[Wireless] Some basic guidelines and software suggestions

[Valiente]

A member here asked me backchannel to list what I believe to be "best practices" and "best blockers/utilities" when ooking to maintain WiFi connectivity while travelling from marina to marina in a sailboat.

So far, I've come up with stuff I'd do, and stuff I intend to do to increase security and reduce spam while voyaging. The reality on a boat is that you are frequently trying to download stuff via a cellphone if you are out of range, or you have transitory WiFi that is often not free, or you are "borrowing" someone's unsecured wireless.

At the same time, you want to keep your own PC secure, especially if you are ordering boat gear with your credit card from a Columbian marina or doing online banking from any place. In many places, for instance, the ATMs are completely suspect and should not be used, and yet the bricks and mortar banks are few or very basic. Hence, the use of wireless from the nav station or cockpit.

Here's my initial set of practices and list of software, oriented toward freeware.

Practices:

Enable WEP/encryption
Use FireFox or Opera, not IE
Use a separate mail reader, with discrete attachment folders auto-scanned
Use separate download folders for files, patches. Also auto-scan.
Use separate partitions for OS, programs and data.
Organize password protection on your other folders.
Make non-obvious passwords, like NOT the boat name stencilled on the back of your boat.
Get own domain, and manage it remotely. Use non-obvious account names. Have a back-up via a web-based account, like gmail, hotmail, etc.
Employ a directional WiFi antenna to both boost signal acquisition of the desired AP and to narrow signal strength in unwanted directions
Don't leave the connection up unattended on board.
Tell people that attachments must be text only, and short...no graphics, no "joke of the day". Enforce this.

Utilities/Filters/Blockers

AVG anti-virus. Update online, and scan offline, before starting desired online session.
POPfile
SpyBot
NoScript
AdBlock
Network Stumbler
NetLimiter 2
Port scanners/monitoring, such as Avast! or NetHotfix, or perhaps better, as part of a utilities suite, like NetTools 4.

Of course, without educating oneself on the proper use of these various programs, one could defeat the purpose of the security measures or disable connectivity. Learning what the software is for, combined with basic instruction gathered online, is critical, just as it is for RADAR, chartplotter, or pilotage.

I welcome comments or suggestions. I am by no means an expert here, but I do have my own domain for land-based business use, and experience a far lower incidence of spam, viruses, pop-ups, etc. than many people I've encountered, thanks largely, I believe, to the practices and software listed above.

[SaltyGirl]

OK That's over my head. How do I get email when I am on my boat?

[Valiente]

Set up a web-based e-mail account, like Hotmail, and use a wireless card on your laptop to get access in a marina that has an access point (AP). This may or may not require paying money.

The things I am mentioning above are related to ways to keep ads, spam, etc. from slowing down your connection, which in an anchorage or marina might be less than ideal: You want to grab your text messages, sign off, compose replies offline, and then reconnect and send all your messages at once, rather than racking up minutes of low bandwidth.

[Freesail99]

If you want to get an air card or a Wifi card Verizon has a sale going on. They have a limited plan for $39.95 a month which offers I believe 50 mb of downloads or there unlimited plan for $59.95.

[brak]

the problem with WEP or WPA is - most public access points are not using it and are therefore completely open.

It may be fine to order something using a credit card (worst case scenario cancel a few payments and replace the card). But doing something like checking your bank account is a definite nono.

Whats worse, checking your email over unencrypted wireless connections is one of the most dangerous things to do. Variety of web accounts that you have usually use your email address and will allow someone who controls this address to receive a password (if you forget it) or replace it etc. So, if they take over your email account or accounts - they've got almost anything else.

[SEMIJim]

What brak says is 100% accurate. Most marinas, our sail club included, do not use even WEP wireless encryption (which is trivially breakable, anyway) because, well, sailors aren't going to want to deal with it.

As far as doing sensitive stuff on-line with your PC: Theoretically speaking: If the web connection is HTTPS (secure): That particular session is as secure as if the wireless connection and everything in between was a dedicated direct connection from end-to-end. But, and it's a BIG "but"...

Estimates in the computer and network security industry are that up to 80% of private/residential PCs are compromised, and most of their owners don't know it. I'm an experienced Systems and Network Admin, and I'd never consider using a Windows PC for banking, credit card or other on-line transactions. (I deloused one box at work that two AV programs and two anti-spybot programs, all top-rated, insisted was clean. I found and removed not less than six (6) exploits, one of which was a key logger.)

Back to wireless...

On an unencrypted wireless connection: Everything you send/receive, that isn't itself encrypted, can be seen and logged by anybody else that's on that wireless network. And, since it's not secured, anybody, and I do mean anybody can be on that wireless network.

I don't restrict my business customers from using whatever network access they can find, but our externally-accessible corporate email server allows only encrypted, authenticated connections, whether they be web or email.

Btw: Another way you can help defend against your Windows PC becoming totally owned is to not run with Administrator privileges. Create one account with Admin privs that is used only for doing administrative tasks, and make sure all of the normal user accounts are "Limited." Then, once a month or so, boot the PC up into "safe mode," log on as "Administrator" and then do all your security scans. You might luck out and not be compromised by one of the exploits that can get by even those measures.

Jim

[Idiens]

Frightening.

How secure is GSM/GPRS/EDGE alias mobile telephony stuff compared to WiFi?

[eryka]

Idiens - it's my understanding that GSM is more secure than wireless, although I still won't do my banking from anything except a hard landline.

Another advantage to the GSM: like unlimitied Verizon, it's $60/mo from AT&T/Cingular. But it's a "feature" of your cellphone service that you can turn on only when you use it, month to month, rather than a separate # like the Verizon air card that comes with a 1- or 2-year contract. We use it just during the summer when we anchor out, and turn it off during the winter when we're snug in our slip. You're not buying a separate piece of hardware, either.

At least on Dan's RAZR with G3, you can talk on the phone and be online at the same time.

[eryka]

Val - Many thanx for posting this.

And I soooo agree with you about the folks who just don't "get" it about attachments. There are some people who don't seem to understand no matter how many times we explain, and then they get P.O.'ed when we get terse about the fiftieth chain letter they forward. We (any many of our cruising friends) have established a separate "secret" at-sea address that we only give to people we KNOW understand about the text-only stuff. The "public" address only gets downloaded/answered when we're around a landline.

[Idiens]

Anyone got any idea of what a typical internet banking transaction takes in terms of data transferred (kB, MB)? Or how I could reasonably measure it on a land line?