18 replies to this topic

[Solid Knight]

My new job often has me staying in hotels for extended periods of time and requires me to send in sensitive information over the hotel's network. What would my options to improve security be? VPN tunnel to my home network?

Edit: I should have proof read the title...

[+BudMan]

Doesn't your company provide vpn access?

And this info your sending over the net is in clear text? I would have to hope your using a SSL/TLS connection to send this info?

[Solid Knight]

BudMan, on 25 February 2013 - 20:08, said:

Doesn't your company provide vpn access?

And this info your sending over the net is in clear text? I would have to hope your using a SSL/TLS connection to send this info?

I work on short-term projects with various companies for short durations (two to six weeks). Nobody provides secure methods of doing anything. On top of that, I still have to do all my personal stuff online over completely open hotel networks. So far, I've just been having my wife take care of it all. Most of what I'm protecting is my personal information. I'd like to be able to do this all in a more secure setting than completely-wide-open-hotel-network.

[Detection]

Would a 3/4G dongle not be an option ?

[+BudMan]

Again how are you sending this info?

Email, ftp, posting on neowin over http? Twitter?

I highly doubt your accessing your bank via just http for example.

Yes in "theory" it would be possible on the same wifi network to sniff your traffic. But I find it unlikely in this day an age that your sending personal info over a non secured connection like http?

So why yes it might be possible for them to sniff your dns traffic, and that your surfing neowin, etc. I am not clear on what personal info your concerned is in the open?

Are you worried about them running a man in the middle attack on you and presenting your box with invalid SSL certs so that they can view your traffic in the clear?

[Solid Knight]

Detection, on 25 February 2013 - 20:21, said:

Would a 3/4G dongle not be an option ?

If I ever upgrade from a dumb-phone (but I need batterly life more than I need internet access on my phone).

BudMan, on 25 February 2013 - 20:23, said:

Again how are you sending this info?

Email, ftp, posting on neowin over http? Twitter?

I highly doubt your accessing your bank via just http for example.

A lot is done by e-mail.

[Detection]

Solid Knight, on 25 February 2013 - 20:24, said:

If I ever upgrade from a dumb-phone (but I need batterly life more than I need internet access on my phone).

I was meaning a separate USB dongle to plug into the laptop rather than your phone, not sure if you have pre-pay 3/4G dongles over there

Or are you using wifi on your phone?

[+BudMan]

"A lot is done by e-mail."

And your sending email over just HTTP? You sending directly to some box using smtp? Not inside a TLS connection?

Who do you use for email? Google provides https for your email, etc.

Even if you run a vpn to your home.. Where is the email server.. That traffic is going to be in the clear from your home network or where ever the vpn end point is to the email server. And then when that email gets sent to dest, its going to be in the clear as it gets sent to the recv server.

Email is sent all over the internet in clear.. Not sure why you would be worried about the traffic between you and the server, when from that server to where you sending is open You could always encrypt your email if you worried about the security of email. But a vpn does not really solve that issue in general.

To correctly secure what your worried about, we need to understand what it is your worried about. Sure a vpn would hide the traffic from the local network your on to where the vpn endpoint is. But what are you moving over the local network that would be of concern.. Most anything that would be of concern should already be inside a endpoint to endpoint encryption method. HTTPS for example. This secures your traffic from your client to the endpoint. So a VPN does not really provide any more security for that sort of connection.

[trek]

What I do when I have to use an open hotel network is:

- I have a Cisco PIX 515 that was picked up for cheap, running the latest software and it supports IPSec VPN clients
- I tunnel into my home network via the Pix and since I do not enable split-tunneling, all vpn internet traffic is hair-pined back out the outside interface of the PIX. Thus it's like i'm surfing from home.

Alternatively, you can setup an RDP server at your home, with SSL and NLAuthentication that you surf/send your email with at your home network. I know how you feel surfing on a public wifi network... Even the neowin login page is not encrypted...

[+BudMan]

"Even the neowin login page is not encrypted..."

Very valid point!! But then again its not encrypted when you log int from your house either So anyone between your house and neowin could in theory see that traffic. Which is an issue I will be posting about in a few minutes to be sure.

If that sort of thing is his concern, then yes a vpn would keep people on that local wifi network from sniffing his traffic and seeing his neowin login. Last I checked neowin wasn't a bank Is someone going to login as you and make some bad posts? All kidding a side that is a valid example.

But you don't need a pix at home to secure his traffic from local wifi - simple ssh tunnel to something outside, home, vps, etc.. would secure such traffic.

[Kelxin]

Ways to secure your communication without a ton of effort.

If you have a home machine that is on all the time, setup either RDP (if its a XP Pro / Win7 Pro / Win8 Pro or higher machine) or setup a VPN or SSH tunnel.

If all you're doing is e-mail, setup SSL or some other encryption that your e-mail server has for your in-bound and outbound servers.

[trek]

BudMan, on 26 February 2013 - 06:59, said:

But you don't need a pix at home to secure his traffic from local wifi - simple ssh tunnel to something outside, home, vps, etc.. would secure such traffic.

of course not, it's a convenient leftover from my ccnp heh. The thing I am concerned with is not once you leave the local net but packet sniffers on the same snet sharing the free open wifi at the hotel... There if you surf to and log in to sites like neowin is where passwords get compromised

[+BudMan]

I hear you - and just posted about the login being in the clear on the site issue section. That needs to be corrected!!! That is BAD PRACTICE for something like that to be in the clear.

You would hope most sites would not be setup as such - but you make a valid point! And yes the way to secure such things from the local wifi sniffers (guy next room maybe) Or at an airport would be with a vpn or tunnel to something outside that location.

Problem is that solution does not actually fix the root of the problem - that the username and password would be sent in the clear is the root of the problem. And I am hoping that is just a oversite on neowins part. Most sites should not have such info in the clear -- does not mean they can not intercept your cookies if that is not encrypted as well and get logged in as you, etc..

So again you make a valid point -- what I was fishing for was the OP to state such concerns. As I stated before you have to understand what your worried about or the details of the security problem to make sure you secure it correctly.

[Kelxin]

Oh, oh oh! I just thought of another secure system while out and about ... Dial up! ... lol sorry, couldn't resist. I think AOL still has some dialup ... somewhere ... haha.

[trek]

Kelxin, on 26 February 2013 - 07:53, said:

Oh, oh oh! I just thought of another secure system while out and about ... Dial up! ... lol sorry, couldn't resist. I think AOL still has some dialup ... somewhere ... haha.

Long distance phone charges on the hotel bill!