A post I made about firewalls got me thinking about data security over public wi-fi networks. It seems my concerns ragarding needing a firewall may be unsound, and so this got me thinking about other things.

I will be using my soon-to-be-delivered X51v on a trip soon and will have to use a hotel wifi network for internet access.

Now I understand that the traffic can be intercepted and disseminated and so would obviously avoid anything I didn't want being compromised (ie. entering credit card numbers).

However, I will need to use my Yahoo Mail account pretty regularly as well as Skype.

I can sign into Yahoo Mail using SSL, so should be pretty safe as far as someone findin gout my password, but I guess anyone determined enough could view the same things I view in Yahoo Mail.

Could anyone access my Mail other than the pages I view? They won't have my login so I guess will only see pages I request and they intercept?

Also, would using IMAP4 be more secure than using HTTP for Yahoo Mail, as I understand that I can IMAP4 to the account (though I have not looked into this)?

And I assume Skype is already secure in terms of someone intercepting the login details and/or conversation?

Also, is there anything I can do, buy, sign up to, which will secure all my traffic while surfing on the hotel wireless network?

Thanks

I just picked a a D-Link DWL-730AP that, in router mode, provides NAT. Every little bit helps!

www.AKAJohnDoe.com

"Without deviation from the norm, progress is not possible" - Frank Zappa

  

If you are concerned solely about the Wi-Fi network, I believe there is software that creates a secure connection over a network. If you are talking general, then your concerns would apply to any connection, Wi-Fi or Wired.

Kevin Song
Aximsite News Editor
Aximsite Moderator

    

IMAP4 won't help you, as it'll still transmit information 'in the clear', while at least a secure HTTP connection would attempt to encrypt the connection between you adn the server. I don't know of any software that'd help you here, not really - the main problem being that if your'e connecting to an outside network, unless they're running similar software, you won't be able to get an 'encrypted connection' like the type you'd want. WPA is closest in terms of providing a (relatively) secure Internet connection, although it's not perfect and I don't see this deployed in public settings like hotel or airport connections, which tend towards WEP or open networks.

The main problem here will be that any information you send to and from the network wirelessly is open to interception and decryption... which means that they could see the stuff on the pages you'd viewed, and theoretically could get your PW, especially if the page itself handles security poorly (including your PW in a cookie it puts into your PDA, as one hypothetical example). What they would see with a sniffer is all the information you're sending and receiving, which would mean they could see the mail you'd accessed, but not necessarily what was in another message unless you opened it, or unless they got your PW.

I don't know how Skype handles encryption, however - or if it's even there, for that matter. In theory, they could collect the packets and extract voice data, but I can't think of how I'd do it off the to p of my head, but this sn't exactly my area of expertise. In your shoes, I'd be more worried about someone pickpocketing the PDA and thus getting access to all your files - that's why they sell file encryption software, after all.

 

Encryption is something I would be using anyway on my sensetive files.

With regards to wireless security in the absence of a better solution, I am leaning towards putting a small VPN box in at home and when on a public network I can VPN back to my home network and use the net over that, thus making everything being transmitted encrypted (in theory).

On thing this does bring to mind is finding a device which does not do split tunneling (which I believe most do), whereby any requests for data on the remote network goe via the VPN but requests for data on the internet go via th elocal connection thus making the VPN useless for securing net traffic.

Any suggestions on this solution or an alternative?

Are there any 3rd parties who offer this type of service to secure wireless comms? I did hear of one but they didn't do a client for PDA.

If you access your email via SSL, in order to view the pages you end up viewing they would need to crack the SSL encryption. Off the top of my head the numbers are in the trillions of possible combinations at 128bit encryption, which running a team of systems to try and crack would hundreds of years. In other words, if you do anything over SSL assuming you connect with 128 bit encryption, they won't see squat.

IMAP is plain text. HTTP is also plaintext so neither one will really be any better than the other. HTTPS (what you mentioned for Yahoo mail) is your best and safest bet. All others will be easily readable.

From this PDF - http://www.simson.net/ref/2005/OSI_Skype6.pdf
Skype is encrypted. Unlike traditional telephony and other VoIP-based systems, Skype claims to encrypt all communications with 128-bit or better cryptography ciphers, allegedly making it impossible for someone who passively intercepts a Skype conversation from deciphering or listening to its contents.

Realistically - as long as everything you do is via HTTPS or encrypted traffic such as Skype you will be fine. There really is nothing software wise you can do to avoid traffic being intercepted on a public wireless access point, but if the traffic is encrypted ... they will just be looking at a jumble of characters anyway.

Apple iPhone
O2 XDA Trion - WM6
T-Mobile SDA - WM6

 

There are several security options for you. I'll list a couple that are 100% free.

A free VPN solution is to use LogMeIn.com (offers free yr-round access), or GoToMyPC.com (offers 1 month free trial) - Either one of the VPN solutions will give you at least 128-bit SSL encryption which is secure enough to be used in the corporate environment. These both work very well on my X51V.

As far as e-mails, you're probably better off using mail2web.com to access any of your web-based e-mails - be sure to click on "Secure Login." Unlike some web-based e-mails (i.e., aol.com, etc) that only provide you with secure https only when you login, and not while browsing e-mails, and so forth.

These, should be enough to address your WIFI security concerns, while on an open WIFI hotspot or public networks.

For hotels, I use my Linksys (Cisco) G Travel Router (WTR54GS) which has good WPA+TKIP/AES encryption - this is significantly better than using WEP and/or MAC filtering, plus it has a built-in NAT firewall. Hope this feedback helps you out.

cheers

I use OpenSSH combined with putty. I've used this setup for years and highly recommend it. It's free.