Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Microsoft
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Internet security on "hotspots"

from [James Harless] Network Security [Permanent Link]
Subject: Re: Internet security on "hotspots"
Date: Thu, 20 Apr 2006 08:27:08 -0500 
Personal firewalls had already been covered by many posts including the
Original Poster.  I didn't see any need to reiterate that since the post
asked for 'other ideas or thoughts'.  I assume that everything mentioned is
in addition to a personal firewall.

Also, it's dangerous to assume that 'she's only visiting HTTPS sites so, she
doesn't need encryption'.  Are you sure?  Is she going to check/send email?
POP3?  SMTP?  Is there anything I, as an attacker, can gain by learning her
email address/password + the fact that she visits www.herpersonalbank.com?
Can I do anything with that information?  What if I also learn the email
addresses of trusted senders?  What if she fires up SSH to her home?  Is her
username the same as her email address, per chance?  A lot of users will use
the same or similar passwords, even.

I would never underestimate the value of 'leaked' information.  Potential
attackers would even be sizing her up as a target based on how she dresses
and the type of tech she's carrying.


-- 
James Harless
Network Security Engineer

Kidwell Companies
kCOM  kE  kTECH
900 S. 26th Street
Lincoln, NE 68510  
                   
13336 Industrial Road
Suite 101
Omaha, NE 68137

Main: 402-475-9151
Fax: 402-475-9186
jharless@kidwellcompanies.com
www.kidwellcompanies.com <http://www.kidwellcompanies.com/>



On 4/19/06 12:38 PM, "Andy.Kitzke@insinkerator.com"
<Andy.Kitzke@insinkerator.com> wrote:


A VPN would work well for keeping her traffic safe but if her laptop
wasn't safe then the VPN would be moot.  I think using a VPN is
complicating the situation beyond what the user maybe was looking for.
The two places to secure would be the end node and the traffic in
between.  The traffic could be secured by a VPN, but that would still
leave the end node vulnerable to attack.  I think with the amount of
threats currently in the wild, browsing the internet without a personal
firewall can be a dangerous venture.

If she's looking for the most secure approach I would say a personal
firewall and a VPN connection to a trusted source.  If she is just
looking for machine security I think a personal firewall would be
plenty.  I would steer towards a firewall with good reviews that looks
at more than just ports, like IE requests and such.  If she used SSL
sites anytime she was divulging personal information her traffic would
be encrypted and there wouldn't really be a need for a VPN.

Andy Kitzke
Network Engineer
In-Sink-Erator
 
-----Original Message-----
From: James Harless [mailto:jharless@kidwellcompanies.com]
Sent: Wednesday, April 19, 2006 8:53 AM
To: focus-ms@securityfocus.com
Subject: Re: Internet security on "hotspots"

Have her connect to a VPN that is available to her.  If her company
doesn't
have one available, there are many easy to implement solutions for
setting
up a PPTP VPN.  Then, she can connect to an insecure Wireless AP but,
all of
her traffic would flow encrypted to the VPN and out to the 'net from
that
remote location.





---------------------------------------------------------------------------
---------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: MS06-013 Cumulative IE Update (912812) Issues, Thor (Hammer of God)
Next by Date:  Re: MS06-013 Cumulative IE Update (912812) Issues, Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]
Previous by Thread:  RE: Internet security on "hotspots", Andy.Kitzke
Next by Thread:  RE: Internet security on "hotspots", Laura A. Robinson
Indexes:  [Date] [Thread] [Top] [All Lists]