D&C GLug - Home Page

[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] is your network secure?

 

On Thu, 28 Oct 2010, Jaan Janesmae wrote:

Hey,

anyone still up for leaving their wifi open?

http://darkreading.com/insiderthreat/security/attacks/showArticle.jhtml?articleID=227900742

Original article here:

  http://codebutler.com/firesheep

this has been know about for some time, only now we have pointy clicky bit of gui drool...

It's not abut leaving your own Wi-Fi network wide-open, but using open networks in general. This would just as easily apply to an old fashioned Ethernet hub/co-ax arrangement (not that you'll find them anymore!)

And it's not just cookies that are being sent in the clear, pop and imap username and passwords are mostly un-encrypted too. SIP has a form of encrypion for the username/password, so you're mostly safe using VoIP, but there are probably many other applications where passwords are transmitted in the clear.

ssl/https is an answer, but in-general, web hosts are loathe to do this as it does require additional CPU power to do the encryption/decryption - and going that for every transaction, large graphics, etc. will soon soak up resources. That and that https/ssl doesn't lend itself that well to being proxyd by the front-end load balancers/accelerators that most busy sites use these days more or less rules it out - for now.

So - on an open Wi-Fi access point (e.g. BT fon/openzone, Shoreline cafe, etc.) what you need to do is establish a VPN tunnel to somewhere secure and do the web browsing by proxy - the down-side of that is bandwidth - or lack of it. Trivial for me as I have oodles of bandwidth at my hosting location, but if you're stuck with using a server on your home ADSL, then you'll be limited to the outgoing speed of that connection...

OpenVPN endpoint on www.dcglug.org.uk... ? ;-)

Gordon

--
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/listfaq