Solved

How secure is "public access" in Win 7 when in a public area?

Posted on 2013-10-22
16
162 Views
Last Modified: 2013-12-27
Is there still a big risk to getting hacked?
0
Comment
Question by:fcek
  • 5
  • 4
  • 4
  • +2
16 Comments
 
LVL 37

Assisted Solution

by:Bing CISM / CISSP
Bing CISM / CISSP earned 227 total points
ID: 39590904
yes, it is still possible to get hacked as by default there are still open ports for firewall rules against the Public connection. you may simply change the default setting to block all incoming access for public areas.

be aware that even if all incoming access is blocked, Windows 7 still may get hacked from other ways, such as accessing vulnerable websites or running executables from untrusted sources. better also change IE's Internet Zone to High for much more safe web surfing.
0
 

Author Comment

by:fcek
ID: 39590912
Is it worth getting zone alarm or something similar?
0
 

Author Comment

by:fcek
ID: 39590915
Re > you may simply change the default setting to block all incoming access for public areas.

How do you do this in Win 7?
0
 
LVL 45

Assisted Solution

by:Craig Beck
Craig Beck earned 92 total points
ID: 39592034
It depends on what settings your firewall uses when the 'Public' profile is in effect.  That's specific to your PC.
0
 
LVL 12

Accepted Solution

by:
profgeek earned 136 total points
ID: 39593781
In addition to the above, I would suggest loading something like ProXPN and using it when in public hot spots.  ProXPN will operate via a VPN and all Internet traffic will be encrypted end-to-end over the VPN.  It will slow down your speed, but at a public hot spot it's probably already slow anyway, and it still works fine for normal usage (not streaming media, etc., however).  ProXPN has a free account level as well as paid services.

http://proxpn.com

There are other similar services.  I would recommend using a VPN when connected to public hot spots.
0
 
LVL 37

Assisted Solution

by:Bing CISM / CISSP
Bing CISM / CISSP earned 227 total points
ID: 39593797
Re > you may simply change the default setting to block all incoming access for public areas.

How do you do this in Win 7?

FYI

How to use security zones in Internet Explorer
http://support.microsoft.com/kb/174360
0
 
LVL 45

Assisted Solution

by:Craig Beck
Craig Beck earned 92 total points
ID: 39594903
Security zones in IE are for controlling access to websites and the content which is allowed to be viewed or run while visiting those websites.

Configuring security zones isn't the same as configuring a firewall and should be used in conjunction with adequate firewall rules.

To change the windows firewall configuration for the public profile, look here...

http://www.dummies.com/how-to/content/changing-windows-firewall-settings-with-advanced-s.pageCd-storyboard,pageNum-10.html

This link will provide some additional info...

http://windows.microsoft.com/en-gb/windows-vista/firewall-frequently-asked-questions
0
 
LVL 10

Assisted Solution

by:ampranti
ampranti earned 45 total points
ID: 39598898
In addition to the above, if you are using the laptop in a public area and wifi is unencrypted or using a shared key among all users, "bad" users may sniff your traffic and analyze it.

So keep in mind, even if you use the best firewall that your data "fly" unecrypted. Hence, prefer to use https sites and avoid using passwords unless is 100% necessary (avoid connecting to e-banking sites, etc)
0
How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

 

Author Comment

by:fcek
ID: 39628586
Hi profgeek.

Does the free version of ProXPN also encrypt Outlook passwords when collecting emails?
0
 
LVL 12

Assisted Solution

by:profgeek
profgeek earned 136 total points
ID: 39628637
I think so.  The only real difference between the free and paid versions of the software is that with the paid you get better speeds and a choice of servers.  You have a fixed speed and single server (Dallas) with the free version.
0
 
LVL 37

Assisted Solution

by:Bing CISM / CISSP
Bing CISM / CISSP earned 227 total points
ID: 39629298
> In addition to the above, I would suggest loading something like ProXPN and using it when in public hot spots.

i don't see too much benefits of using ProXPN at public hot spots. it seems only to encrypt traffic between your computer to their servers. the result is the people around you at the hot spot can't see what you are doing, but at the other end, the traffic from their servers to the Internet is still not encrypted otherwise your target sites cannot understand you at all.

for encrypted communication, the computer should always use HTTPS to access all content sensitive services, such as e-banking, emails and even search engine. for example, if you don't want other people (whatever they are at the hop spots or around the world) see what you are searching for, you need to access Google using https://www.google.com.

it doesn't help if you use something like ProXPN and access Google in plain text.

beside the common best security practices, the most important safety practice at a hot spot is to block all incoming traffic and not broadcast yourself (e.g disable MS File and Printer Sharing and MS Network Client).
0
 
LVL 12

Expert Comment

by:profgeek
ID: 39630001
i don't see too much benefits of using ProXPN at public hot spots. it seems only to encrypt traffic between your computer to their servers. the result is the people around you at the hot spot can't see what you are doing, but at the other end, the traffic from their servers to the Internet is still not encrypted otherwise your target sites cannot understand you at all.

From the original question, it seems that what the author is worried about is what is happening at the hotspot end, not the other end.  Something like ProXPN would prevent any hotspot snoopers from being able to see anything unencrypted, including plain text.  If https is being used, it would be end-to-end.  Plain text would only be encrypted hot spot to server, as you say, but that would still make the hot spot end safe, and that's the basis of the inquiry here.
0
 
LVL 37

Assisted Solution

by:Bing CISM / CISSP
Bing CISM / CISSP earned 227 total points
ID: 39632188
Plain text would only be encrypted hot spot to server, as you say, but that would still make the hot spot end safe, and that's the basis of the inquiry here.

it seems like saying: the people close to you are more dangerous than others. :-))
0
 

Author Comment

by:fcek
ID: 39667819
vpn

Is there a danger of being hacked from the other end of the VPN and not the coffee shop?
See this for the free version has no option to select
0
 
LVL 12

Assisted Solution

by:profgeek
profgeek earned 136 total points
ID: 39668025
No, you were inquiring about hacking in the coffee shop via public wireless.  The other end of the VPN is a secure server.  In your question, the vulnerability is on your end (the coffee shop).  Once your data has been encrypted on your computer, sent through the VPN via the coffee shop's wireless access point, it travels via wired networks the rest of the way to the server and from there out to your destination.  Since it is encrypted end-to-end to the VPN server, anyone eavesdropping in the coffee shop would not be able to read your wireless transmissions in either direction.

Are there other vulnerabilities on the Internet?  Certainly, but you were asking specifically about the public access hot spot.
0
 
LVL 37

Assisted Solution

by:Bing CISM / CISSP
Bing CISM / CISSP earned 227 total points
ID: 39668693
> Is there a danger of being hacked from the other end of the VPN and not the coffee shop?

technically you could be hacked from anywhere, so the answer is yes for both locally at the coffee shop or from the remote site outside of the VPN.

unlike the local threats, remote malicious hosts commonly can't sniff your info via local broadcast, the attacking path is commonly via email, web browser or downloaded executables. they can also "see" the traffic content from the remote VPN server to your target websites (that's why it is recommended to always use SSL connections to access sensitive data if the remote sites support it, no matter what you are).
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

MAC Filtering: MAC filtering is like handing a list of names to a doorman. If someone comes to the door and mentions a name, this name is checked by the doorman on his list and granted or denied access by this. This means that if someone menti…
With the purchase of CloudCommand by Comcast customers are left in a bind as subscriptions expire and render the AP's disabled. The following will explain how to flash your Ubiquiti AP's with CloudCommand firmware back to Ubiquiti firmware. HOWTO…
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now