SailNet Community - Reply to Topic

   Search Sailnet:

 forums  store  


Quick Menu
Forums           
Articles          
Galleries        
Boat Reviews  
Classifieds     
Search SailNet 
Boat Search (new)

Shop the
SailNet Store
Anchor Locker
Boatbuilding & Repair
Charts
Clothing
Electrical
Electronics
Engine
Hatches and Portlights
Interior And Galley
Maintenance
Marine Electronics
Navigation
Other Items
Plumbing and Pumps
Rigging
Safety
Sailing Hardware
Trailer & Watersports
Clearance Items

Advertise Here






Go Back   SailNet Community > General Interest > General Discussion (sailing related) > Security while using WiFi while cruising
 Not a Member? 


Thread: Security while using WiFi while cruising Reply to Thread
Title:
  

By choosing to post the reply below you agree to the rules you agreed to when joining Sailnet.
Click Here to view those rules.

Message:
Trackback:
Send Trackbacks to (Separate multiple URLs with spaces) :
Post Icons
You may choose an icon for your message from the following list:
 

Register Now

In order to be able to post messages on the SailNet Community forums, you must first register.
Please enter your desired user name, your email address and other required details in the form below.
Please note: After entering 3 characters a list of Usernames already in use will appear and the list will disappear once a valid Username is entered.
User Name:
Password
Please enter a password for your user account. Note that passwords are case-sensitive.
Password:
Confirm Password:
Email Address
Please enter a valid email address for yourself.
Email Address:

Log-in

Human Verification

In order to verify that you are a human and not a spam bot, please enter the answer into the following box below based on the instructions contained in the graphic.



Click here to view the posting rules you are bound to when clicking the
'Submit Reply' button below


Additional Options
Miscellaneous Options

Click here to view the posting rules you are bound to when clicking the
'Submit Reply' button below


Topic Review (Newest First)
03-08-2012 06:59 PM
rmeador
Re: Security while using WiFi while cruising

Quote:
Originally Posted by RobGallagher View Post
Someone correct me if I'm wrong because I'm no expert...
Cutting and pasting passwords that are pre-typed and stored somewhere (thumb drive or online storage) will stop keystroke loggers from getting the information.
That will indeed stop a keylogger. But, if it's a software keylogger, odds are that it has full access to your system (so it's a rootkit, not just a keylogger). It could be watching the entire screen, or grabbing clipboard contents...
03-08-2012 06:56 PM
RobGallagher
Re: Security while using WiFi while cruising

Someone correct me if I'm wrong because I'm no expert...
Cutting and pasting passwords that are pre-typed and stored somewhere (thumb drive or online storage) will stop keystroke loggers from getting the information.
02-20-2012 05:03 PM
smurphny There's a neat little program named "NoScript" that works with Firefox to stop sites from planting any cookies/scripts on your computer that you do not permit. Sometimes it's a PITA trying to identify which of the HUNDREDS of scripts to allow but it seems to keep most of the tracking crap out of the computer.

I never keep sensitive information stored on my computer. Even if it were hacked, there would be nothing of value as far as passwords, account numbers, etc. Flash drives are good for storing anything you don't want to be accessible.

Using any public wifi is crazy. While cruising it's a real hassle trying to transact anything online. Getting all your bill-paying done via auto-pay methods and planning to buy stuff only ashore are ways to minimize id theft. NEVER send a debit card number connected to your bank account into cyberspace.
02-20-2012 04:09 PM
JordanH
Quote:
Originally Posted by svzephyr44 View Post
1. Presuming you are using your own computer make sure that network and file sharing are turned off. I don't know how many times I have checked into a hotel and found lots of computers used by the guests in the hotel. You would be amazed (or maybe not) what people store in their shared folders.
Absolutely, this is a very good point. Technically, the machine isn't compromised if the user has intentionally turned on sharing. However, usually the user doesn't realize that they have invited other users to share files (to or from) their machine. If you are using Windows, make sure you understand what is and what is not shared on your machine.

Quote:
Originally Posted by svzephyr44 View Post
2. The reason I asked about VPN's was because if you have a business computer server you could tunnel to it. Yes, you do go outside from you server but one presumes it would be harder to install malware on the server.
Using VPN's is exponentionally more dangerous if you are using a web vpn connect from a public terminal. The reason is that you must assume the public terminal has a key logger; The danger is that if use a single-factor authentication scheme, an attacker will then be able to login with simply your username and password and have access to your entire network - instead of just one machine.

If you use a two-factor (or three-factor) authentication scheme on a public terminal, then you prevent later attacks, however, you may still have shared other confidential information during THIS session.

Often it is easier to install malware on a backend server as they often don't have the same level of hardening (firewalls, antivirus software) because you often assume that is done at the perimeter devices.

Point being, VPN's have their place but they are complicated, harder to secure and would be overkill for your average cruiser - and they do not take care of the #1 risk factor of using public terminals.

Quote:
Originally Posted by svzephyr44 View Post
3. Another option that might be useful would be a tool like "go to my PC." Of course this would not work on a shared computer (the keystroke logger problem still exists) but if you are using your own machine I believe you would have end to end encryption to your home computer.
This is not usually a good option either. The reason being is that your home PC now has an opening, listening connection. An attacker could spend months guessing user names and passwords and you would never know.

There are tools to help prevent this; For us Linux users, try Fail2Ban - it stops hundreds of attackers on my network daily. For Windows users, they often rely on devices like Linksys or Netgear routers... I don't know what features they have for preventing dictionary attacks on systems like VNC/RemoteDesktop software.

Quote:
Originally Posted by svzephyr44 View Post
4. Don't use web based access. I know that the "cloud" is the big thing these days, but for example financial transactions are a lot safer when downloaded to Quicken then when accessed on the web.
Web access is fine if you practice safe web browsing techniques. However, the key is to do this from your uninfected personal/private machine.

The message is still "never ever ever never ever use public terminals."

Quote:
Originally Posted by svzephyr44 View Post
5. If you are somewhere that has decent cell phone coverage use two stage logons where possible. This is where you log on, the vendor sends your cell phone an access code, and you have to type the access code to gain access to your account. This system is now commonplace in the gaming community since hacking accounts is considered by some to be just another game. The other advantage is you know within seconds if someone is trying to get into your account.
There are new methods of protecting your accounts all the time. Evaluate the ones that work best for you and use them.

You must watch things like having your password mailed to your phone; If you happen to lose your phone (unlocked) someone can check your e-mail, request a password change on your app (Facebook?) and have the password sent to the phone that they have stolen. Now they have your phone, your e-mail account and your Facebook account.

Quote:
Originally Posted by svzephyr44 View Post
7. You are right about PKI.
Thoughts??
Using encryption is overkill for the average person and doesn't get around many of the actual issues that users face.

They key message through all of this is that there is *NO METHOD* for protecting yourself if you choose to use a public terminal. Don't do it. Don't login to your e-mail, web bank account or even Facebook from someone else's machine. Don't do it.

When you use your own machine, you simply need to practice safe web browsing.
1. Login to only SSL sites
2. Do not open strange attachments
3. Be very sure you only connect to known WiFi networks; If you have a low-limit credit card, use that.
4. Windows users: Ensure you have your antivirus up to date, firewall enabled and file sharing, desktop sharing and peer-to-peer sharing disabled. Don't forget your other services.
5. Linux users: Ensure you know what daemons/servers you have running, use IPTables firewalls for added safety and particularly use Fail2Ban.
6. Mac users: Hmmm, sorry, I'm not a mac user. I bet the linux advice applies to you as well.
7. Separate the fear (FUD) from actual threats. Don't bury your head in the sand or throw the dice with your choices because this subject sounds complicated or scary.

I hope this helps at least one person.
02-20-2012 03:35 PM
JordanH
Quote:
Originally Posted by Minnewaska View Post
I'm told that key loggers are commonly embedded in sites like Facebook. You can connect to that or any other website as securely as you like, but that wont prevent the infection. The virus will simply be transferred to you over a secure connection. Doh!
Hi Minnewaska,
I think someone is trying to scare you with the information about Facebook.
It is possible to trick people into downloading and executing a virus from Facebook links. However, using Facebook in itself cannot deliver a viral payload without the user performing some action (i.e. opening infected files or links).

Assuming people use basic safety sense; Antivirus, firewall and not opening strange attachments, it is highly unlikely you'll infect your own machine with a virus. I wouldn't spend any time worrying about viruses (including key loggers) if you practice safe browsing.

The use of key loggers is mostly seen on public terminals (web cafe's, hotel lobbies, libraries etc) because of the ease-of-access to these machines. Your personal/private laptop is difficult to reach where public terminals are easy pickings.
02-20-2012 01:47 PM
svzephyr44
Quote:
Originally Posted by shanedennis View Post
This is starting to feel way too much like my worklife. Time for me to check out of this thread and escape back into sailing stuff.
Not quite yet... (The problem with great ideas is that sooner or later they deteriorate into hard work! On the other hand if you are anywhere nearby I will take you sailing for your thoughts.)

The original premise of this thread was that someone hijacked a set of account using a WiFi connection. I have been rolling this over and have come up with the following.

1. Presuming you are using your own computer make sure that network and file sharing are turned off. I don't know how many times I have checked into a hotel and found lots of computers used by the guests in the hotel. You would be amazed (or maybe not) what people store in their shared folders.

2. The reason I asked about VPN's was because if you have a business computer server you could tunnel to it. Yes, you do go outside from you server but one presumes it would be harder to install malware on the server.

3. Another option that might be useful would be a tool like "go to my PC." Of course this would not work on a shared computer (the keystroke logger problem still exists) but if you are using your own machine I believe you would have end to end encryption to your home computer.

4. Don't use web based access. I know that the "cloud" is the big thing these days, but for example financial transactions are a lot safer when downloaded to Quicken then when accessed on the web.

5. If you are somewhere that has decent cell phone coverage use two stage logons where possible. This is where you log on, the vendor sends your cell phone an access code, and you have to type the access code to gain access to your account. This system is now commonplace in the gaming community since hacking accounts is considered by some to be just another game. The other advantage is you know within seconds if someone is trying to get into your account.

6. And to repeat the advice of many - if you have stuff to protect use a single computer to only go to those sites. Don't expect to cruise around Facebook or Google or Yahoo and then go do your banking on the same computer and have any sense of security.

7. You are right about PKI. I do have a certificate but so few people do that the ability to send encrypted email and so forth is very limited. Also I don't know how to use the certificate with something like web based email - Outlook does send it and the receiver gets a message that I am who I say I am. But if I sent the same message from Google Web no such validation exists.

Thoughts??
02-19-2012 04:22 PM
shanedennis
Quote:
Originally Posted by svzephyr44 View Post
A couple of questions:

1. Presuming you are a regular cruiser who do you get to host the other end of a VPN tunnel?
2. There has been no discussion of PKI. Would a personal certificate help, particularly for someone running a business from their boat? I was hoping that some of the financial institutions would become certificate authorities as a service to their customers. Don't know of any now that do.

A penny (which you have to come and find me to collect) for your thoughts.

1. The other end of the VPN tunnel is a private, secure network. There is little to be gained using a VPN for browsing the public internet because your submissions always have to leave your your private network and travel over the public internet to reach public sites (eg: your bank). VPNs are intended to secure private networks only. The other end of the VPN is the secure, private network you want to connect to. For example, your bank may have a VPN which allows their employees to securely work from home but for security reasons they are never going to let their customers use it.

2. Good idea! Until that happens SSL certificates (https) serve the same purpose. As log as you ensure the domain name of your site is correct and you heed "invalid certificate" warning messages the SSL certificate provide extremely secure communications.

Remember, the internet, by it's very nature, is public and subsversive. It was designed to be an indestructible public network. This is why the Chinese, Egyptians, Syrians, Libyans etc have such a hard time controlling it. The best way to ensure your own security is to keep your computers free of spyware and ensure any sites you are communicating sensitive information with use SSL (https).

This is starting to feel way too much like my worklife. Time for me to check out of this thread and escape back into sailing stuff.
02-19-2012 02:10 PM
Chkm8 Hi ALL .. setup Gmail Yahoo and Facebook to send password info to your cell phone hacker can't get that very easy and you can always recover it and set a delete password for old files for backup and download a copy of contacts. This gives you proof of info! It can be Done .. Paul
02-19-2012 02:01 PM
Minnewaska I'm told that key loggers are commonly embedded in sites like Facebook. You can connect to that or any other website as securely as you like, but that wont prevent the infection. The virus will simply be transferred to you over a secure connection. Doh!
02-19-2012 01:46 PM
svzephyr44
Pki

Quote:
Originally Posted by JordanH View Post
There is good advice on this thread, and some misinformation as well.

I work in the field and have to advise on this stuff often.
A couple of questions:

1. Presuming you are a regular cruiser who do you get to host the other end of a VPN tunnel?
2. There has been no discussion of PKI. Would a personal certificate help, particularly for someone running a business from their boat? I was hoping that some of the financial institutions would become certificate authorities as a service to their customers. Don't know of any now that do.

A penny (which you have to come and find me to collect) for your thoughts.
This thread has more than 10 replies. Click here to review the whole thread.

 
Posting Rules
You may post new threads
You may post replies
You may post attachments
You may edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On


All times are GMT -4. The time now is 11:59 PM.

Add to My Yahoo!         
Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.
SEO by vBSEO 3.6.1
(c) Marine.com LLC 2000-2012

The SailNet.com store is owned and operated by a company independent of the SailNet.com forum. You are now leaving the SailNet forum. Click OK to continue or Cancel to return to the SailNet forum.