Re: [CGUYS] security on public wireless
You need to run a VPN on top of the wireless connection. This will give you a secure tunnel from your computer through to the VPN server. See a good tutorial at www.cites.uiuc.edu/vpn/security.html The above web site has a couple of nice graphics showing what part of the communication stream is protected by the encrypted tunnel. The tunnel is between the VPN client on your machine to the VPN server at the _VPN_service_provider's_end_. However, if the final service you are trying to reach is outside of the VPN provider's network, then the traffic from that point on are going unencrypted. Sniffers at any point beyond that can eavesdrop. You can buy VPN as a service from various providers for about $12/month. To mention one: www.hotspotvpn.com. (This is just an example, I have not used this service.) I think, a service like this will give you a false sense of security since you will be using this VPN tunnel to get to, in this case, hotspotvpn.com's network, but traffic beyond that is unencrypted and on regular the internet. You need to use the https protocol (as opposed to just http) every time when you give out a username/password pair for a web service you want to use. If the web service you intend to use does not offer https, then treat is an non-secure service. A lot of people still use FTP to upload web pages. You need to use sftp or scp instead. (Windows clients: Putty, WinSCP; MacOSX and Linux have scp, ssh, sftp build-in via the Terminal or you can find GUI clients.) Don't use the same username/password pair for all of your accounts. If one is compromised (ie: via FTP mentioned above) you are at the risk of having all of your accounts being compromised. * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** *
Re: [CGUYS] security on public wireless
use 'https' for gmail. if no vpn, but use https for gmail - wouldn't the wireless signal for a public connection still be in the clear transmitting your username and password? No. https uses SSL. (http://en.wikipedia.org/wiki/Secure_Sockets_Layer) It uses public/private keys to make an encrypted tunnel from your web browser to the remote web server. So, the data stream in the wifi is encrypted. However, a badly designed site may mix https and http between pages and may transmit authentication credentials in the clear. Site designers need to be careful to setup the entire site properly. * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** *
Re: [CGUYS] security on public wireless
I think, a service like this will give you a false sense of security since you will be using this VPN tunnel to get to, in this case, hotspotvpn.com's network, but traffic beyond that is unencrypted and on regular the internet. No, it provides the security that was asked for. This use of a VPN secures the over the air part of the transaction. Once the transaction clears the over the air segment it is on the regular, wired Internet and no less secure than and other transaction over the wired Internet. You are seeking something that was not requested. That just muddies the waters. * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** *
Re: [CGUYS] security on public wireless
VPN is of course the answer, if you really MUST perform 'sensitive' tasks from unsecured networks. But personally, I can hold off doing my online banking until I get home. Normal websurfing and gmail I just don't worry about. Though I _do_ always use 'https' for gmail. When Tony and I agree on something you can be sure that one of us is right! * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** *
Re: [CGUYS] security on public wireless
I think we tend to agree on most things. At least, I can't recall the last time we actually had a *disagreement*. Sometimes you do go off on tangents though. Now let's argue about top posting! :) On Sat, Aug 30, 2008 at 4:26 PM, Tom Piwowar [EMAIL PROTECTED] wrote: VPN is of course the answer, if you really MUST perform 'sensitive' tasks from unsecured networks. But personally, I can hold off doing my online banking until I get home. Normal websurfing and gmail I just don't worry about. Though I _do_ always use 'https' for gmail. When Tony and I agree on something you can be sure that one of us is right! * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** *
Re: [CGUYS] security on public wireless
Many places set up security though it be lite to keep people from outside not being able to log onto the network. There are routers that allow two sides a public and a private side for situations like this. Stewart At 05:40 PM 8/29/2008, you wrote: sure appreciate someone explaining this to me... trying to figure a way to make a public wireless connection secure for checking email, logging in to sensitive sites etc. seems like the nature of public wireless is that all is transmitted in the clear. would be great to be able to use wpa, but many hotels and convenient wireless internet don't seem to offer encryption. is there any way to protect wireless transmission on a public connection? also seems that this issue should be same for pc or mac, no? thanks for any help * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** * Rev. Stewart A. Marshall mailto:[EMAIL PROTECTED] Prince of Peace www.princeofpeaceozark.org Ozark, AL SL 82 * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** *
Re: [CGUYS] security on public wireless
thanks, but I'm sorry I don't understand - if I use public wireless say at a mall, how would a router on my end make the connection secure to the site I visit (or email) if the wireless connection is only public without any encryption available? From: Rev. Stewart Marshall [EMAIL PROTECTED] Date: Friday, August 29, 2008 04:06 pm Subject: Re: [CGUYS] security on public wireless Many places set up security though it be lite to keep people from outside not being able to log onto the network. There are routers that allow two sides a public and a private side for situations like this. Stewart At 05:40 PM 8/29/2008, you wrote: sure appreciate someone explaining this to me... trying to figure a way to make a public wireless connection secure for checking email, logging in to sensitive sites etc. seems like the nature of public wireless is that all is transmitted in the clear. would be great to be able to use wpa, but many hotels and convenient wireless internet don't seem to offer encryption. is there any way to protect wireless transmission on a public connection? also seems that this issue should be same for pc or mac, no? thanks for any help * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** *
Re: [CGUYS] security on public wireless
Sorry did not understand the question. There is no way to make the connection secure on a public wireless connection. Stewart At 06:20 PM 8/29/2008, you wrote: thanks, but I'm sorry I don't understand - if I use public wireless say at a mall, how would a router on my end make the connection secure to the site I visit (or email) if the wireless connection is only public without any encryption available? From: Rev. Stewart Marshall [EMAIL PROTECTED] Date: Friday, August 29, 2008 04:06 pm Subject: Re: [CGUYS] security on public wireless Many places set up security though it be lite to keep people from outside not being able to log onto the network. There are routers that allow two sides a public and a private side for situations like this. Stewart At 05:40 PM 8/29/2008, you wrote: sure appreciate someone explaining this to me... trying to figure a way to make a public wireless connection secure for checking email, logging in to sensitive sites etc. seems like the nature of public wireless is that all is transmitted in the clear. would be great to be able to use wpa, but many hotels and convenient wireless internet don't seem to offer encryption. is there any way to protect wireless transmission on a public connection? also seems that this issue should be same for pc or mac, no? thanks for any help * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** * Rev. Stewart A. Marshall mailto:[EMAIL PROTECTED] Prince of Peace www.princeofpeaceozark.org Ozark, AL SL 82 * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** *
Re: [CGUYS] security on public wireless
trying to figure a way to make a public wireless connection secure for checking email, logging in to sensitive sites etc. You need to run a VPN on top of the wireless connection. This will give you a secure tunnel from your computer through to the VPN server. See a good tutorial at www.cites.uiuc.edu/vpn/security.html You can buy VPN as a service from various providers for about $12/month. To mention one: www.hotspotvpn.com. (This is just an example, I have not used this service.) Has anyone been using such a service? Any good/bad points to report? * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** *
Re: [CGUYS] security on public wireless
VPN is of course the answer, if you really MUST perform 'sensitive' tasks from unsecured networks. But personally, I can hold off doing my online banking until I get home. Normal websurfing and gmail I just don't worry about. Though I _do_ always use 'https' for gmail. On Fri, Aug 29, 2008 at 6:40 PM, Fred Jones [EMAIL PROTECTED] wrote: sure appreciate someone explaining this to me... trying to figure a way to make a public wireless connection secure for checking email, logging in to sensitive sites etc. seems like the nature of public wireless is that all is transmitted in the clear. would be great to be able to use wpa, but many hotels and convenient wireless internet don't seem to offer encryption. is there any way to protect wireless transmission on a public connection? also seems that this issue should be same for pc or mac, no? thanks for any help * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** *
Re: [CGUYS] security on public wireless
use 'https' for gmail. if no vpn, but use https for gmail - wouldn't the wireless signal for a public connection still be in the clear transmitting your username and password? thank you very much everyone for the replies From: Tony B [EMAIL PROTECTED] Date: Friday, August 29, 2008 04:44 pm Subject: Re: [CGUYS] security on public wireless VPN is of course the answer, if you really MUST perform 'sensitive' tasks from unsecured networks. But personally, I can hold off doing my online banking until I get home. Normal websurfing and gmail I just don't worry about. Though I _do_ always use 'https' for gmail. * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** *
Re: [CGUYS] security on public wireless
A great primer on public wifi http://www.grc.com/sn/sn-010.txt or for more options, scroll to the bottom and see episode 10 http://www.grc.com/securitynow.htm Mike On Fri, Aug 29, 2008 at 5:01 PM, Fred Jones [EMAIL PROTECTED]wrote: use 'https' for gmail. if no vpn, but use https for gmail - wouldn't the wireless signal for a public connection still be in the clear transmitting your username and password? thank you very much everyone for the replies From: Tony B [EMAIL PROTECTED] Date: Friday, August 29, 2008 04:44 pm Subject: Re: [CGUYS] security on public wireless VPN is of course the answer, if you really MUST perform 'sensitive' tasks from unsecured networks. But personally, I can hold off doing my online banking until I get home. Normal websurfing and gmail I just don't worry about. Though I _do_ always use 'https' for gmail. * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** * * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** *
Re: [CGUYS] security on public wireless
Well, that answers that question. All gmail users should note there's a new option on the Settings page: Always use https. I'll quote: LEO: You can protect it by scrambling it. And you mentioned VPN and other techniques. STEVE: Well, yeah. I had a person who wrote in asking, if they were on a secure site filling out a form, and they did not yet have the little lock showing, was it safe to submit that data. That's actually a really good point, that the way data is sent back to a web server is over, well, secure data is over this SSL connection, or as people see it in the URL, https, S being for secure, as opposed to just http://. The event of pushing the button and submitting the data will create a secure connection. So it's very likely that, if the web page is running securely, that is, even if it's not showing you the lock when it's displaying the form, submitting the form can still be done securely. However, unless you take a look at the source code of the web page, you're not going to be really sure that it's a secure submission. So most sites will take the time to, for example, create the form on a secure page... On Fri, Aug 29, 2008 at 8:22 PM, mike [EMAIL PROTECTED] wrote: A great primer on public wifi http://www.grc.com/sn/sn-010.txt or for more options, scroll to the bottom and see episode 10 http://www.grc.com/securitynow.htm Mike On Fri, Aug 29, 2008 at 5:01 PM, Fred Jones [EMAIL PROTECTED]wrote: use 'https' for gmail. if no vpn, but use https for gmail - wouldn't the wireless signal for a public connection still be in the clear transmitting your username and password? * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** *