Connecting your notebook to a public place LAN

Discussion in 'other firewalls' started by poirot, Apr 16, 2007.

Thread Status:
Not open for further replies.
  1. poirot

    poirot Registered Member

    Joined:
    May 4, 2005
    Posts:
    299
    I will soon have to get my notebook (its a residential notebook not used to travelling,thinks of himself as a desktop :D )and connect via an Internet Cafe' LAN.
    Question is, running Jetico 1.0 as a firewall, Seconfig,wwdc.exe and no useless network services or any file sharing whatsoever, what further rule can be devised to block other pcs in the LAN from interfering?
    I'd be grateful for any suggestion regarding either Jetico or ProSecurity.
     
  2. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    You should be fine.
    Packet sniffing could be a problem, so encrypt your traffic.
     
  3. poirot

    poirot Registered Member

    Joined:
    May 4, 2005
    Posts:
    299
    thanks lucas1985,but i will try to connect with a wire to their router if i can.
     
  4. Alphalutra1

    Alphalutra1 Registered Member

    Joined:
    Dec 17, 2005
    Posts:
    1,160
    Location:
    127.0.0.0/255.0.0.0
    With the firewall and such, you are safe from network based attacks. However, you still need to be worried as already said, about network traffic being sniffed, personal data in the transmission being stolen (such as your wilders password when you log in to the forums;) ) and anything else sent in the clear.

    Websites secured with SSL will still be safe as can be, but you need to be worried about man-in-the-middle attacks (for example, if your browser pops up and says the certificate was not properly issued or such, because then they put in a midpoint between you and the server, leaving your communications open to them if you accept the bad certificate)

    The best way to be properly secured is to setup a means of using your internet connection at home from away. This can be accomplished through the use of OpenVPN or OpenSSH. Currently, I have it so that whenever I am away, I remotely access my home computer, then use the internet connection at my house to surf the web. That way, all of the data is sent in an encrypted tunnel to my home, where it then acts as if I was already sitting at home (incredibly nice, and it also gets rid of all those pesky filters:eek: ;) ). If you would consider a setup like this, I could help you along.

    Cheers,

    Alphalutra1
     
  5. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    One possible problem, is the fact that Jetico can/will pick up and add the LAN as trusted.(depending on your rules)

    What you should do. Go into your Jetico rules and check for fwsetup.exe (this is the jectico config wizard), remove any entry of this. Then from the start menu run the Jetico Configuration Wizard, when you get the popup to allow/deny "fwsetup.exe" access to the network select "Deny", you should then remove all LAN`s from the trusted zone. (your own Home LAN may be entered here, but the same LAN IP range may be used at the cafe, and you do not want this as trusted)
     
  6. poirot

    poirot Registered Member

    Joined:
    May 4, 2005
    Posts:
    299
    Alphalutra1, very interesting the VPN method and thanks for your offer, but unfortunately i wont be able to use it now because i am in the process of moving and therefore my home connection will no longer be at my disposal.
    My actual concern is for the time from my arrival to my new destination to the moment i will be able to get a new DSL or Cable connection,a variable of 1 to 2-3 months,depending on time of the year and location.

    I could buy a pc card and connect via Radio waves,but this method is the last in order of preference, due to the fact it does not work properly everywhere, it's advertised as 'reaching' 1,8 MBs speed,but in certain places you'd be lucky to go 56kbs, and ,moreover, it's damned costly.

    Still, i think i might be forced to use this method for a while in order to do all 'sensitive' on line operations which involve passwords and similar things, then quit as soon as possible and then go to an Internet place to do all the rest of my navigation which i couldnt care less if it is sniffed or screened, using just any available computer there.
    This way i can carry on with my activity,but i will limit expenses and wont compromise my notebook in any way.
    (I only fervently hope not to become too schizo :D )

    Stem, my usual thanks for the tip.I must however tell you that i use it already in my own 2 pcs LAN, as i dont share anything btw the two and i have denied fwsetup.exe ,as you taught me in past Jetico posts.
    Of course, if i have to use my notebook in an Internet cafe' i will remove the LAN settings from Trusted zone.
     
  7. YeOldeStonecat

    YeOldeStonecat Registered Member

    Joined:
    Apr 25, 2005
    Posts:
    2,345
    Location:
    Along the Shorelines somewhere in New England
    For your laptop, make sure you have Windows Updates, some firewall enabled, that your Administrator password is not left <blank>, and a good antivirus program.

    Now depending on what you're doing "on the web" while using an open hot spot...you may want your traffic to be secured. In which case there is a plethora of services out there which basically provide a VPN service for you to use...so your "hot spot use" is all encrypted in a tunnel.

    Services like Anchor Free Hot Spot Shield, or WiTopia, or HotSpotVPN, etc. Quite a few out there provide this service for a relatively low cost.
     
  8. poirot

    poirot Registered Member

    Joined:
    May 4, 2005
    Posts:
    299
    Your suggestions are definetely more than valid, YeOldeStonecat.
    I had only the time to give a quick glance to HotSpotVPN and
    Anchor Free Hot Spot Shield, while i examined in detail the WiTopia offer which, apparently, could be more attractive for me, as i hope i 'll need their services for a limited time.
    They create a VPN tunnel from the host pc towards them and then they re-transmit the same encrypted tunnel content to destination and viceversa, in the same guise some Remote connection companies also act,
    one that comes to mind is LogMeIn.
    In both cases you have to entirely trust that company in order to make online financial transactions,use important passwords or make online banking........but ,perhaps, WiTopia earned such a trust, I did not know this company and what they do.

    Interesting that the Anchor Free Hot Spot Shield is not only free as its name implies,but it can be used by wired networks as well.
    I'll examine all the info with the utmost attention and this is the second time i've got to thank you,since -you probably forgot- many years ago when i was trying to tweak my Windows 98SE Compaq notebook along the grc.com lines in order to 'harden' it network-wise you gave me very good tips at Speedguide forum, so i consider your intervention a very auspicious one!
     
Loading...
Thread Status:
Not open for further replies.