wireless security

Your browser displays a padlock when you visit the banks site, doesn't it?

cheriha escribió:

Security is achieved by encripting information at upper layers. So confidence level should be determined by right encription algorithms.

On Fri, 06 Apr 2007 18:52:07 +0200, Àngel Català wrote in :

True, and rather than just rely on the competence of your bank (which may not be all that competent), my recommendation to use a good VPN service as well; e.g.,

HUH?

Repeating the usual spiel, I think that the answer for Cheriha is:

1)Make sure you are using WPA as your wireless security. Older wifi gear doesn't have it, more recent ones do. Don't use WEP as a substitute, it's older and can now be easily broken into.

2) Make sure that your passphrase is 20 + characters, random, mixed, so it can't be cracked with a dictionary attack.

3) When you are banking, make sure that you are really at the site you think you are at. Avoid email links and instead use your own, tested "favorites" or just correctly type in the address.

-Check that it says "https" (with the "s") before the address when you are banking.

- And make sure that it is spelled right. If you click an email link to paypal.com and end up at

then you might be screwed. Happened to me once. It may look the same, but it's not close enough. It's a fake site and will get your password and then possibly your money.

cheers, Steve

Hi Steve,

I think point 3) doesn't concern wireless, it's a common question to every access network. Of course, everybody should check this kind of issues.

On the other hand, your points 1) and 2) talk about wireless security. I think it's a must to have a good wireless secure access in order to have privacy between your computer and your access point. And that's the point: wireless security protocols and tools protect (or at least they try to do it) at the wireless channel, but when cheriha talks about banking and billing I think that security should concern between user (or user software) and remote server. And I try to guess that was the question asked.

cheers, Angel.

Bueno. I am curious about all this myself as I often get asked this question.

My main answer is: I understand that WiFi is as secure as a wired connection to the internet ONLY IF you use WPA and a strong passphrase. Correct, no?

After that, all the rest is the same as wired, no? The JiWire hotspot VPN sounds like a good trick for security when on public wifi, though it seems that it would be uneccesary for private LANs.

And, yes, my #3 point about avoiding phishing is unrelated to wifi. Not the question asked.

I don't suppose it hurts to mention it as good practice. I was just answering the same question yesterday for somebody on our LAN and simply repeated myself. I bring it up because I understand that phishing has been the security breach that actually affects the most people in the past two years.

Saludos, Steve

On 7 Apr 2007 08:27:07 -0700, "seaweedsteve" wrote in :

Arguably even more secure, since many wired installations aren't protected against someone tapping in.

Yes. And _not_ secure.

It increases security even for private LANs. Is that worth it? I wouldn't buy the service just for that purpose -- instead I'd use an ISP clueful enough to offer VPN (e.g., Sonic.net in Northern California)

-- but if I were buying it for public hotspot use, then I'd also use it on my LAN.

Yep -- never hurts to add good advice that's related to the basic issue.

All this about the wired networking being insecure is something new to me. I would like to know about it.

1) If we browsing at a secure site, then where is the exposure? 2) Can somebody on the WWW intercept the packets and read them? 3) I'm guessing that VPN keeps it secure up to the server that you are connecting with. After that? ...Or how does it work?

I realize that this is OT and even "off-group" here and will check elsewhere if you don't want to go into it...

Steve

On 8 Apr 2007 13:12:28 -0700, "seaweedsteve" wrote in :

The exposure I had in mind is that someone might tap into a wired LAN. I've seen this happen in companies -- in one case there was a neat little wireless unit in the wiring closet connected to the wired LAN -- everyone just assumed it belonged there. I've even seen this happen in residences (e.g., condos, apartments) where cables can be accessed.

That said, third-party VPN also increases security with regard to your own ISP -- instead of most traffic passing through your ISP in the clear (and thereby subject to easy monitoring), all of your traffic is encrypted between you and the VPN provider (and thus can't be monitored by or at your ISP). ALthough it's in the clear past the VPN provider, that's probably a lower risk.

Gotcha.

1) Consider whether people are able to tap in to your LAN. Local spy factor. 2) The most likely point on the internet to be spyed on is at your ISP. A VPN will get you past them.

Thanks John.