Security while using WiFi while cruising - Page 4 - SailNet Community

   Search Sailnet:

 forums  store  


Quick Menu
Forums           
Articles          
Galleries        
Boat Reviews  
Classifieds     
Search SailNet 
Boat Search (new)

Shop the
SailNet Store
Anchor Locker
Boatbuilding & Repair
Charts
Clothing
Electrical
Electronics
Engine
Hatches and Portlights
Interior And Galley
Maintenance
Marine Electronics
Navigation
Other Items
Plumbing and Pumps
Rigging
Safety
Sailing Hardware
Trailer & Watersports
Clearance Items

Advertise Here






Go Back   SailNet Community > General Interest > General Discussion (sailing related)
 Not a Member? 


Like Tree9Likes
Reply
 
LinkBack Thread Tools
  #31  
Old 02-18-2012
Senior Member
 
Join Date: Feb 2012
Posts: 204
Thanks: 11
Thanked 4 Times in 4 Posts
Rep Power: 3
shanedennis is on a distinguished road
Jordanh is on the money. I also work in the industry.

I do think a lot of this discussion has been missing an important point. Encrypted wifi and cell networks do not offer you any practical protection because they are primarily intended to protect the owner of the network from attack and to prevent unauthorised people from using the network. Once your traffic leaves the "safety" of an encrypted network and goes over the public internet to the intended web server it can be read by any intermediary.

In short, only way to prevent intermediaries from reading your traffic is to use https or the equivalent for the protocol you are using (ftps for ftp, for example). The only way to protect yourself is by ensuring your computer is safe and you are using safe browsing practices.

Consider the following:

1. Your computer is only safe from malicious software if:
a. Security updates are regularly installed.
b. Anitvirus and firewall software is running and up-to-date.
c. Common sense is used when browsing. (Avoid suspect web sites.)
d. Email attachments are avoided and only opened after you have verified the sender really did mean to send you them.
e. Risky file formats like Word are avoided. Use Google Docs instead.
Consider having one laptop reserved for sensitive stuff and another one for everything else.

2. Your smart phone is not safe. iPhone and Android phones give app developers too much access to your phone.

3. Other peoples computers are not safe. Cyber cafe or hotel computers are extremely unsafe because they commonly have spyware installed (not intentionally by the owners...).

4. Know the domain names of your sensitive sites (eg: bank). Do not enter your user name and password until after you have verified the domain name in your browser address bar.

5. Use different user names and password for every site. If you find it difficult to track user names and password, then come up with an algorithm for every site you can add to a base password. Simple example: base password of "$ailnet" + Wells Fargo = "well$ailnet". This will give you a great deal more protection than using the same password for every site. Using your bank user name and password for a non-https site like sailnet is a really, really bad idea.

6. Before you enter any sensitive name and password on any sensitive site make sure it begins with "https". There should be an "s" after the "http".

Let me add one more thing about ATM security. Try to use only ATMs that are inside banks. Avoid ATMs on gas stations, convenience stores and those in public places.

Consider using a prepaid card (expensive but convenient) or a debit card connected to a bank account with "losable" money for all your small purchases. It is incredibly easy for anybody you give your card to steal your credit card information.
larrytwo likes this.

Last edited by shanedennis; 02-18-2012 at 03:17 PM. Reason: typos...
Reply With Quote Quick reply to this message Share with Facebook
  #32  
Old 02-18-2012
Senior Member
 
Join Date: Feb 2010
Location: Narragansett Bay
Posts: 9,444
Thanks: 10
Thanked 155 Times in 141 Posts
Rep Power: 6
Minnewaska will become famous soon enough Minnewaska will become famous soon enough
I would much rather dispute a credit card charge that I haven't paid, then try to get the money back from my checking account and debit card fraud. If the thief compromised your computer, that is technically your responsibility, not the bank's. The bank didn't fail to keep your computer safe.
__________________

To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.

Jeanneau 54DS

In the harsh marine environment, something is always in need of repair. Margaritas fix everything.
Reply With Quote Quick reply to this message Share with Facebook
  #33  
Old 02-19-2012
Sailboat Reboot
 
Join Date: Jun 2000
Location: On Board
Posts: 493
Thanks: 3
Thanked 29 Times in 27 Posts
Rep Power: 15
svzephyr44 is on a distinguished road
Send a message via Skype™ to svzephyr44
Pki

Quote:
Originally Posted by JordanH View Post
There is good advice on this thread, and some misinformation as well.

I work in the field and have to advise on this stuff often.
A couple of questions:

1. Presuming you are a regular cruiser who do you get to host the other end of a VPN tunnel?
2. There has been no discussion of PKI. Would a personal certificate help, particularly for someone running a business from their boat? I was hoping that some of the financial institutions would become certificate authorities as a service to their customers. Don't know of any now that do.

A penny (which you have to come and find me to collect) for your thoughts.
Reply With Quote Quick reply to this message Share with Facebook
  #34  
Old 02-19-2012
Senior Member
 
Join Date: Feb 2010
Location: Narragansett Bay
Posts: 9,444
Thanks: 10
Thanked 155 Times in 141 Posts
Rep Power: 6
Minnewaska will become famous soon enough Minnewaska will become famous soon enough
I'm told that key loggers are commonly embedded in sites like Facebook. You can connect to that or any other website as securely as you like, but that wont prevent the infection. The virus will simply be transferred to you over a secure connection. Doh!
__________________

To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.

Jeanneau 54DS

In the harsh marine environment, something is always in need of repair. Margaritas fix everything.
Reply With Quote Quick reply to this message Share with Facebook
  #35  
Old 02-19-2012
Member
 
Join Date: May 2009
Location: Placencia, Belize
Posts: 40
Thanks: 0
Thanked 0 Times in 0 Posts
Rep Power: 0
Chkm8 is on a distinguished road
Hi ALL .. setup Gmail Yahoo and Facebook to send password info to your cell phone hacker can't get that very easy and you can always recover it and set a delete password for old files for backup and download a copy of contacts. This gives you proof of info! It can be Done .. Paul
Reply With Quote Quick reply to this message Share with Facebook
  #36  
Old 02-19-2012
Senior Member
 
Join Date: Feb 2012
Posts: 204
Thanks: 11
Thanked 4 Times in 4 Posts
Rep Power: 3
shanedennis is on a distinguished road
Quote:
Originally Posted by svzephyr44 View Post
A couple of questions:

1. Presuming you are a regular cruiser who do you get to host the other end of a VPN tunnel?
2. There has been no discussion of PKI. Would a personal certificate help, particularly for someone running a business from their boat? I was hoping that some of the financial institutions would become certificate authorities as a service to their customers. Don't know of any now that do.

A penny (which you have to come and find me to collect) for your thoughts.

1. The other end of the VPN tunnel is a private, secure network. There is little to be gained using a VPN for browsing the public internet because your submissions always have to leave your your private network and travel over the public internet to reach public sites (eg: your bank). VPNs are intended to secure private networks only. The other end of the VPN is the secure, private network you want to connect to. For example, your bank may have a VPN which allows their employees to securely work from home but for security reasons they are never going to let their customers use it.

2. Good idea! Until that happens SSL certificates (https) serve the same purpose. As log as you ensure the domain name of your site is correct and you heed "invalid certificate" warning messages the SSL certificate provide extremely secure communications.

Remember, the internet, by it's very nature, is public and subsversive. It was designed to be an indestructible public network. This is why the Chinese, Egyptians, Syrians, Libyans etc have such a hard time controlling it. The best way to ensure your own security is to keep your computers free of spyware and ensure any sites you are communicating sensitive information with use SSL (https).

This is starting to feel way too much like my worklife. Time for me to check out of this thread and escape back into sailing stuff.
Reply With Quote Quick reply to this message Share with Facebook
  #37  
Old 02-20-2012
Sailboat Reboot
 
Join Date: Jun 2000
Location: On Board
Posts: 493
Thanks: 3
Thanked 29 Times in 27 Posts
Rep Power: 15
svzephyr44 is on a distinguished road
Send a message via Skype™ to svzephyr44
Quote:
Originally Posted by shanedennis View Post
This is starting to feel way too much like my worklife. Time for me to check out of this thread and escape back into sailing stuff.
Not quite yet... (The problem with great ideas is that sooner or later they deteriorate into hard work! On the other hand if you are anywhere nearby I will take you sailing for your thoughts.)

The original premise of this thread was that someone hijacked a set of account using a WiFi connection. I have been rolling this over and have come up with the following.

1. Presuming you are using your own computer make sure that network and file sharing are turned off. I don't know how many times I have checked into a hotel and found lots of computers used by the guests in the hotel. You would be amazed (or maybe not) what people store in their shared folders.

2. The reason I asked about VPN's was because if you have a business computer server you could tunnel to it. Yes, you do go outside from you server but one presumes it would be harder to install malware on the server.

3. Another option that might be useful would be a tool like "go to my PC." Of course this would not work on a shared computer (the keystroke logger problem still exists) but if you are using your own machine I believe you would have end to end encryption to your home computer.

4. Don't use web based access. I know that the "cloud" is the big thing these days, but for example financial transactions are a lot safer when downloaded to Quicken then when accessed on the web.

5. If you are somewhere that has decent cell phone coverage use two stage logons where possible. This is where you log on, the vendor sends your cell phone an access code, and you have to type the access code to gain access to your account. This system is now commonplace in the gaming community since hacking accounts is considered by some to be just another game. The other advantage is you know within seconds if someone is trying to get into your account.

6. And to repeat the advice of many - if you have stuff to protect use a single computer to only go to those sites. Don't expect to cruise around Facebook or Google or Yahoo and then go do your banking on the same computer and have any sense of security.

7. You are right about PKI. I do have a certificate but so few people do that the ability to send encrypted email and so forth is very limited. Also I don't know how to use the certificate with something like web based email - Outlook does send it and the receiver gets a message that I am who I say I am. But if I sent the same message from Google Web no such validation exists.

Thoughts??
Reply With Quote Quick reply to this message Share with Facebook
  #38  
Old 02-20-2012
JordanH's Avatar
Senior Member
 
Join Date: Dec 2008
Location: Canada
Posts: 324
Thanks: 0
Thanked 0 Times in 0 Posts
Rep Power: 7
JordanH is on a distinguished road
Quote:
Originally Posted by Minnewaska View Post
I'm told that key loggers are commonly embedded in sites like Facebook. You can connect to that or any other website as securely as you like, but that wont prevent the infection. The virus will simply be transferred to you over a secure connection. Doh!
Hi Minnewaska,
I think someone is trying to scare you with the information about Facebook.
It is possible to trick people into downloading and executing a virus from Facebook links. However, using Facebook in itself cannot deliver a viral payload without the user performing some action (i.e. opening infected files or links).

Assuming people use basic safety sense; Antivirus, firewall and not opening strange attachments, it is highly unlikely you'll infect your own machine with a virus. I wouldn't spend any time worrying about viruses (including key loggers) if you practice safe browsing.

The use of key loggers is mostly seen on public terminals (web cafe's, hotel lobbies, libraries etc) because of the ease-of-access to these machines. Your personal/private laptop is difficult to reach where public terminals are easy pickings.
Reply With Quote Quick reply to this message Share with Facebook
  #39  
Old 02-20-2012
JordanH's Avatar
Senior Member
 
Join Date: Dec 2008
Location: Canada
Posts: 324
Thanks: 0
Thanked 0 Times in 0 Posts
Rep Power: 7
JordanH is on a distinguished road
Quote:
Originally Posted by svzephyr44 View Post
1. Presuming you are using your own computer make sure that network and file sharing are turned off. I don't know how many times I have checked into a hotel and found lots of computers used by the guests in the hotel. You would be amazed (or maybe not) what people store in their shared folders.
Absolutely, this is a very good point. Technically, the machine isn't compromised if the user has intentionally turned on sharing. However, usually the user doesn't realize that they have invited other users to share files (to or from) their machine. If you are using Windows, make sure you understand what is and what is not shared on your machine.

Quote:
Originally Posted by svzephyr44 View Post
2. The reason I asked about VPN's was because if you have a business computer server you could tunnel to it. Yes, you do go outside from you server but one presumes it would be harder to install malware on the server.
Using VPN's is exponentionally more dangerous if you are using a web vpn connect from a public terminal. The reason is that you must assume the public terminal has a key logger; The danger is that if use a single-factor authentication scheme, an attacker will then be able to login with simply your username and password and have access to your entire network - instead of just one machine.

If you use a two-factor (or three-factor) authentication scheme on a public terminal, then you prevent later attacks, however, you may still have shared other confidential information during THIS session.

Often it is easier to install malware on a backend server as they often don't have the same level of hardening (firewalls, antivirus software) because you often assume that is done at the perimeter devices.

Point being, VPN's have their place but they are complicated, harder to secure and would be overkill for your average cruiser - and they do not take care of the #1 risk factor of using public terminals.

Quote:
Originally Posted by svzephyr44 View Post
3. Another option that might be useful would be a tool like "go to my PC." Of course this would not work on a shared computer (the keystroke logger problem still exists) but if you are using your own machine I believe you would have end to end encryption to your home computer.
This is not usually a good option either. The reason being is that your home PC now has an opening, listening connection. An attacker could spend months guessing user names and passwords and you would never know.

There are tools to help prevent this; For us Linux users, try Fail2Ban - it stops hundreds of attackers on my network daily. For Windows users, they often rely on devices like Linksys or Netgear routers... I don't know what features they have for preventing dictionary attacks on systems like VNC/RemoteDesktop software.

Quote:
Originally Posted by svzephyr44 View Post
4. Don't use web based access. I know that the "cloud" is the big thing these days, but for example financial transactions are a lot safer when downloaded to Quicken then when accessed on the web.
Web access is fine if you practice safe web browsing techniques. However, the key is to do this from your uninfected personal/private machine.

The message is still "never ever ever never ever use public terminals."

Quote:
Originally Posted by svzephyr44 View Post
5. If you are somewhere that has decent cell phone coverage use two stage logons where possible. This is where you log on, the vendor sends your cell phone an access code, and you have to type the access code to gain access to your account. This system is now commonplace in the gaming community since hacking accounts is considered by some to be just another game. The other advantage is you know within seconds if someone is trying to get into your account.
There are new methods of protecting your accounts all the time. Evaluate the ones that work best for you and use them.

You must watch things like having your password mailed to your phone; If you happen to lose your phone (unlocked) someone can check your e-mail, request a password change on your app (Facebook?) and have the password sent to the phone that they have stolen. Now they have your phone, your e-mail account and your Facebook account.

Quote:
Originally Posted by svzephyr44 View Post
7. You are right about PKI.
Thoughts??
Using encryption is overkill for the average person and doesn't get around many of the actual issues that users face.

They key message through all of this is that there is *NO METHOD* for protecting yourself if you choose to use a public terminal. Don't do it. Don't login to your e-mail, web bank account or even Facebook from someone else's machine. Don't do it.

When you use your own machine, you simply need to practice safe web browsing.
1. Login to only SSL sites
2. Do not open strange attachments
3. Be very sure you only connect to known WiFi networks; If you have a low-limit credit card, use that.
4. Windows users: Ensure you have your antivirus up to date, firewall enabled and file sharing, desktop sharing and peer-to-peer sharing disabled. Don't forget your other services.
5. Linux users: Ensure you know what daemons/servers you have running, use IPTables firewalls for added safety and particularly use Fail2Ban.
6. Mac users: Hmmm, sorry, I'm not a mac user. I bet the linux advice applies to you as well.
7. Separate the fear (FUD) from actual threats. Don't bury your head in the sand or throw the dice with your choices because this subject sounds complicated or scary.

I hope this helps at least one person.
shanedennis likes this.
Reply With Quote Quick reply to this message Share with Facebook
  #40  
Old 02-20-2012
smurphny's Avatar
Over Hill Sailing Club
 
Join Date: Feb 2009
Location: Adirondacks NY
Posts: 2,897
Thanks: 57
Thanked 65 Times in 63 Posts
Rep Power: 6
smurphny is on a distinguished road
There's a neat little program named "NoScript" that works with Firefox to stop sites from planting any cookies/scripts on your computer that you do not permit. Sometimes it's a PITA trying to identify which of the HUNDREDS of scripts to allow but it seems to keep most of the tracking crap out of the computer.

I never keep sensitive information stored on my computer. Even if it were hacked, there would be nothing of value as far as passwords, account numbers, etc. Flash drives are good for storing anything you don't want to be accessible.

Using any public wifi is crazy. While cruising it's a real hassle trying to transact anything online. Getting all your bill-paying done via auto-pay methods and planning to buy stuff only ashore are ways to minimize id theft. NEVER send a debit card number connected to your bank account into cyberspace.
__________________
Alberg 35: With a philosophical flourish Cato throws himself upon his sword; I quietly take to the ship.
Reply With Quote Quick reply to this message Share with Facebook
Reply

Quick Reply
Message:
Options

By choosing to post the reply above you agree to the rules you agreed to when joining Sailnet.
Click Here to view those rules.

Register Now

In order to be able to post messages on the SailNet Community forums, you must first register.
Please enter your desired user name, your email address and other required details in the form below.
Please note: After entering 3 characters a list of Usernames already in use will appear and the list will disappear once a valid Username is entered.
User Name:
Password
Please enter a password for your user account. Note that passwords are case-sensitive.
Password:
Confirm Password:
Email Address
Please enter a valid email address for yourself.
Email Address:

Log-in

Human Verification

In order to verify that you are a human and not a spam bot, please enter the answer into the following box below based on the instructions contained in the graphic.




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools

 
Posting Rules
You may post new threads
You may post replies
You may post attachments
You may edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On


Similar Threads
Thread Thread Starter Forum Replies Last Post
Security While Cruising In Dangerous Places shamrock6 Cruising & Liveaboard Forum 89 03-24-2010 11:26 PM
WiFi for the Cruising Sailor sailingdog Electronics 12 07-30-2009 11:21 AM
Wifi jrd22 Gear & Maintenance 42 06-17-2009 01:51 PM
WiFi firstafair General Discussion (sailing related) 4 11-17-2007 03:34 PM
Wifi mallo Gear & Maintenance 3 03-21-2007 11:09 AM


All times are GMT -4. The time now is 07:46 AM.

Add to My Yahoo!         
Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.
SEO by vBSEO 3.6.1
(c) Marine.com LLC 2000-2012

The SailNet.com store is owned and operated by a company independent of the SailNet.com forum. You are now leaving the SailNet forum. Click OK to continue or Cancel to return to the SailNet forum.