Wi-Fi - best protection?

[ykrapsp]

Hey there,

In february im moving to an new appartment. Unfortunately, I can only connect to the internet using a Wi-Fi connection. But you guessed it, it's shared with other students.

How can I protect my laptop against potential internal and external attacks? All I know so far is that the Wi-Fi is protected with WPA2.

I was thinking about using a VPN service to encrypt my external data traffic (prevent sniffers)? Do you guys have any recommendations on which provider I should choose?

For internal attacks, I was thinking about closing and stopping unnecessary ports and services.

Do you guys have any other suggestions? Thanks very much.

[Victek123]

Which OS? If you're using Vista/Seven you want to identify the wireless network as "Public" and make sure file & printer sharing are turned off. Make sure the Firewall is ON (you could also use a 3rd party firewall). That should make your computer inaccessible to anyone in the network. The WPA2 will protect your computer from snoops outside the network. I don't know that there would be any additional advantage to using a VPN. You would definitely want to use one on Open WiFi (Starbucks, etc).

[Amit]

COMODO TrustConnect

[Victek123]

Quote:

Originally Posted by ams963

COMODO TrustConnect

CTC is certainly an affordable solution. Have you used it? I'm not finding a dedicated thread about CTC here. It would be nice to know more about it so maybe we should start one?

[RejZoR]

avast! will soon offer avast! SecureConnect service. It creates a secure connection between you and the target webpage. So even if you're on public WiFi, no one will be able to see what you're transmitting or receiving.

[Victek123]

Quote:

Originally Posted by RejZoR

avast! will soon offer avast! SecureConnect service. It creates a secure connection between you and the target webpage. So even if you're on public WiFi, no one will be able to see what you're transmitting or receiving.

Do you have any more information about Avast SecureConnect? I'm not seeing anything on their website. Regarding availability, how soon is "soon"? :-)

[Searching_ _ _]

Quote:

Originally Posted by Victek123

I don't know that there would be any additional advantage to using a VPN. You would definitely want to use one on Open WiFi (Starbucks, etc).

ykrapsp doesn't control access to the Wi-Fi connection so should probably treat it as Open WiFi (Starbucks, etc).

[Victek123]

Quote:

Originally Posted by Searching_ _ _

ykrapsp doesn't control access to the Wi-Fi connection so should probably treat it as Open WiFi (Starbucks, etc).

I guess it depends on who does control it and whether or not the OP trusts them. Since he mentioned "students" I wonder if this is a dorm where the connection is controlled by the school or if it's a home setup?

[TheKid7]

Quote:

Originally Posted by ams963

COMODO TrustConnect

Is COMODO TrustConnect compatible with Sandboxie?

[LockBox]

A VPN would be a good solution. But there's no reason to focus on Comodo's product or one that's not even out yet (Avast) - a cursory glance at this sub-forum will give one a wealth of VPN choices. Thread after thread.

[siljaline]

My ISP provides this advice Yours may differ.

[ykrapsp]

Thanks for all the replies. Just to be clear. I do not control the Wi-Fi network and I'm about to speak to the owner who controls it. But yes, I can probably see this as an Open WiFi spot since I don't know if they monitor traffic or keep logs etc.

[ykrapsp]

I just read this: http://serverfault.com/questions/153...others-traffic

Does that mean that other people on the network only see encrypted traffic since the hotspot uses WPA2. I'm a bit confused now.

[siljaline]

You need data encryption as best pssible to avoid situations like piggybacking Call your ISP

[Amit]

@Victek123
used it for some months last year......

@TheKid7
it used to be......don't use wifi so no cfc for me right now......

[Victek123]

Quote:

Originally Posted by ykrapsp

I just read this: http://serverfault.com/questions/153...others-traffic

Does that mean that other people on the network only see encrypted traffic since the hotspot uses WPA2. I'm a bit confused now.

WPA2 encrypts the connection between your computer and the router. If someone tried to "sniff" your wireless connection they would see encrypted traffic. Routers do allow communication between devices, but access through the firewall has to be intentionally given. Other people on the network should not be able to see you at all if you have file and printer sharing disabled and have a software firewall enabled that's closing/stealthing the ports. If the router has logging turned on there will be a record of IP traffic, but looking at my router log none of it appears to be "personal identifiable info". In other words if your computer is configured properly it should be secure (from others on the LAN) without a VPN. If you use a VPN then the traffic between your computer and through the LAN to the VPN server will be encrypted. That would pretty much guarantee that no one on your local network can access your traffic/information. Hope this helps.

[ykrapsp]

Hey there guys, thanks for the replies.

An update:

I spoke to the owner of the network and in order to get internet access I need to provide my Mac-Address. That because the firewall has a whitelist with allowed MAC-addresses...

Are there any dangers involved when I'm providing my MAC-address?

[Palancar]

If I were in your building I could see every wireless MAC address that is currently being used. There is no danger in giving him your MAC. Wireless devices all communicate using MAC address protocol. Just because I can view your wireless clients doesn't mean that I can de-crypt the communication between them and the AP's they are associated with.

Although somewhat useless against a hacker of any "salt" the owner is likely trying to prevent authorized users from giving passwords to others that could jump on the connection. The weakness comes from the fact that with the passphrase known I could then spoof my machine's MAC to that of one on the white list.

Security - if you call it that - is a crap shoot when you have a bunch of dorm-rats sharing a connection.

The posts above this one give some great directions for you to follow. My take would be to VPN through this connection and leave all the others in the dark as to where you surf. Any traffic through the router all the way to the VPN server is tunneled. No brainer from my perspective.

[Baserk]

If encryption of traffic is only needed to keep it private from the dorm wifi router admin, a free VPN like ad-supported HotSpotShield can suffice.

[Victek123]

Quote:

Originally Posted by Baserk

If encryption of traffic is only needed to keep it private from the dorm wifi router admin, a free VPN like ad-supported HotSpotShield can suffice.

I like SecurityKISS,which is free (and ad-free). There's a 300mb a day limit though.