Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Microsoft
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Internet security on "hotspots"

from [list.account] Network Security [Permanent Link]
Subject: RE: Internet security on "hotspots"
Date: Wed, 19 Apr 2006 13:20:47 -0400 
A good firewall program will prevent unwanted inbound connections to her
machine, and possibly restrict outbound access if so desired. All the other
standard adages apply as well, AV, automatic updates, secure password, etc,
etc. 

The key issue here is that the communications are mostly sent unencrypted
across public airwaves. This needs to be dealt with differently than
accessing the same information on the wired internet. We all now how easy it
is to run airsnort and read ppl's email while they are at Panera, but such a
task becomes much more difficult when that same person is connected via a
cable. The attacker would have to have control of part of the physical link.


Moving on, key issues to be concerned about are email access, bank/financial
institution access, and access to service providers (paying AEP online, or
your cell phone bill, etc). Here's my suggestions to make those comms a
little more secure (well, maybe a lot more).

1) Always choose the "log in securely" option. Make sure that the "little
lock at the bottom" is displayed BEFORE entering a username and password.

2) If connecting to her place of employment, use a VPN as others have
suggested. Whatever VPN technology the place of employment is using should
be fine.

3) If email is access via pop3, find out if the provider offers connections
via secure pop3. 

4) When one is not logged in to a HTTPS/SSL enabled endpoint, take the
mentality that everyone in the room will be reading that same information
that you're looking at, and if you're not okay with that, don't access it.

I'm sure there are more but it's lunch time and all this panera talk is
distracting me.

Nathan Grandbois, CISSP
Cerdant, Inc.

-----Original Message-----
From: Agent Zr0 [mailto:agentzr0@necrotek.net] 
Sent: Tuesday, April 18, 2006 10:09 PM
To: focus-ms@securityfocus.com
Subject: Internet security on "hotspots"

I have a friend who is interested in better securing her laptop while
she's out surfing the net at coffeehouses and what not. I'm thinking of
telling her to just get herself a REALLY good firewall program (I use
zonealarm pro myself), but I was wondering if anyone here had any other
ideals or thoughts that I could pass onto her other than that.

Agent Zer0
agentzr0@necrotek.net


---------------------------------------------------------------------------
---------------------------------------------------------------------------





---------------------------------------------------------------------------
---------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  New site about security conferences : www.security-briefings.com, newslist@security-briefings.com
Next by Date:  RE: Internet security on "hotspots", JJ Cummings
Previous by Thread:  Re: Internet security on "hotspots", James Harless
Next by Thread:  RE: Internet security on "hotspots", Ebeling, Jr., Herman Frederick
Indexes:  [Date] [Thread] [Top] [All Lists]