Thread: Network Security on Shared Wifi?
View Single Post
svandamme svandamme is offline
Gon fix it with me hammer
 
svandamme's Avatar
 
Join Date: Sep 2003
Location: In Flanders Fields where the poppies blow
Posts: 23,537
Garage
All network connectivity happens within the OSI model


The data you send and receive over the internet is only as secure as the encryption used , typically at the Presentation Level (But can be done lower level as well, for instance with a VPN, or hardware encryption on the network etc etc).

But the application should not rely on lower levels to do the encryption.

So essentially it should not matter to you if you use a UTP cable connected to an Ethernet switch, or a Wifi connection to a known and safe Access point or a Wifi connection to a shared Wifi access point.

As far as sending and receiving data, it should be secured before it hits the air or cable.

Because in the end, how would you know if there is somebody further upstream who might just connect his laptop to a physical network switch, in the datacenter.

A geek with to much time for instance that just eavesdrops on whatever traffic passes through?
or the NSA or anybody else with an interest in whatever?

a VPN in that case will only move the weakspot to another Datacenter.. Your communication will come out in the open at the end point of the VPN vs the access point of your internet connection.

It doesn't matter if you use Wifi or Ethernet cable, or Token Ring or whatever you want.
Unless you are on a fully secured, Local network and your are not sending anything out of that network, you cannot control the security of the network when you go "online".

So your security has to be done at the 2 end points of the transmissions.
Mailserver <> client
Browser <> Webserver
etc etc


The only big issue with shared Wifi, is lack of control over the content.
If you connect to an unknown, shared, public wifi.

You may be connected to a malicious network set up to misdirect you to a fake webbanking website where they social engineer you into giving them your password and clear out your bank account.

They can do this by dns , by replacing the IP of the www.mybank.com with their own, wher they have a copy of that website.
It's a similar trick that can be done with a trojan virus on your home pc..
So the issue is not limited to shared wifi.
That's where SSL certificates come into play, those validate the website, they serve as a confirmation that the website you are looking at, is infact the right one.
It's quite complicated but it's something they cannot fake as long as your computer has not been hacked first.
You want to got to
login.mybank.com

And instead you'de be looking at http://login.mybank.com
No green, no SSL closed lock, no httpS, nothing.

The better ones would have a fake selfsigned certificate that looks nothing like your normal bank and your browser would warn you that the certificate is untrusted or expired.

So again ,the security against this, happens on your pc.
Have a good Antivirus
with internet firewall protection (that blocks incoming hackers)
with internet browser protection (that warns you for spoofed websites)
Make sure your OS is patched
Make sure you are on the right website
Check the SSL certificates https://www.globalsign.com/en/blog/how-to-view-ssl-certificate-details/
Do not proceed with your login if you get a certificate warning.
And use decent passwords and don't use the same password for everything, have levels of passwords for important and less important accounts.

probably 99% of all successful hacks are done at the End-User's side, that is the weakest link.
And a lot of it is Social Engineering.
__________________
Stijn Vandamme
EX911STARGA73EX92477EX94484EX944S8890MPHPINBALLMACHINEAKAEX987C2007
BIMDIESELBMW116D2019
Last edited by svandamme; 01-06-2018 at 01:41 AM..
Old 01-06-2018, 12:58 AM
  Pelican Parts Catalog | Tech Articles | Promos & Specials    Reply With Quote #2 (permalink)