Wireless Connectivity

RE: How do you keep your computer safe at public hotspots?

donc — Thu, 28 Dec 2006 19:57:00 GMT

Your concern is the reason a lot of orgs use products like RSA tokens for VPN authentication over wireless links - The passcode on the token changes every 60 seconds, and because it's combined with a PIN anyone sniffing at authentication stage would have to be very quick to establish a connection... and even if they did, the RSA Server would identify the new MAC address and require a second authentication to continue... something the hacker could not do without physical access to the token.

Don

RE: How do you keep your computer safe at public hotspots?

shampayne — Thu, 28 Dec 2006 19:02:00 GMT

A question about VPNs then... is this defense only protecting against casual sniffing? If an attacker was 'l33t' couldn't they sniff whatever is used to establish the vpn at the start of the session to then decrypt that session or to start a new session with the same credentials? Maybe I'm not understanding something, but the shared secret to start the vpn session has to be exchanged somehow to establish the session, no?

RE: How do you keep your computer safe at public hotspots?

kjstrat — Sun, 10 Dec 2006 08:20:00 GMT

Here's another VPN option: JanusVM.

You'll need VMWare's free VM Player to run Janus. Then make sure you read the help option toget Janus up and running. It's quite simple actually and does a nice job of tunneling (VPN).

RE: How do you keep your computer safe at public hotspots?

kjstrat — Fri, 24 Nov 2006 10:54:00 GMT

Needless to say, a firewall's mandatory. AV, too. But neither protects you from packet sniffing. Packet sniffing is intercepting another's signal and reconstructing it.

A VPN's the best way to go to counter that threat. I've admin'ed a couple of coffeehouse routers and you're wide open to sniffing w/o some kind of tunneling (VPN). Iopus offers a free product called iPig that used to work well, but is a useless beta now.

Karl

RE: How do you keep your computer safe at public hotspots?

bsatterfield — Wed, 22 Nov 2006 17:27:00 GMT

Hi,

Thanks for reading. We mentioned the Thawte personal certificate in an earlier article about electronic consent, but if I remember correctly, you still have to get the free certificate authenticated by a trusted third-party.

As for services like LogMeIn, I am pretty confident they are secure, but I would contact the company to find out just what kind of encryption they use and how it's implemented.

RE: How do you keep your computer safe at public hotspots?

jhalloran — Wed, 22 Nov 2006 17:21:00 GMT

Useful article - thanks. There are several services - gotomypc, logmein.com and others - that offer a remote encrypted connection via a third server on the web - sort of a vpn via an outside server - how secure are these services and are they secure in a public setting?

Also Thawte offers a free personal email digital certificate.

How do you keep your computer safe at public hotspots?

wcook — Tue, 14 Nov 2006 20:25:00 GMT

Do you use antivirus software or a firewall? A VPN or encryption techniques?

If you're interested in learning more about keeping your computer safe at public hotspots, check out TechSoup's article Five Tips for Secure Wireless Web Surfing. Share your questions and comments here.