Jump to content
Login with your Gmail HERE and start posting in seconds! ×
Don't just read! Be part of the Community! Join the conversation ×
Our Newsletter now includes a Sunday edition! Stay updated 7 days a week!

Surfing Securely On An Unsecured Wife Network

junkofdavid2

By junkofdavid2
in IT and Computers

 Share

Recommended Posts

junkofdavid2 Gold Member

junkofdavid2

Posted
Posted (edited)

OOPS! I meant to say WIFI network, not WIFE network which is impossible to secure. :D But editing this won't allow my to edit the topic... :o

Hi,

What's the simplest way to have a simple layer of protection of your computer files when surfing on an unsecured Wifi network using your laptop?

I can access free (unsecured) wifi in several places, including my apartment.

What steps should I take to add even just one layer of security?

(I'm not a security freak... even a basic layer of security will do.) :D

Edited by junkofdavid2
Rice_King Silver Member

Rice_King

Posted
Posted (edited)

It all depends on how the wireless network at the public hotspot is configured. Most hotspots are completely unsecured and open. Check your setup (at home or at a public hotspot) by running the free Gibson Research ShieldsUp internet security checkup at GRC.

While connected to these public hotspots, even with ZoneAlarm and other software firewalls employed, you will see that your system will fail the ShieldsUp scan. This failure and vulnerability is due to the fact that the ports on most public wi-fi hotspots are not being "stealthed" at the router by employing NAT and blocking anonymous internet requests.

Edited by Rice_King
junkofdavid2 Gold Member

junkofdavid2

Posted
  • Author
Posted
It all depends on how the wireless network at the public hotspot is configured. Most hotspots are completely unsecured and open. Check your setup (at home or at a public hotspot) by running the free Gibson Research ShieldsUp internet security checkup at GRC.

While connected to these public hotspots, even with ZoneAlarm and other software firewalls employed, you will see that your system will fail the ShieldsUp scan. This failure and vulnerability is due to the fact that the ports on most public wi-fi hotspots are not being "stealthed" at the router by employing NAT and blocking anonymous internet requests.

Yes, it is completely unsecured.

Is there any freeware I can download to make my surfing a little bit more secure? (even just a little bit)?

Rice_King Silver Member

Rice_King

Posted
Posted
Yes, it is completely unsecured.

Is there any freeware I can download to make my surfing a little bit more secure? (even just a little bit)?

Use Remote Desktop via an encrypted VPN between your laptop and desktop using Hamachi or a similar application. That way, you will have a secure "tunnel" from the laptop you're using at the public hotspot to the desktop behind your router / firewall. Assuming that your home network router is configured with the firewall / NAT activated, you should be relatively safe.

Rice_King Silver Member

Rice_King

Posted
Posted
If I can suggest a VPN account, it's very useful

http://www.strongvpn.com

No Software needed

Very Fast traces to Thailand

Peace of Mind

It does look promising. However, with a $25 start up fee and $15 per month subscription, it lacks the OP's specification of "freeware."

cdnvic Star Member

cdnvic

Posted
Posted (edited)

A VPN is the preferred option, although a software firewall is usually sufficient. Even Windows' firewall will do, no need for clunky ZoneAlarm unless you are on 98/Me/2000. Having a good antivirus is essential.

Edited by cdnvic
Rice_King Silver Member

Rice_King

Posted
Posted
A VPN is the preferred option, although a software firewall is usually sufficient. Even Windows' firewall will do, no need for clunky ZoneAlarm unless you are on 98/Me/2000. Having a good antivirus is essential.

I ran the GRC ShieldsUp! scan twice on my Vista laptop from a public hotspot last week. I ran the scan first with the Windows firewall and then the newest version of Zone Alarm. Both firewalls flunked the port scan with flying colors. No stealthing whatsoever. As far as I know, there is no software firewall on the market that will give you the added security of stealthing ports like a hardware router / firewall will. If there is, I want to know about it.

cdnvic Star Member

cdnvic

Posted
Posted (edited)
A VPN is the preferred option, although a software firewall is usually sufficient. Even Windows' firewall will do, no need for clunky ZoneAlarm unless you are on 98/Me/2000. Having a good antivirus is essential.

I ran the GRC ShieldsUp! scan twice on my Vista laptop from a public hotspot last week. I ran the scan first with the Windows firewall and then the newest version of Zone Alarm. Both firewalls flunked the port scan with flying colors. No stealthing whatsoever. As far as I know, there is no software firewall on the market that will give you the added security of stealthing ports like a hardware router / firewall will. If there is, I want to know about it.

Having your ports fully stealthed is nice but not essential. For occasional surfing on public hotspots or hotel LANs the big issue is worms. Windows Firewall, Zonealarm, Kerio, etc, stop them dead in their tracks. Stealthing your system is only really needed when you have a system up 24/7 or for long periods of time.

Edited by cdnvic
bkk_mike Platinum Member

bkk_mike

Posted
Posted

A firewall and anti-virus should mean your PCs fairly safe, but your surfing won't be secure (easily readable with a packet sniffer when it's not encrypted.)

i.e. Your bank's login page will be fine, as you'll have the padlock on your browser showing what you're sending is encrypted, but normal web pages would not be secure.

Some things, like gmail, will also let you choose to use https (encryption) for your entire session, not just the login screen, simply by using https rather than http in the URL when you connect, but most don't. (But it does mean you can be secure if all you're doing is checking your email.)

Finally, some non-web applications, like Skype, are encrypted also, so would be secure.

However, putting a VPN in the middle (effectively what you're doing with Hamachi too) will slow things down as you're effectively putting another system between you and whatever you're trying to connect to. (and add the time for the encryption if the laptop's getting on a bit)

Rice_King Silver Member

Rice_King

Posted
Posted
Stealthing your system is only really needed when you have a system up 24/7 or for long periods of time.

You're probably right Vic. I wouldn't be so paranoid if everyone wasn't "out to get me." :o

However, putting a VPN in the middle (effectively what you're doing with Hamachi too) will slow things down as you're effectively putting another system between you and whatever you're trying to connect to. (and add the time for the encryption if the laptop's getting on a bit)

I'll pay that price.

stumonster Platinum Member

stumonster

Posted
Posted

a https pr0xy server would suffice to keep your browsing private - but any site requiring password login should be https anyway, and stay in https ( gmail : https://mail.google.com )

a secure software firewall on your machine will stop any outside access to your machine via the wireless connection.

junkofdavid2 Gold Member

junkofdavid2

Posted
  • Author
Posted (edited)

Sorry guys! I'm not a tech.

1) Does Zone Alarm work with Wifi too? Or does it only work with cable connections?

2) Is there any problem with running both Windows Firewall and Zone Alarm at the same time?

3) What are the disadvantages of having 2 firewalls? Will it prevent "good" data from coming into my laptop?

:o

Edited by junkofdavid2
Rice_King Silver Member

Rice_King

Posted
Posted
Sorry guys! I'm not a tech.

1) Does Zone Alarm work with Wifi too? Or does it only work with cable connections?

2) Is there any problem with running both Windows Firewall and Zone Alarm at the same time?

3) What are the disadvantages of having 2 firewalls? Will it prevent "good" data from coming into my laptop?

:o

Ok, since you're not a tech I'll make this simple.

1) Yes, No

2) Maybe (see below)

3) a. Double the configuration challenges and uses double the resources. (No advantage of having two.) b. Maybe

nikster Diamond Member

nikster

Posted
Posted (edited)
Sorry guys! I'm not a tech.

1) Does Zone Alarm work with Wifi too? Or does it only work with cable connections?

2) Is there any problem with running both Windows Firewall and Zone Alarm at the same time?

3) What are the disadvantages of having 2 firewalls? Will it prevent "good" data from coming into my laptop?

:o

Um, OK.

Different apps will protect you from different things. As has been noted, the only additional risk that you have in an unsecured WiFi network is that somebody on the local network gets into your system - they may not even know because they may just be infected by a worm.

The only thing that you need to protect yourself from that is a firewall. Windows Firewall will do just fine.

ZoneAlarm is a piece of crap IMHO and will spew out false alarms and generally make itself heard a lot for no reason - well for one reason, actually - it wants to sound important so that you keep paying your subscription. ZA removes viruses from your inbox, but that's pretty much it in terms of real security added. The rest is a lot of hot air and blinking alerts...

My recommendation for normal, sane persons:

- Use Firefox (NOT IE)

- Don't visit fishy websites (free warez, pr0n, whatever - just don't)

- Use Windows Firewall (the default on both XP and Vista)

- Either don't open attachments or if you can't help yourself, get a gmail address and let gmail do the virus scanning for you. All mail that comes through your gmail / hotmail / yahoo account is free of viruses b/c they check server side.

- For added security, make Gmail and the web interface (https://...) your main email account. Don't use Outlook.

For crazy paranoid persons:

- Use Secure-IT to lock down your windows system to a paranoid and completely hacker-proof level. I like it but I once managed to turn off even local machine level ActiveX which made some programs unusable.

For an airport-security-check, bicycle-lock kind of safety, add the AV program of your choice. IMHO they are all silly because any modern virus kit knows how to disable them. So they will save you from the viruses from 2001 that are still floating on the web but when faced with anything more dangerous they will belly-up before anything else.

As a way of explanation, a virus attack vector works like this - and every virus writer doesn't have to re-invent the wheel, there are professional toolkits out there that largely automate the process:

[1] Distribution: Hack a web page to host malicious code or use a botnet to send out bazillions of infected emails

[2] Infection: Hacked web page targets known or unknown exploit in IE or a browser-plug-in like Java, QuickTime. Most use IE and ActiveX though - low hanging fruit. Most common case is that code gets executed as a result of a weakness in IE. Or as a result of user specifically running the virus by double clicking an email attachment. Important: Most AV software offers absolutely no protection for a website / IE exploit. None. Zero. Zilch.

[3] Installation: Once the program is running on your system, it hides itself from any running AV software or simply disables AV software.

[4] Propagation: Hacked computer is used for commercial ends or propagation of virus.

Note: There's one new AV program I actually think could work in the way you'd expect. I forgot the name, and I haven't tried it but unlike others it actually prevents malware from executing, not just from writing to the HD. If anyone knows the name, plz post here...

Edited by nikster
cdnvic Star Member

cdnvic

Posted
Posted
For an airport-security-check, bicycle-lock kind of safety, add the AV program of your choice. IMHO they are all silly because any modern virus kit knows how to disable them. So they will save you from the viruses from 2001 that are still floating on the web but when faced with anything more dangerous they will belly-up before anything else.

Though there have been viruses that do this (to Norton and McAfee usually), I've never actually seen one infect a machine, and I've seen a lot of infected Machines. I've never heard of Nod32, Antivir, or Bitdefender being taken down by viruses.

In any case, the amount of times an antivirus detects and stops a threat are going to be far greater than the off chance that one may shut it down.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.






ASEANNOW

ASEANNOW (formally ThaiVisa) is Thailand's oldest and most popular expat and foriegner forum. Sign up today and have your say!

MORE INFO

POPULAR AREAS

CONTACT US

219/59 Asoke Towers, 15th Floor, Soi Sukhumvit 21, Watthana, Bangkok 10110
(+66) 99 196 1100
[email protected]

×
×
  • Create New...