I access the internet via a hotspot during my lunchbreak and wanted to ensure that I am surfing securely. I have read various PC magazine articles and here is what I have done SO FAR to ensure privacy
File Sharing turned off, Plug/Play turned off
Surf thru HotSpotVPN, a Virtual Private Network, reviewed positively in various journals
Virus software always on
AdAware and SpyBot run every few days
HOSTS file modified to be "anti spyware"
what is lacking?
I hear about war drivers and others "grabbing" my packets while I surf. I think #3 above should fix that. Anything else? Can people with NetStumbler find ME (via GPS) while I surf? I know they can find the AP, how about the laptop user?
Dont want to be paranoid, but thats the reality these days.
I use a VPN sniffer, same deal.. i dont need to snif fthier packets.
a point about hotspots, look at all who are in the place whom have laptops. then use netstumbler or other sniffers to check ap's and mac addresses. if you have the correct amount, then keep an eye on new macs suddenly appearing while no new users enter the visible hotspot.
things i do at hotspots. scan mace. thene check for file sharing and netbios UPnP and other things
i love the $xx like the LPT port and admin $IPC locations also...
if at a hotspot, ensure your data is not secure.
dont get me wrong. you would be lucky if i tap your PC.
i only look for appz games pics on HD's thing people get in e-mail, and save to the HD. like in my documents or other known folders. i also look for MP3's
other people sniff for passwords and other information.
i have a nice supply of WIFI nics, and rotate them. makes it harder to get caught. :)
my advice, want security, dont try and do secure connections at a public hotspot.
i might be there, and i might bee leaching your cool files.
oh, and i do leave my calling card to anyone i access.
Well, if you can trust HotSpotVPN, and your firewall is any good, then you are pretty much covered, aren't you? In the end, you aren't really connected _to_ the AP, but are tunneling _thru_ it, and there's nothing for The Bad Ones to see.
Bah-humbug. Ye software hackers are all the same. Always attacking a system at its strongest point (firewall and encryption) while totally ignoring blatantly vulnerable hardware points of access. Ask competent burglar if they spend minutes tinkering with the latest high security door lock, or if they prefer to just bypass the door and proceed with the theft.
For example, most modernish laptops have exposed USB ports. No cover, no protective interlocks, no authentication. On a Windoze laptop, plug a USB storage device into the USB port. Plug-n-play will automagically recognize it as valid device, add ATA drive emulation, and run AUTORUN.INF with the permissions of the user. If they're logged in as an administrator equivalent, then you have total control.
AUTORUN.INF runs a "root kit" like script that consists mostly of registry changes and perhaps adds some spyware. I recently demonstrated a rather simplistic version of this attack. About 30 seconds from start to cleanup on the initial run, most of which was plug-n-play doing its thing. About 10 seconds after that. Yeah, it leaves evidence of entry behind but most people wouldn't notice. While agent10029 is passing his captured VPN session to his trojaned collection of online grid computers for a parallel attack on the key, I've got what I want with a $15 USB dongle in 30 seconds.
The same approach can be done via firewire, with a floppy disk (much slower), via CF card in a PCMCIA slot (very fast), via the ethernet port (much more complex), or via Bluetooth (I haven't tried that yet).
So far, my only real problem is that I like to grab users Outlook PST files because most users like to store their passwords, account numbers, and such in email. Grab the old email, and they're mine. The problem is that Outlook PST files tend to gargantuan. 200-800 MBytes is typical. That doesn't fit on my cheapo USB dongle and takes forever. I guess the best protection against my hacking is bloated Microsoft data files. Sigh.
Anyway, if you really want to worry about security, never mind firewalls, encryption, wireless, and and software. Worry about exposed hardware.
When it comes to attacks, the easiest way is ... geesh; the easiest. Have customers that want to secure thier network, whether wired or wireless and attempt to spend, spend, spend for software solutions. I usually make my presents known when I tell them:
"It takes to long to get in via the Internet for stealing data. It is much easier to break into the location and take the whole network", along with "Social engineering is also far much easier to gain access. If you want secure, you not only need to secure your network, but secure your hardware and your people."
Sure, they need to have data that is worthwhile to steal. Had a customer claim that I couldn't get into his network from anywhere... geesh -> 3 minutes with floppy and I could have trashed the whole nine yards.
All of which relies on the user leaving their machine unattended. Anyone leaving a notebook unattended in a public place has bigger risks that having data stolen, they risk having the machine with the data in it stolen.
You would only ever have physical access to any of my machines without my presence in my office, in my home, or in the house of someone I trust. Only employees go to the part of the office where my hardware is (we are small enough for everyone to recognise everyone else) and strangers don't get left unattended at home.
So you have a negligible chance of applying your chosen attack method on any of my machines unless you engage a thief and steal the machines first.