Re: Internet security on "hotspots"
- From: James Harless <jharless@xxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 20 Apr 2006 08:27:08 -0500
Personal firewalls had already been covered by many posts including the
Original Poster. I didn't see any need to reiterate that since the post
asked for 'other ideas or thoughts'. I assume that everything mentioned is
in addition to a personal firewall.
Also, it's dangerous to assume that 'she's only visiting HTTPS sites so, she
doesn't need encryption'. Are you sure? Is she going to check/send email?
POP3? SMTP? Is there anything I, as an attacker, can gain by learning her
email address/password + the fact that she visits www.herpersonalbank.com?
Can I do anything with that information? What if I also learn the email
addresses of trusted senders? What if she fires up SSH to her home? Is her
username the same as her email address, per chance? A lot of users will use
the same or similar passwords, even.
I would never underestimate the value of 'leaked' information. Potential
attackers would even be sizing her up as a target based on how she dresses
and the type of tech she's carrying.
--
James Harless
Network Security Engineer
Kidwell Companies
kCOM kE kTECH
900 S. 26th Street
Lincoln, NE 68510
13336 Industrial Road
Suite 101
Omaha, NE 68137
Main: 402-475-9151
Fax: 402-475-9186
jharless@xxxxxxxxxxxxxxxxxxxx
www.kidwellcompanies.com <http://www.kidwellcompanies.com/>
On 4/19/06 12:38 PM, "Andy.Kitzke@xxxxxxxxxxxxxxxx"
<Andy.Kitzke@xxxxxxxxxxxxxxxx> wrote:
A VPN would work well for keeping her traffic safe but if her laptop
wasn't safe then the VPN would be moot. I think using a VPN is
complicating the situation beyond what the user maybe was looking for.
The two places to secure would be the end node and the traffic in
between. The traffic could be secured by a VPN, but that would still
leave the end node vulnerable to attack. I think with the amount of
threats currently in the wild, browsing the internet without a personal
firewall can be a dangerous venture.
If she's looking for the most secure approach I would say a personal
firewall and a VPN connection to a trusted source. If she is just
looking for machine security I think a personal firewall would be
plenty. I would steer towards a firewall with good reviews that looks
at more than just ports, like IE requests and such. If she used SSL
sites anytime she was divulging personal information her traffic would
be encrypted and there wouldn't really be a need for a VPN.
Andy Kitzke
Network Engineer
In-Sink-Erator
-----Original Message-----
From: James Harless [mailto:jharless@xxxxxxxxxxxxxxxxxxxx]
Sent: Wednesday, April 19, 2006 8:53 AM
To: focus-ms@xxxxxxxxxxxxxxxxx
Subject: Re: Internet security on "hotspots"
Have her connect to a VPN that is available to her. If her company
doesn't
have one available, there are many easy to implement solutions for
setting
up a PPTP VPN. Then, she can connect to an insecure Wireless AP but,
all of
her traffic would flow encrypted to the VPN and out to the 'net from
that
remote location.
---------------------------------------------------------------------------
---------------------------------------------------------------------------
- References:
- RE: Internet security on "hotspots"
- From: Andy.Kitzke
- RE: Internet security on "hotspots"
- Prev by Date: Re: MS06-013 Cumulative IE Update (912812) Issues
- Next by Date: Re: MS06-013 Cumulative IE Update (912812) Issues
- Previous by thread: RE: Internet security on "hotspots"
- Next by thread: RE: Internet security on "hotspots"
- Index(es):
Relevant Pages
|
