a password. This means that your wireless connection is unencrypted. It is trivially easy for hackers to use a simple tool like Firesheep to sniff and intercept sensitive data that your computer is sending through the air, such as login cookies to sites like Facebook--potentially allowing someone to take over your account.

Web sites which allow connections using HTTPS ("secure HTTP") rather than plain HTTP provide their own encryption, protecting you from sniffing attacks. Your browser will show an active lock icon when you are connected to an HTTPS site, such as a banking site.

Some webmail sites, such as Gmail, now default to HTTPS, but others may not. You can always try simply typing the https:// instead of the http:// part of a site URL, although this will only work for sites that are built with secure support (many are not).

Facebook, for example, does support HTTPS, but not by default. You can enable HTTPS in Facebook. Log into your Facebook account and go to Account/Account Settings/Account Security and click to enable the "https" option. [See photo above.]

3. Setup a VPN

Some schools provide facilities for making a VPN, or virtual private network, connection. A VPN can be used to restrict access to private resources (such as library databases), which might normally only be available to users on campus. The VPN also creates a secure "tunnel" through which all of your browsing is encrypted, even if you are using an unencrypted wireless connection to an unencrypted web site.

Creating a VPN connection to your particular school often requires downloading and installing a special VPN client. This will be provided by your school (for example, here is the VPN for Cornell University), so contact your school's computing support department for more information.

4. Stay up-to-date

Both Microsoft and Apple frequently publish updates to secure your machine against newly discovered vulnerabilities. It is very important to accept these updates. It can also be very annoying, especially when they interrupt your work. But it is still vital.

The same advice applies to your web browser itself. All of the major browsers will look for and prompt you when an update is available. Remember that these updates are not merely limited to new features you may not care about--they also include new security protection for vulnerabilities that hackers can exploit. When it comes to automatic updates, just say "yes."

5. Private browsing on a public terminal

Surfing off-campus does not always involve using your own computer on a public wireless connection. Sometimes, at public libraries and even some Internet cafes, you will be using a public terminal--a computer owned by the venue itself. There are special safety measures to keep in mind when using a public terminal, because this is a computer that you do not have control over, and that anyone can use.

Anytime you log into a secure web site on a public terminal, such as your webmail or Facebook, be sure to log out at the end of your session. If you do not do this, the next patron may be able to access your account!

If possible, after logging out, close out the browser entirely. Let the next patron launch a new browser session.

In addition to the above, consider enabling "private browsing" mode. Assuming the public terminal has a newer browser installed, private browsing prevents your web activity from being saved in the browser's history. You can quickly enable private browsing in the latest versions of Firefox, Safari, Internet Explorer, and Google Chrome.

Also, resist the temptation to click any "Remember my login" button that you may see. We often do this habitually on our own computers, but you do not want any public browser to remember your login!

6. Outwit keyloggers

Unfortunately, a public terminal could be infected by malware. One of the more serious threats is a keylogger, a silent program that records users' keystrokes and potentially sends the data back to the hackers' server. This data can be used to sift for logins and passwords to your accounts.

There is no 100% sure way to defeat a keylogger, especially if you do not even know it is there. You can employ a few defensive measures that will confuse some keyloggers, or make it more difficult for hackers to piece together your private information.

For example, when typing a password on a web site using a public terminal, create out-of-order keystrokes. If your password is "mylongpassword", you could type "mypassword" and then click the mouse after the "y" and type "long". By doing this, from a keylogger's perspective you have actually typed "mypasswordlong"--therefore the hacker has not captured the correct password.

Again, this is not foolproof and a determined hacker could still reconstruct your steps, but most won't bother and will sift for the easy passwords from users less clever than you!