Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 184
  • Last Modified:

How secure is "public access" in Win 7 when in a public area?

Is there still a big risk to getting hacked?
0
fcek
Asked:
fcek
  • 5
  • 4
  • 4
  • +2
11 Solutions
 
bbaoIT ConsultantCommented:
yes, it is still possible to get hacked as by default there are still open ports for firewall rules against the Public connection. you may simply change the default setting to block all incoming access for public areas.

be aware that even if all incoming access is blocked, Windows 7 still may get hacked from other ways, such as accessing vulnerable websites or running executables from untrusted sources. better also change IE's Internet Zone to High for much more safe web surfing.
0
 
fcekAuthor Commented:
Is it worth getting zone alarm or something similar?
0
 
fcekAuthor Commented:
Re > you may simply change the default setting to block all incoming access for public areas.

How do you do this in Win 7?
0
 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

 
Craig BeckCommented:
It depends on what settings your firewall uses when the 'Public' profile is in effect.  That's specific to your PC.
0
 
profgeekCommented:
In addition to the above, I would suggest loading something like ProXPN and using it when in public hot spots.  ProXPN will operate via a VPN and all Internet traffic will be encrypted end-to-end over the VPN.  It will slow down your speed, but at a public hot spot it's probably already slow anyway, and it still works fine for normal usage (not streaming media, etc., however).  ProXPN has a free account level as well as paid services.

http://proxpn.com

There are other similar services.  I would recommend using a VPN when connected to public hot spots.
0
 
bbaoIT ConsultantCommented:
Re > you may simply change the default setting to block all incoming access for public areas.

How do you do this in Win 7?

FYI

How to use security zones in Internet Explorer
http://support.microsoft.com/kb/174360
0
 
Craig BeckCommented:
Security zones in IE are for controlling access to websites and the content which is allowed to be viewed or run while visiting those websites.

Configuring security zones isn't the same as configuring a firewall and should be used in conjunction with adequate firewall rules.

To change the windows firewall configuration for the public profile, look here...

http://www.dummies.com/how-to/content/changing-windows-firewall-settings-with-advanced-s.pageCd-storyboard,pageNum-10.html

This link will provide some additional info...

http://windows.microsoft.com/en-gb/windows-vista/firewall-frequently-asked-questions
0
 
amprantiCommented:
In addition to the above, if you are using the laptop in a public area and wifi is unencrypted or using a shared key among all users, "bad" users may sniff your traffic and analyze it.

So keep in mind, even if you use the best firewall that your data "fly" unecrypted. Hence, prefer to use https sites and avoid using passwords unless is 100% necessary (avoid connecting to e-banking sites, etc)
0
 
fcekAuthor Commented:
Hi profgeek.

Does the free version of ProXPN also encrypt Outlook passwords when collecting emails?
0
 
profgeekCommented:
I think so.  The only real difference between the free and paid versions of the software is that with the paid you get better speeds and a choice of servers.  You have a fixed speed and single server (Dallas) with the free version.
0
 
bbaoIT ConsultantCommented:
> In addition to the above, I would suggest loading something like ProXPN and using it when in public hot spots.

i don't see too much benefits of using ProXPN at public hot spots. it seems only to encrypt traffic between your computer to their servers. the result is the people around you at the hot spot can't see what you are doing, but at the other end, the traffic from their servers to the Internet is still not encrypted otherwise your target sites cannot understand you at all.

for encrypted communication, the computer should always use HTTPS to access all content sensitive services, such as e-banking, emails and even search engine. for example, if you don't want other people (whatever they are at the hop spots or around the world) see what you are searching for, you need to access Google using https://www.google.com.

it doesn't help if you use something like ProXPN and access Google in plain text.

beside the common best security practices, the most important safety practice at a hot spot is to block all incoming traffic and not broadcast yourself (e.g disable MS File and Printer Sharing and MS Network Client).
0
 
profgeekCommented:
i don't see too much benefits of using ProXPN at public hot spots. it seems only to encrypt traffic between your computer to their servers. the result is the people around you at the hot spot can't see what you are doing, but at the other end, the traffic from their servers to the Internet is still not encrypted otherwise your target sites cannot understand you at all.

From the original question, it seems that what the author is worried about is what is happening at the hotspot end, not the other end.  Something like ProXPN would prevent any hotspot snoopers from being able to see anything unencrypted, including plain text.  If https is being used, it would be end-to-end.  Plain text would only be encrypted hot spot to server, as you say, but that would still make the hot spot end safe, and that's the basis of the inquiry here.
0
 
bbaoIT ConsultantCommented:
Plain text would only be encrypted hot spot to server, as you say, but that would still make the hot spot end safe, and that's the basis of the inquiry here.

it seems like saying: the people close to you are more dangerous than others. :-))
0
 
fcekAuthor Commented:
vpn

Is there a danger of being hacked from the other end of the VPN and not the coffee shop?
See this for the free version has no option to select
0
 
profgeekCommented:
No, you were inquiring about hacking in the coffee shop via public wireless.  The other end of the VPN is a secure server.  In your question, the vulnerability is on your end (the coffee shop).  Once your data has been encrypted on your computer, sent through the VPN via the coffee shop's wireless access point, it travels via wired networks the rest of the way to the server and from there out to your destination.  Since it is encrypted end-to-end to the VPN server, anyone eavesdropping in the coffee shop would not be able to read your wireless transmissions in either direction.

Are there other vulnerabilities on the Internet?  Certainly, but you were asking specifically about the public access hot spot.
0
 
bbaoIT ConsultantCommented:
> Is there a danger of being hacked from the other end of the VPN and not the coffee shop?

technically you could be hacked from anywhere, so the answer is yes for both locally at the coffee shop or from the remote site outside of the VPN.

unlike the local threats, remote malicious hosts commonly can't sniff your info via local broadcast, the attacking path is commonly via email, web browser or downloaded executables. they can also "see" the traffic content from the remote VPN server to your target websites (that's why it is recommended to always use SSL connections to access sensitive data if the remote sites support it, no matter what you are).
0

Featured Post

Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

  • 5
  • 4
  • 4
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now