Secure connectivity underway

Most of the time, we prefer public WiFi access instead of a mobile phone network (GSM/ UMTS/ LTE) while underway, because WiFi promises a faster connection and does not affect our mobile phone data usage.

Many hotels, bars and restaurants (including fast food stands), airports and even the city of Munich now offer WiFi access. There are several issues to keep in mind related to the security of your systems and data and ensuring the confidentiality of business matters.

Open and encrypted public WiFi networks

For the following tips, we differentiate between two types of networks:

  1. WiFi networks that you can use without registering (open WiFi network)
  2. WiFi networks that require either a password, or as with eduroam, a password and ID (encrypted WiFi)

Some WiFi networks can be used without a password, but they require browser registration, such as logging in with your name and room number in a hotel. These networks fall into the open WiFi category, even if Internet access is not possible without the browser registration. The key is the first step: Connection to the WiFi network.

What to consider when using open WiFi networks

Open WiFi networks are especially risky given that the data is transmitted without encryption. That means the person in the next room who is logged on to the same network can read your traffic. This is a no go, especially if it involves business communications.

Furthermore, anyone can set up a WiFi hot spot and make it available under the name of the hotel network, for example. If the signal of the pseudo hot spot is stronger than the actual hotel network, your device will automatically connect to the fake one and transmit your entire traffic to the hacker.

For this reason, follow these general rules when using open WiFi networks:

Use the mobile phone network

If possible, avoid open WiFi networks and instead utilize the mobile phone network (GSM/ UMTS/ LTE)

If your device is not capable of mobile internet, you can still access the Internet with your smartphone via the mobile phone network (mobile hot spot)

Activate the VPN

If you have no other option, such as when the mobile phone network is not available, activate the LRZ VPN immediately after logging on to the WiFi network. To ensure that the entire traffic is transmitted via LRZ, and thus encrypted, you must place a "!" in front of your ID (refer to "What is split tunneling?") when signing into the VPN client. This will ensure that the WiFi provider is not able to read your communications.

Remove the network after using it

Once you are done, remove the network name from the list of known WiFi connections to keep your device from automatically connecting to it again.

Instructions: removing WiFi networks

Additional tips

The following tips for using open WiFi networks should be taken into consideration as well.

Things to consider with any open WiFi network

Encrypted WiFi networks can keep others on the same network from eavesdropping, but not necessarily the WiFi provider.

For this reason, keep the following in mind when using an open WiFi network.


When logging on to or entering data in a website, make sure the link is secure (URL should begin with https//). 

Encrypted email services

When retrieving emails, the transmission should also be secure (encrypted).  While this has long been the only option for your TUM emails, make sure it applies to your private emails, as well.


Utilize the LRZ VPN service to encrypt the traffic across the LRZ tunnel, which protects against eavesdropping and unauthorized access. To make sure the entire traffic is tunneled via LRZ, you must place a "!" in front the VPN client ID when logging on (refer to "What is split tunneling?") This will ensure the WiFi provider is unable to read your traffic.

Properly configure eduroam

If you are using the eduroam WiFi network while underway (eduroam is available not only in Munich, but in many facilities around the world), make sure it is properly configured so that your password cannot be hacked. You will find instructions at: