Re: Securing my PC at a Wireless Hotspot?

To: debian-security@lists.debian.org
Subject: Re: Securing my PC at a Wireless Hotspot?
From: Vladislav Kurz <vladislav.kurz@webstep.net>
Date: Wed, 11 Feb 2009 09:46:33 +0100
Message-id: <[🔎] 200902110946.33685.vladislav.kurz@webstep.net>
In-reply-to: <[🔎] 20090210185115.GA11063@wabyn.net>
References: <[🔎] E1LWLoa-0000sg-00@calista.eckenfels.net> <[🔎] 49915BDD.4090907@yosh.se> <[🔎] 20090210185115.GA11063@wabyn.net>

On Tuesday 10 of February 2009, Wade Richards wrote:
> On Tue, Feb 10, 2009 at 11:50:05AM +0100, Johan 'yosh' Marklund wrote:
> > Bernd Eckenfels skrev:
> > > In article <[🔎] fe374f8d0902081747v4a99deadva1898142dac1d9db@mail.gmail.com> 
you wrote:
> > >> Use a VPN or an SSH tunnel to a trusted source.
> > >
> > > A very neat trick is using dynamic port forwarding of SSH (-D 1080).
> > > You only need to login to any SSH Server and enable the auto
> > > forwarding. Then you can enter the SSH client as a SOCKS proxy server
> > > and you are done (for surfing).
> >
> > You could use the -w option in newer ssh server versions to tunnel
> > through virtual tun devices =)
>
> One problem with tunnels is that you can accidently not use the tunnel.
>
> E.g. I have eth0 which is connected to the insecure network, and
> my encrypted tunnel to a secure network.
>
> Although the tunnel is available, the unsecure eth0 is still also
> available.  I need to correctly set up the SOCKS proxy or set up the
> routing tables, or do something to be sure that all my network traffic
> is going through the tunnel and not just directly to the unsecure eth0.
> There's no easy way to tell if you're doing it right, either, since the
> web looks basically the same from the unsecure network as from the secure
> one.

You can tell by checking routing tables, or visiting a web page that shows 
your IP. And you should know the IP of your tunnel server

> The Cisco VPN I use on my employer's Windows machine has an interesting
> feature: it completely hides the unencrypted network.  Once I create the
> VPN tunnel, my machine releases it's local IP address and there is no
> way for any network connections (other than the tunnel, of course) to go
> over the unencrypted device.  It is as if that device is disabled.
>
> This makes it idiotproof, which is an important but often overlooked
> aspect of security.
>
> So, is is possible to do that sort of thing with a Linux laptop?

OpenVPN can do that as well - look for option --redirect-gateway

-- 
regards
        Vladislav Kurz

Reply to:

References:
- Re: Securing my PC at a Wireless Hotspot?
  - From: Bernd Eckenfels <ecki@lina.inka.de>
- Re: Securing my PC at a Wireless Hotspot?
  - From: Johan 'yosh' Marklund <yosh@yosh.se>
- Re: Securing my PC at a Wireless Hotspot?
  - From: Wade Richards <wade-debian-security@wabyn.net>

Prev by Date: RE: [SECURITY] [DSA 1720-1] New TYPO3 packages fix several vulnerabilities
Next by Date: Re: Securing my PC at a Wireless Hotspot?
Previous by thread: Re: Securing my PC at a Wireless Hotspot?
Next by thread: Re: Securing my PC at a Wireless Hotspot?
Index(es):
- Date
- Thread