Are you worried about your internet connection? Do you suspect you're connected to Wi-Fi that is putting your data at risk? Do you fear your device might suffer a cyberattack?
In this guide, we will show you how to check whether your internet connection is safe. And we will explain how to ensure your data is secure no matter which public Wi-Fi hotspot you join.
How to check an internet connection is secure
Networks contain several vulnerability points that can put you and your devices at risk. Luckily, there are a few simple checks you can do to improve your security – no matter where you opt to use the internet.
Check that your Firewall is functioning correctly
Your computer's firewall is your first line of defense against threats on the internet. It is a vital network security system that constantly monitors and controls incoming network traffic based on pre-defined rules.
Advanced firewalls also monitor outgoing traffic to block potentially malicious traffic. This allows the firewall to prevent malware exploits such as Trojans from communicating with Command and Control servers – either to steal your data or infect you with secondary payloads.
A firewall also protects against hackers who use port scanning tools to scan the internet for computers with open ports that could be vulnerable (and allow them to access your computer). If, for example, you have installed a program that opens the FTP port, hackers could attack you via that port.
Both macOS and Windows computers come with a native firewall. This means that all you need to do is tell your Operating System whether you are using a public or private internet connection, and it will do everything else for you.
You only need to alter the firewall settings if something conflicts – or you need to whitelist a program from the perimeter created by the firewall's default settings.
How to turn on the Firewall on Windows 10
In Windows 10, the firewall is part of the native security suite called Windows Defender. This firewall can be turned on and off (comes on by default) and can be configured depending on your needs. Below, we have explained how to ensure it is turned on:
- Click on the Windows icon in the far left of your taskbar, followed by Settings (the cog symbol that appears just above it).
- Scroll down and click Update & Security to open the menu.
- Now click on Windows Security in the menu on the left.
- Next, on the menu that opens on the right, click on Firewall and network protection
- All three settings should be turned On by default (Domain network, Private network, and Public network). However, if any of them are not already on, click on them and then the button to turn them On.
How to turn on the Firewall on Mac
Mac firewall settings can be found in the Security and Privacy preference in System Preferences. To enable Firewall in macOS and OS X v10.6 or later:
- Go to System Preferences > Security & Privacy.
- Click on the Firewall tab.
- Click on the lock icon in the bottom left and enter your administrator password.
- Click Turn On Firewall (or Start in OS X).
The native Mac firewall is designed to prevent unauthorized applications, programs, and services from accepting incoming connections. Thus, if you want an advanced firewall that also scans outgoing packets, you will need to use a more sophisticated firewall such as Little Snitch.
How to test your firewall
Once you have assured that your Firewall is switched on, you can test it to make sure it is working. The good news is that you don't need to hire a penetration tester to do this because there are services designed to probe your Firewall for vulnerabilities automatically.
ShieldsUP from the Gibson Research Corporation is a useful service that anybody can use to check the integrity of their computer's firewall for common vulnerabilities and open ports.
If you have never tested your computer before, the service recommends that you start by using the File Sharing and Common Ports buttons.
There are four tests available on the website:
- File-Sharing test. This tests the ports associated with vulnerable file sharing ports and services.
- Common Ports test. This probes the ports employed by commonly used applications, including FTP, Telnet, NetBIOS, and many others.
- All Service Ports test. This scans through all of your ports from 0 to 1056 to ascertain whether any might be unnecessarily open and vulnerable. The test will reveal whether they are open (designated in red), closed (designated in blue), or in stealth mode (designated in green). If you have any red ports, you should investigate your firewall setting to find out what application is running on that port.
Messenger Spam test. This sends you a test Microsoft Windows Messenger message to see if you are potentially vulnerable to attacks carried out by spammers using these types of messages.
After testing with ShieldsUP you will know whether there are any holes in your firewall's security, and you can follow the instruction provided by ShieldsUP to tighten up your system.
If you investigate a suspected open port on your system and are unable to ascertain what program in running on it, we recommend that you close the port and run a malware scan to find out whether you have become infected with malware (or a botnet) that is exploiting that port.
In addition, you could opt for a more secure firewall that provides better security. We tested a PC with the firewall that comes with Vipre antivirus, for example, and found it passed all of ShieldsUP's tests with flying colors:
Secure your router against hackers
How your router is set up can vastly affect the security of your local network. This is why it is vital to ensure it has been set up using the most robust security available.
In 2021, the most robust Wi-Fi encryption available to home users is WPA2, and we strongly recommend that you set up your router using this protocol. To do so:
- Log in to your router's admin panel (enter the IP address for the router into your browser, followed by your username and password)
- Find the encryption protocol settings in the admin panel and ensure it is set to WPA2
In addition, we recommend that you check that you have updated the default passwords (router admin password and router access password), updated your network's name, and hidden your network from public view.
For more information on how to improve your Wi-Fi's security, check out our full Wi-Fi security guide.
How to check what encryption a Wi-Fi hotspot is using
When you are at home, you can easily check the encryption your router is using by logging in to the admin panel to set it to WPA2.
When you use public Wi-Fi hotspots, however, you are at the whim of whoever set that network up. For this reason, it is a good idea to check what encryption the network is using. To do this:
- Tap on Security to check the encryption standards (on some devices the encryption type will be written underneath the word Security in the menu.
- Click on the internet connection symbol in the bottom right of your Windows desktop (in the system tray).
- Click on the network you are connected to, followed by Properties.
- Scroll down to the Properties section at the bottom and locate Security type. This will tell you the type of encryption being used by the local WiFi network.
- Navigate to System Preferences and choose Network
- Select Wi-Fi (or Airport) and click the Advanced option in the bottom right
- In the Wi-Fi tab, the security encryption type is listed under Security
Run a Browser Disclosure Test
The ShieldsUP resource also has a Browser Headers tool for checking whether your browser is revealing important sensitive information about you and your computer.
When you look at the test results, you should preferably not be able to see any information that identifies you or your system.
Improve your browsing privacy
To improve your browser privacy, we recommend that you use Firefox with privacy extensions such as:
Use a Virtual Private Network (VPN)
If you often connect to public Wi-Fi hotspots, it is possible you could accidentally join an insecure network. For this reason, it is a good idea to take your data's security into your own hands.
A VPN encrypts all of your data before it leaves your computer or mobile device. This robust encryption ensures that your data is private as it passes both over a local Wi-Fi network and the internet itself.
When you use a VPN, you no longer need to worry about the kind of encryption a local Wi-Fi hotspot is using. The military-grade VPN encryption means that you can use any hotspot, even one that has been set up with no security - or perhaps by a cybercriminal.
As a result, a VPN is by far the best way to improve the security and privacy of your internet connection:
- It prevents Wi-Fi hotspots providers from snooping on your data, ad web habits
- It will protect you against hackers on a local Wi-Fi network
- It will prevent your ISP from tracking your web visits and engaging in metadata retention
- It will ensure that the government cannot access that web history and metadata.
Due to the high levels that a VPN provides, we recommend that you use one, both at home and while on public WiFi. To find a reliable VPN please visit our best VPNs of 2021 comparison page.
How to check your VPN for leaks
An important thing to remember is that not all VPN providers are reliable, and not all VPN applications were created equal. As a result, we advise anybody who uses a VPN to gain better security online to:
- Make sure they get a VPN service that is trustworthy and reliable (has strong privacy policies and apps that work properly)
- Test their VPN connection themselves to ensure that it is not suffering from any leaks
If a VPN leaks data, it is possible that your privacy and data security is being compromised. As a result, using the VPN software can actually lead to a false sense of security.
The good news is that anybody can use our online leak test tool to check their VPN for IP leaks, DNS leaks, and WebRTC leaks. As long as the VPN suffers from no leaks, it is working correctly and you can trust the VPN software to provide robust encryption for your data.
Check for the HTTPS prefix while browsing
Checking the prefix of the URL for a website is another way to check how secure your internet connection to a website is.
Secure websites use encryption certificates to authenticate the type of security they are using. This allows you to look at the URL to check whether the connection is safe.
Safe websites have the HTTPS prefix, so all the data between you and that website is being encrypted with robust Transport Layer Security (TLS).
The good news is that anybody can quickly check whether their connection to a website is secure. To do so, look up at the URL bar in your browser and check for the HTTPS prefix and the little padlock to the left. These two things indicate that the connection to the website is safe, and that there is no chance of your data being intercepted by eavesdroppers.
If, on the other hand, the website has the HTTP prefix, this means that the connection might be vulnerable, And it is vital that you do not enter any personal details, credentials, passwords, or payment details while visiting that website.
Use active malware protection
Many people scan their computers for malware on a pre-scheduled basis, and this is a good way to find any malevolent exploits after they have made your way onto your computer, to ensure they are quarantined or deleted to stop them from doing harm.
However, the very best malware programs actually scan for incoming exploits in real-time. They also have functions that prevent you from visiting malicious websites and scan your emails for threats. As a result, these programs constantly monitor your internet connection for incoming threats and warn you when you might be at risk.
Due to the massive amount of threats currently circulating online, we strongly recommend that everybody use malware protection with active scanning. To find out more about anti-malware programs, and to pick one that is suitable for your machine check out our best antivirus guide.