Re: Internet security on "hotspots"
- From: James Harless <jharless@xxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 20 Apr 2006 10:02:46 -0500
I agree with everything you said. Also, I suppose my 'dangerous to assume'
wasn't a complete thought. Basically, if I told a user 'only do important
things via HTTPS'....I would assume they are incapable of following those
instructions to a degree with which I would feel safe.
I hope that clears it up. I didn't intend to put words into Andy's mouth
with my writing.
--
James Harless
Network Security Engineer
Kidwell Companies
kCOM kE kTECH
900 S. 26th Street
Lincoln, NE 68510
13336 Industrial Road
Suite 101
Omaha, NE 68137
Main: 402-475-9151
Fax: 402-475-9186
jharless@xxxxxxxxxxxxxxxxxxxx
www.kidwellcompanies.com <http://www.kidwellcompanies.com/>
On 4/20/06 9:34 AM, "mcclenbw@xxxxxxxxxxx" <mcclenbw@xxxxxxxxxxx> wrote:
I reread Andy's post, and I don't see the he was assuming 'she's only
visiting HTTPS sites so, she doesn't need encryption'. He stated if
that was the case, then a VPN wasn't needed. If it's not the case, use
a VPN. Although, probaly not a likely case I agree.
You are correct to not underestimate the value of leaked information and
I would point out that not even a VPN, a firewall, HTTPS, etc. can
protect her 100%. Set aside all the data encryption for a minute and
all that other stuff us geeks always migrate to when as about security
and focus on her physical surroundings. If I'm sitting in Panera and
the guy behind me can see everything on my screen, and perhaps what I
type, no amount of encryption and/or tunneling is going to help. And
yes there are people out there that can read keystrokes as you type in
your password.
Just a reminder that your data is not the only thing in the public when
using hotspots. You are in public as well. Be sure no one is "looking
over your shoulder." Social engineering is just as big a threat.
Although personally I think in this case it's more like "stalking
engineering"...
Brady McClenon
Systems Administrator
State University College at Oneonta
-----Original Message-----
From: James Harless [mailto:jharless@xxxxxxxxxxxxxxxxxxxx]
Sent: Thursday, April 20, 2006 9:27 AM
To: Andy.Kitzke@xxxxxxxxxxxxxxxx; focus-ms@xxxxxxxxxxxxxxxxx
Subject: Re: Internet security on "hotspots"
Personal firewalls had already been covered by many posts
including the Original Poster. I didn't see any need to
reiterate that since the post asked for 'other ideas or
thoughts'. I assume that everything mentioned is in addition
to a personal firewall.
Also, it's dangerous to assume that 'she's only visiting
HTTPS sites so, she doesn't need encryption'. Are you sure?
Is she going to check/send email?
POP3? SMTP? Is there anything I, as an attacker, can gain
by learning her email address/password + the fact that she
visits www.herpersonalbank.com?
Can I do anything with that information? What if I also
learn the email addresses of trusted senders? What if she
fires up SSH to her home? Is her username the same as her
email address, per chance? A lot of users will use the same
or similar passwords, even.
I would never underestimate the value of 'leaked'
information. Potential attackers would even be sizing her up
as a target based on how she dresses and the type of tech
she's carrying.
--
James Harless
Network Security Engineer
Kidwell Companies
kCOM kE kTECH
900 S. 26th Street
Lincoln, NE 68510
13336 Industrial Road
Suite 101
Omaha, NE 68137
Main: 402-475-9151
Fax: 402-475-9186
jharless@xxxxxxxxxxxxxxxxxxxx
www.kidwellcompanies.com <http://www.kidwellcompanies.com/>
On 4/19/06 12:38 PM, "Andy.Kitzke@xxxxxxxxxxxxxxxx"
<Andy.Kitzke@xxxxxxxxxxxxxxxx> wrote:
A VPN would work well for keeping her traffic safe but ifher laptop
wasn't safe then the VPN would be moot. I think using a VPN islooking for.
complicating the situation beyond what the user maybe was
The two places to secure would be the end node and the traffic inwould still
between. The traffic could be secured by a VPN, but that
leave the end node vulnerable to attack. I think with theamount of
threats currently in the wild, browsing the internet without apersonal
personal firewall can be a dangerous venture.
If she's looking for the most secure approach I would say a
firewall and a VPN connection to a trusted source. If she is justthat looks
looking for machine security I think a personal firewall would be
plenty. I would steer towards a firewall with good reviews
at more than just ports, like IE requests and such. If sheused SSL
sites anytime she was divulging personal information hertraffic would
be encrypted and there wouldn't really be a need for a VPN.implement solutions
Andy Kitzke
Network Engineer
In-Sink-Erator
-----Original Message-----
From: James Harless [mailto:jharless@xxxxxxxxxxxxxxxxxxxx]
Sent: Wednesday, April 19, 2006 8:53 AM
To: focus-ms@xxxxxxxxxxxxxxxxx
Subject: Re: Internet security on "hotspots"
Have her connect to a VPN that is available to her. If her company
doesn't have one available, there are many easy to
for setting up a PPTP VPN. Then, she can connect to an insecure
Wireless AP but, all of her traffic would flow encrypted to the VPN
and out to the 'net from that remote location.
--------------------------------------------------------------
-------------
--------------------------------------------------------------
-------------
---------------------------------------------------------------------------
---------------------------------------------------------------------------
- References:
- RE: Internet security on "hotspots"
- From: mcclenbw
- RE: Internet security on "hotspots"
- Prev by Date: RE: Internet security on "hotspots"
- Next by Date: RE: Internet security on "hotspots"
- Previous by thread: RE: Internet security on "hotspots"
- Next by thread: RE: Wireless Security
- Index(es):
Relevant Pages
|
|
