Public wireless network security setup?

Discussion in 'other software & services' started by bonedriven, Apr 7, 2009.

Thread Status:
Not open for further replies.
  1. bonedriven

    bonedriven Registered Member

    Joined:
    Jan 14, 2007
    Posts:
    565
    I've just bought this new laptop but I barely know nothing about how to make my laptop more secure in a wireless network.

    I notice there are threads about discussing this topic but it seems the problems are not the same. I don't know if I'm wrong but those threads are about setting up their own WLans while mine is using a public Wlan.

    I don't own the routers there.Then what can I do to make my pc more secure?

    Vista home premium 32bit with Vista firewall only.
     
    Last edited: Apr 7, 2009
  2. philby

    philby Registered Member

    Joined:
    Jan 10, 2008
    Posts:
    940
    Hello

    I'm sure others will come along with proper tutorials for you.

    In the meantime, you could start here and also look here (ignoring the insulting title).

    philby
     
  3. bonedriven

    bonedriven Registered Member

    Joined:
    Jan 14, 2007
    Posts:
    565
    Thanks. philby.

    Those are useful information for me...

    I just think those are far from enough. Or maybe we can hardly do anything more?

    Another question : Is ARP attack the biggest concern here?
     
  4. sded

    sded Registered Member

    Joined:
    Jun 4, 2004
    Posts:
    512
    Location:
    San Diego CA
    How about some comments from someone who regularly uses open wifi networks all over the Western US and Mexico? (I have a sailboat :) )
    I see three main kinds of networks:
    1) Courtesy networks, often ad sponsored, that register your NIC MAC address and allow you some minutes per day of access
    2) Pay or free public networks, where the logon is via https, but no VPN, sometimes link encryption (often just WEP).
    3) Open relays, just plain old users who do not secure their networks. Around marinas I actually see some that are purposely left open for visitors to yacht clubs, etc., as well as just the neighbors
    As far as security, there is usually a wireless router with various levels of security you are connected to-some are just factory defaults that allow you to hack in and change the channel if things are too crowded, but most are plain old NAT routers serving DHCP to the masses that are otherwise properly secured.
    So your main security options are for the network and for the data you are sending over the network. As far as the network, just don't trust it. And use a good firewall.
    I used Comodo for quite some time, now using Online Armor because of some added features that are handy for wireless network control and monitoring. Others (Trend Micro, for example) advertise special wifi modes, but I just haven't used them. Block incoming connections unless you really understand that you have secured them. I block all in and out for ports 135-139, 445, 1900, 5000. The router doesn't care and no one else on the network is your friend. I also block the email ports 110 and 25 because I use gmail. More on that next.
    As far as your data, a VPN is sometimes used because you can do secure login and encrypt all the data between you and the VPN server, route it from there. So anyone watching can't see your end of it. There are low cost options like Comodo EasyVPN, even some free ones. But they can cause connection problems, either cost money or sometimes give you ads or some other nuisance. And you still need to worry about the other end. I don't use a VPN since I don't care about interception of my plaintext traffic.
    As far as data security, the key issues are mail and web. For email, no matter what you do always use SSL email. I use secure POP/IMAP/SMTP as more convenient than webmail (webmail is also a mixed bag as to what is secure and what is not). It is available from most ISPs, free Gmail is great if not, and creates an SSL secure session between the client in your computer and the mail server at your ISP. If your correspondent uses SSL email also, then unless someone subpoenas (or burglarizes) your ISP or you/correspondent computer, the mail is secure. If you are worried about those threats, you can look at public key encryption, but I am not worried about the law or mob being after me.
    For web sessions, mail or commerce, always use an https server. Again, this provides a secure SSL path between your browser and the web server you are connecting to. Paypal is a good way to pay for things at many sites that have nothing else. Do not ever send any kind of login password for anything in the clear.
    There are probably things I forgot to mention, other things I could do to further enhance security, but this approach has kept me safe for the past several years. Always looking for better ideas, though. Just not willing to let the bastards make me so paranoid I can't function. ;)
     
  5. bonedriven

    bonedriven Registered Member

    Joined:
    Jan 14, 2007
    Posts:
    565
    Hello sded~

    Thanks for your detailed info.

    I think I do need to login on many websites,like Wilders etc.
    When I turn on WPA for my school's wifi,I get disconnected immediatetly. Does it mean that the wifi doesn't support WPA?
     
    Last edited: Apr 9, 2009
  6. sded

    sded Registered Member

    Joined:
    Jun 4, 2004
    Posts:
    512
    Location:
    San Diego CA
    Yes, logging into websites is a security issue in most cases. There are some that use https for logon, but not most. Usually the most risk is that someone will impersonate you, so you need to decide if it is worth it. All of your standard http web traffic is insecure and available to anyone anyway without WPA. I don't worry about it being a high priority target, but in a school environment there may be more "dirty tricks". :) I don't use Usenet on open networks, though, because it exposes my email password to log on. If your school network supports WPA, they should have given you a password to enter and setup instructions for your wireless adapter. May not use one, though, since it would be so widely distributed anyway, but you need to check with your admin to be sure.
     
    Last edited: Apr 7, 2009
Loading...
Thread Status:
Not open for further replies.