Link to home
Create AccountLog in
Avatar of theclay
theclay

asked on

Work securely on a public network

I do a good bit of traveling and am often hooked up to public networks (airport, motel, etc).  I also do some web design work and would like to do so on these networks.  If I'm accessing customers' CPanels, transfering files VIA FTP, etc, is there danger that someone could steal the passwords while I'm logging on?  Most of the data being transfered isn't real sensitive - I'm more concerned about someone gaining access to the site itself.

In the process of securing my web connection, how hard would it be to set something up so I can safely access my bank accounts, PayPal, etc from wifi hotspots?
Avatar of theclay
theclay

ASKER

A related question: Right now I'm connected VIA a CAT5 cable rather than a wireless hotspot AND the motel had me log in with my name and room number before accessing the Internet.  In this case, is there any danger that someone could grab packets leaving my computer?
I would say that ALL open public wifi spots are inherently insecure.   But there are things you can do to minimize the risk.  

Whenever possible, use a VPN back to an office network encrypting all traffic if that is an option.  
Use a proxy over a secure VPN tunnel for communications if possible.
If VPN is not an option, only use https for secure browsing wherever possible.  Recently, the firesheep experiment has really shown how easy it is to hijack an http session over unsecured wifi.  


Avatar of theclay

ASKER

I have used VPN and that would be an option - although not a preferred one.  I guess there's really nothing else for wireless networks?  What about plugging in to the motel network?  Are there risks in that?
When you are loggin to the webhosting site to work on a customer CP, then its better to have the web link point to https rather than http; but for this you will require the webhsting site to have SSL certificate and stuff.

Other secure way to login to from public access point is to connect to your corporate VPN, and encrypt all the traffic there on.

But if you are asking a plain question tht if your  packets can be capture in the scenario mentioned above, yes it can be captured, all you need is a determined mind.
Avatar of DarinTCH
technically yes they ' hotle or nefarious individual" could grab packets
think nothing is ever truly secure
unless you know exactly how you are connected you can not address all possibilities

I second a secure VPN tunnel

even a third party 'log me in' is much better than generic access


read articles on a new app called firesheep and you will see how unsecure most wireless hotspots are....

that being said I still use them myself at times .... but full and well knowing what is involved
there is no danger most cpanel operate in ssl mode and it will not be a problem
Motel network will be considered as an untrusted network as we do not know anything about the setup. There are lot of procuts avaliable now-a-days that can be put in the network to capture all user activity. I would suggest you to continue to use VPN for your official and financial activities and use nornal motel network to browse in general.
Avatar of theclay

ASKER

If I have my VPN client (we use sonicwall global VPN) running and logged in, will all of my http requests go through the VPN rather than the LAN?  If not, how can I make all my network traffic go through the VPN, including my web activity?  In other words, if I'm simply logged into my VPN, is that sufficient or should I be using a remote desktop connection on a secure company computer?
i think you are worrying too much you can use vpn network setting which allows you to access publich internet via the remote server considering the client is windows
Avatar of theclay

ASKER

@mattibut: Your response is a little vague.  You're saying that if I'm connected to the office network via VPN, I can safely access sensitive sites since my computer will automatically route all Internet traffic - not just file requests to the office server - over the VPN .  Is that correct?
you can choose to route all your traffic thru the VPN which is more secure
SOLUTION
Avatar of mattibutt
mattibutt
Flag of United States of America image

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
SOLUTION
Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Avatar of theclay

ASKER

Thanks everyone for your help.  When I was originally thinking VPN, for some reason I was actually thinking of remote desktop which would work but would be distasteful.  If I could have a VPN where I could still browse from my computer and have it route all traffic over the VPN, that would be super.  I'm going to discuss it with our IT admin.  In the mean time, if anyone knows how to verify that my traffic is going over the VPN, I'd love to know how.  My IP address when doing an ipconfig is the same with or without VPN, so that's not helping me.
I use a paid VPN service:  Anonymizer.com

The software client (Windows, iPhone, and I think OSX) makes an LT2P connection to their proxy servers.

I use it all the time.  It ignores LAN traffic, letting that pass through the normal network.

It's actually helpful for troubleshooting sometimes, as the VPN out for port 80 or 443 will hit your servers from an outside location.

It's not as fast as an unencrypted connection...but that's the point.  Even http traffic on port 80 will be encrypted before it hits the LAN or WLAN.  To a sniffer, it's just encrypted packets to a remote server.

You can't see headers for https://www.experts-exchange.com or anything else.  I'm 99-44/100 sure that I'm safe.  The weak point is at the Anonymizer.com service.   A breach there would lose anonymity.  They have all of that data, and can turn it over to a search warrant or similar.  So, not a service for illegal activity.
SOLUTION
Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Working that way requires a dedicated computer running for your remote use.  Or a Terminal Server.  To me, that's wasted resources when all you need is secure internet access.  You don't need remote desktop control just to accomplish that.

Corporate policy and practices may conflict with conducting personal business on company resources, like the desktop system or using company bandwidth.
Avatar of theclay

ASKER

We already use SonicWall Global VPN for our VPN connections.  After doing a little research it appears that my Internet connection is local rather than through the VPN and that is controlled by the network administrator.  I'll need to talk to him.
SonicWall Global VPN can be set to route all traffic through your office VPN.

Alternatively, it can run split, so your "normal' internet traffic goes via your LAN route (which may be insecure), then route office traffic to through the VPN tunnel.

Ask your admin if your tunnel spits, or routes all through the office.

You can also create multiple profiles, so have a simple tunnel profile and a split tunnel profile.  Even a third profile that connects to a different office.
Avatar of theclay

ASKER

@aleghart: Are these settings all on the server side?  I'm not seeing too many options client-side.
ASKER CERTIFIED SOLUTION
Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Avatar of theclay

ASKER

Makes sense.  Thanks