Marina Wifi

[whammy]

The marina I am in has just gone live with its Wifi service, it is using a insecure system provided by a company called Park Wifi so there is no security like wep encryption like you would use on a home internet connection. You have to log on with a user name and password to use the system but I am a little concerned re the ''insecure'' part of the set up. I am asuming that the set up we have here is similar to what you would get in wifi hotspots in hotels and airports etc. I am new to hot spots etc and have been connecting to the net via my usb dongle from 3.

Does anyone have any experience in improving the security when you use this type of internet connection, I use the internet for banking and shopping on line so I am reluctant to use an insecure system for this. I have tried to research a thing called VPN but it lost me quite quiclkly, at present I use a free anti virus software called Avira, is it a case of buying a decent Internet security software such as Kaspersky or similar to allow one to use these hotspots safely ??????

any advice would be appreciated

 

thanks

[imnogeek]

Although a network may come accross as insecure this may only be refering to the standard wifi security. an example is if I set wifi connection that will only allow a computer to join it by the mac address of the wireless card in your computer then only you would be able to use it but the wifi connection would show as insecure.

 

if they are using VPN (virtual private networking) and you have an individual username and password to access it then this is what is used by many large companies to access the server at the office from outside the office and should be fine.

[Robbo]

Your correct a VPN is what you need, but I can see how one can easily get lost. I will see if I can get any decent information for a FAQ on the best "Hotspot VPN's" outhere. First half decent one I've seen is http://www.hotspotvpn.com/ but this is from a quick Google.

 

Note on some of your other questions put.

 

Even if the Park Wifi had wep/wpa encryption it is still more than likely not secure as you may be on the same network as everyone else who uses that HotSpot.

 

Internet Banking, etc. As long as it's using httpS (which it will be) it will be secure. However it is easy to trick alot of users who use hotspot vpns to get around this, that plus the rest of your browsing will unencrypted (email maybe, etc). The likelihood of this hack/trick is fairly small, bit with hotspot wifi becoming more common it's an issue (which a VPN solves).

 

If you have Internet at a "land based dwelling", you can set up a VPN between this and you which is fairly easy if your router supports it.

[WJM]

What are the chances of someone who skilled enough having nothing better to do than to hang around your marina trying to tap into your wireless signal? Something close to zero.

 

You are confusing general internet security with the tiny exposure your wireless network creates. This wireless network is only one tiny link in the chain, and a very insignificant risk.

[mayalld]

What are the chances of someone who skilled enough having nothing better to do than to hang around your marina trying to tap into your wireless signal? Something close to zero.

 

You are confusing general internet security with the tiny exposure your wireless network creates. This wireless network is only one tiny link in the chain, and a very insignificant risk.

 

I think that you understate the risks.

 

eavesdropping on wifi for nefarious purposes, and actually getting some information that is of use works best when two conditions are met;

• A large number of clients, in the hope that a vulnerable one will be found.
  
• The same clients attached over a decent timespan, to allow time for brute force attacks to work
  

 

Looks to me as if a marina wifi is EXACTLY the kind of site they would wish to crack.

[Robbo]

You are confusing general internet security with the tiny exposure your wireless network creates. This wireless network is only one tiny link in the chain, and a very insignificant risk.

 

The wireless chain is the easiest target as all the other links are ISPs, or the bank. A man in the middle attack is hard upstream, but easier at the source and wifi hotspots are the easiest targets.

[Gibbo]

An unsecure wireless network can be have the traffic monitored in both directions with almost no equipment and a bit of free software.

 

Passwords and secure websites will almost certainly (should) still be encrypted (via a different method) and will take a little more work but don't be surprised if someone can see and watch everything you do on one.

[whammy]

Thanks for the info guys, have decided to stick with the 3 network and use the marina wifi for a back up .

[Liam]

Although a network may come accross as insecure this may only be refering to the standard wifi security. an example is if I set wifi connection that will only allow a computer to join it by the mac address of the wireless card in your computer then only you would be able to use it but the wifi connection would show as insecure.

 

Mac address spoofing is about as easy as cracking WEP encryption. I know I've done them both, in a test environment may I add, with my own Laptop and a bit of freely available software downloaded off the internet.

[imnogeek]

Mac address spoofing is about as easy as cracking WEP encryption. I know I've done them both, in a test environment may I add, with my own Laptop and a bit of freely available software downloaded off the internet.

 

quite, but as I was trying to illustrate how a form of security can be present even though the connection was shown as insecre then this is not relevant. All forms of security have weeknesses, some more than others, having any security measure is to put off the opportunist - if someone has the knowhow then most security measures can be surpassed.

[Smelly]

I've not yet heard of proper WPA/PSK with a strong password being cracked but it's not without the realms of possibility.

 

WEP is, frankly, bollox and easily cracked by, as many have said, free software with some cheap hardware.

 

I can see where keyloggers and the like, transmitting through poorly encrypted channels could garner an awful lot of useful info quite quickly and frankly I wouldn't touch it with yours.

[cotswoldsman]

I wish my life was that interesting that it would bother me if someone managed to get all my information and knew what I was doing on the internet.

[Robbo]

I've not yet heard of proper WPA/PSK with a strong password being cracked but it's not without the realms of possibility.

 

WPA2 uses AES-256 for encryption, if you know about encryption you'll know that this is the one to use. AES-256 is 256bit to future proof it against quantum computing which basically halfs the bit to 128bit.

[Smelly]

WPA2 uses AES-256 for encryption, if you know about encryption you'll know that this is the one to use. AES-256 is 256bit to future proof it against quantum computing which basically halfs the bit to 128bit.

 

If the password's crap you could still run a hash/crib search against it. The password is everything or nothing in a PSK situation.

 

I do like the idea of 256 bit encryption though. Do they still ban highly encrypted transmission in US/France/Italy?

 

At Cotswoldman. I know what you mean. Once upon a time I was someone to watch, then they caught me so didn't need to look anymore. I can see a principal at play but where I deal with fraud cases and HMG are a mere step away from using their powers to demand banking info and the like I can't see how my medical records can be as sensitive as my banking details; if anything I'd prefer them to be out there, at least if I make an effort to suddenly drop down dead they'll know why!

[RupertG]

Even if you've got marina wi-fi with WPA2 and 256-bit AES banana ice-cream and custard, with a password taken straight from GCHQ's Big Book Of Very Safe Passwords, it doesn't matter that much. That only protects the wireless bit. As soon as your data is inside the router, it's in clear and part of a network shared with the other users and whoever it is who's running the system. Even if they're totally honest and completely incapable of doing anything technically clever, that doesn't mean they can't be running a PC with any amount of malware under the direct control of Ivan Toreadyourdataovitch in Tomsk. Which is one reason that sensible sensitive systems use end-to-end encryption - your bank, Gmail, online payment systems and so on will be using HTTPS, which to some extent means it doesn't matter who can see the data anywhere between your computer and the server you're talking to.

 

It all boils down to playing the numbers. You can't remove all risk from the Internet, you can only look after the things you control (strong passwords - good. Not sending sensitive personal or financial data to a system you don't have any way of trusting - good) and judge that of the billion-plus people on the Net you're not so interesting that you'll be worth anyone with evil intent wasting time on you. In that context, I'd not be that bothered about using a small wi-fi system in an out-of-the-way place without wireless encryption. The extra risk is small.

 

Put it another way. I've run network scanning software on the address range I share with others locally on my ISP, and found plenty of interesting possibilities that, were I of a naughty nature, might let me cause a lot of bad things to happen. I'd guess (in some cases, know) that most if not all of those have properly encrypted wi-fi routers that would resist any attack I'm capable of mounting. If I were naughty, that's not what I'd do. Much more effective ways to spend my time.

 

Or another: a friend had a six-month stint working in Stockholm for the Swedish bit of his company. They sorted out an apartment for him, but he had to arrange net access for himself. That took a week or so, during which he noticed that most of the visible wi-fi in his block had no encryption or access control whatsoever, and he availed himself (guiltily, but what are you gonna do?) of a selection of these while waiting for Telstra to do its thing. After he'd been connected and had settled in at work, he mentioned the remarkable lack of security to a local co-worker. Who was a bit surprised that he was surprised: it turns out that in Sweden, bless it, people expect others to share their wi-fi if need be. Leaving your router open is part of the social good. I'm not aware of this causing significant problems.

[Robbo]

If the password's crap you could still run a hash/crib search against it. The password is everything or nothing in a PSK situation.

 

I do like the idea of 256 bit encryption though. Do they still ban highly encrypted transmission in US/France/Italy?

 

Yep the password is the weakest bit depending on the password, for our sensitive data we use a 56char key.

 

There are still restrictions in the US for exporting encryption, http://en.wikipedia.org/wiki/Export_of_cry...e_United_States

 

256bit is overkill unless your storing sensitive data though. For those who are wondering, you may see 1024bit, 2046bit and 4096bit, these are for public key cryptography where the numbers have to be considerably higher due to the public key bit.

 

Even if you've got marina wi-fi with WPA2 and 256-bit AES banana ice-cream and custard, with a password taken straight from GCHQ's Big Book Of Very Safe Passwords, it doesn't matter that much. That only protects the wireless bit. As soon as your data is inside the router, it's in clear and part of a network shared with the other users and whoever it is who's running the system.

 

Aye, see my previous post (#3)