[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: firewall package for laptop wi-fi client

On Fri, 07 Jan 2011 20:53:44 +0200, Andrei Popescu wrote:

> On Vi, 07 ian 11, 16:23:16, Eduardo M KALINOWSKI wrote:
>> On Sex, 07 Jan 2011, Andrei Popescu wrote:
>> >If you consider an open wireless to be more dangerous, what additional
>> >protective measures do you suggest?
>> Enable encryption of the wireless traffic (but not WEP, which is too
>> weak).
> I might not have control over that (hotel or pub wireless).
>> SSL is always nice, but there isn't much you can do if the remote site
>> does not use it.
>> A VPN (or a ssh tunnel) will provide more security, but you'll need a
>> remote host.
> No, I'm not going to set up a VPN just to browse public sites from a
> public wireless. Of course, I would not access sensitive stuff unless
> properly protected (SSH, SSL, ...), but this is not different than what
> I'm doing anyway when using my home connection (wired or not).
> What *other* protection do you think is necessary, something that you
> would not do anyway if the same computer was connected *directly* to the
> internet (no NAT and/or external firewall)?

Open wifi hot-spots (or open networks) are dangerous because all your 
"neighbors" can represent a potential security risk (they have "physical" 
access to your machine), meaning that you should enforce your computer 
firewall rules to treat all of the LAN computers as "untrusted" hosts 
which BTW is not the normal behavior of a firewall (in a LAN environment, 
internal hosts are the "good" guys and rules are relaxed for the whole 
LAN machines). 

For that precisely purpose there are firewall "profiles", to harden 
policies when going through open networks (aka: close all ports, do not 
allow traffic from any machine to my host and monitor all the traffic 
going in/out... alias: heads-up!).



Reply to: