Ask MetaFilter questions tagged with internet and security

How can I use a computer securely and privately

Not Supplied — Mon, 08 Jun 2009 03:33:37 -0800

How can a competent but not technical geek person browse internet as securely and privately as possible, keep files private on a pc etc? Linux distro? specifics - Hi. I'd like to be able to use my computer as securely and privately as possible and am prepared to do more than average to get there, but don't want to become highly skilled at security. Is it possible to develop a straightforward plan to follow? I'd like to keep things as clean and simple as possible, without exessive time spent troubleshooting/tweaking. That said, I am as good as the next person at using computers understanding concepts etc.

I hope you get a sense that I'm not immoral or illegal...however I do browse a wide range of things, and don't trust the gov etc not to put 1+1=3.

The issues I thought of were:
Browsing securely and privately - how can I set up a computer to do this? I'm prepared to put a linux partition on my (pc) laptop - I've used Ubuntu before..can this be set up well or maybe theres a distro specifically designed for this. It would be handy if it had all internet mod cons like audio, flash pdf etc. It would also be handy if say it could save files to a data drive shared with windows partition.

Can it be set up to leave no traces on the pc? Similarly, could I store files in a hidden encrypted format?

Can I make my computer as secure as possible against being cracked over the net or by someone present? Yeh, I do think it's possible someone could try!

ISP - I can't hide from my ISP presumably...are there ones that specialise in privacy, that won't share your information at the drop of a hat? In the UK?

My practises - how can I make them tight, so there are no obvious holes in security from how I'm using the machine.

Using public wifi - is this a good alternative if you don't want an ISP storing your history? How to use it to best advantage.

And also anything I haven't thought of.

Cheers!

How to surf securely while traveling, especially outside U.S?

tangonerd — Sun, 03 May 2009 19:26:56 -0800

Is it a good idea when traveling to connect to a secure proxy with an ssh tunnel for doing business on the internet? First, is there any advantage to tunneling when accessing sites that have https such as checking email, banking and shopping tour and travel sites, possibly giving credit card or sensitive personal information?

Second, is there any legal risk to consider? If so what countries could there be legal issues with creating an SSH tunnel to a proxy from my laptop or, using portable apps, from a hotel or internet cafe computer?

Local Apache server + public wireless = problem?

oulipian — Sun, 05 Apr 2009 11:41:26 -0800

I have a new EeePC 1000HE with Windows XP, which I want to use for both web development and casual web browsing. Are there security issues with installing Apache and PHP on a machine that is also used to access public wireless internet? If so, what steps can I take to make my netbook more secure?

SSL and compromised networks?

Busoni — Sun, 22 Mar 2009 14:01:55 -0800

Does SSL protect information even if the wi-fi connection is unsecured? Say a person is using an available wi-fi network, the source of which he doesn't know. It could be a generous neighbor, or a honeypot. If the person checks his email and his bank accounts, does it matter that the URLs begin with https://?

If the ethics of this question are problematic, consider the hypothetical case of "duplicated" public wi-fi hotspots, in which a hacker creates a network with a duplicate SSID.

Will another User on my PC be able to view my favourites etc?

Weng — Wed, 18 Mar 2009 13:00:18 -0800

Windows Vista for Dummies 101: This is probably a totally stupid question, but if i create another user account on my laptop for a friend, will that person be able to view my internet history, favourites and passwords I have saved (i.e. "Remember me on this computer" and whatnot)?

How safe is P2P?

The Ardship of Cambry — Mon, 02 Mar 2009 20:04:28 -0800

How worried should I be about the recent rash of stories in the mainstream media about P2P software being used to commit identity theft? For instance, this article about medical data being found on P2P clients like Gnutella. Or this one about a family's financial data making its way onto LimeWire.
I have no experience with these particular clients, but I have used Grokster and Morpheus back in the day. Is it really possible for someone else to download your files if you haven't taken a positive action to indicate that you want to make specific files available? Is this just a case of people who are even less l33t than yours truly not understanding how P2P software works and/or having lousy security on their computers? Or is this just another case of the MSM trying to mess with my head?

DIY Secure VPN/SSH connection?

BoldStepDesign — Sat, 03 Jan 2009 21:29:28 -0800

I've been unsuccessful in getting an old pc up and running with Ubuntu or some other *nix OS. I am wondering. Is it possible to use VPN or ssh from my computer to my Dreamhost account to create a secure tunnel to their servers into to the internet? I'm using 0.00 gb on my account for bandwidth. Sound doable? Basically:

Me @ coffeeshop -- secure tunnel -- > Dreamhost -- > Out to the net.

-=--
If not can I do this running a VPS? (Virtual Private server), if so suggest some cheap hosts please.
-+--

Can I force wireless to only function via VPN?

bartleby — Mon, 14 Jan 2008 10:24:58 -0800

How do I force WiFi to only work through VPN on company laptops? I'm behind on my wireless connectivity hacks. I work in an environment which needs tight information security, so all our connections have been wired-only until now.

But we have new needs to send laptops out to the field, work from home, etc. So I need a way to protect these machines once the've left the nest. Intrusion security would be handled by endpoint security software (anti virus/spyware/firewall), so I'm not worried about that so much. But folks will be connecting to the internet via home networks with WEP or less, hotspots, etc. And they're on their own there. I don't want their keys cracked or their packets intercepted, as much as is possible.

I know that a connection can be set up which uses VPN; but from what I can tell, it's voluntary - you can choose to use it or not. I know from past experience that if the secure method is optional and/or takes a few more steps, users will go with the non-secure method more often than not. I'd like this to be automatic, so that it's both invisible or transparent to an end user, and not something they can turn off or choose not to use.

What I'd like to do is configure these machines (all various flavors of ThinkPads, BTW) so that once Wi-Fi is established, a VPN connection would be non-optional. I'd like to set up a web proxy here at HQ as the other end of that VPN, and have all those company laptop connections go through it for internet access, for security and activity monitoring. So you fire up wireless, connect to some available network, then *some magic happens* and if you want internet, it has to go through the VPN/proxy at HQ. That would secure all wireless access, right? Much of their access would be back to company data & email anyway, and awareness that the internet connection is passing through filtering/monitoring at HQ should keep people from torrenting porn on the company laptop while they're on the road.

Laptop -> potentially unsafe Wifi AP -> no internet in or out on laptop except via VPN -> monitoring/safeguarding proxy back at HQ -> The Internets

This is possible, or even commonly done, right?
Like I said, it's new to me and I may not be thinking about this the right way. Please correct me if my assumptions are wrong. If this can be done via some software that runs automatically, I'd like to hear about it. (These are all Thinkpads - can this be done via the Access Connections software we've never used?). If it's a configuration to set up on these machines and something back at HQ, please point me at some resources where I can learn to set up & manage this.

Advise me, O Wise Hive Mind! How do I force VPN-only?

What does browser encryption protect me from?

Avenger50 — Wed, 09 Jan 2008 23:57:47 -0800

When my browsing and downloading is "encrypted," who or what am I protecting myself from? Who or what exactly would or could intercept unencrypted browsing, downloads, or submitted form information? Is it my ISP? Is it a trojan on my computer? Is it a port-scanning hacker? Is it someone on my LAN monitoring traffic? What exactly does browser encryption protect me from?

My very own NORAD

saysthis — Fri, 28 Dec 2007 07:29:58 -0800

As part of my work for a client I've begun researching online privacy, cryptography, and other sundry ways of protecting oneself online. And I'm now completely creeped out and must switch NOW to uncrackable passwords, multiple email accounts, encrypting the crap out of everything I do, and generally making sure that only the things I want public on the internet are publicly accessible. But we run into the question - how do I do that without driving myself nuts trying to remember my passwords, convince everyone I know to use encrypted communication, and maintain a reasonable amount of privacy in my web surfing? And how do I do that after 8 years of webwhorage where I wasn't too concerned who knew what about me? Specifically, I'm just wondering how you manage your privacy, and if there are any software shortcuts you're aware of to make it all a less confusing experience. The crux of it is, I'm moving from a social user of the internet to a professional one. I've always maintained a pretty easy-to-find personality on the internet, and I've liked it that way. My work hasn't been connected to my social endeavors at all, and I've never been in a position where my webself was a danger to my job; it helped, actually, because I used to be an English tutor, and my students were always curious about who I was and what I did with myself outside of class.

But now I'm going into translation, and if I'm going to make a career of it, that won't hold water. Clients are going to demand that I can keep their names, and their projects, under wraps, but at the same time they're going to have to be able to find me, AND not be too wigged out that I posted that thing about eating placentas on that BBS the other day. I'm not embarrassed at this point that anyone who wants to can find that based on the info on my metafilter profile, because, well, that's the social side, and all the work I'm getting now is from people who already know that I will occasionally joke about that. For example. In the future, when the people employing me aren't drinking buddies and exes, I could see that being a problem. And that time isn't far off.

As I understand it, I'm going to need new emails, new aliases, new passwords, and new bio information on lots of sites, which will in many cases, like technorati and digg, mean double accounts. It will also mean the work aliases have to be just as public, if not MORE public, than the personal ones, because it's those that will make up my references and resume in the future. And I'm going to have to lock down my existing accounts a lot tighter than they are now and separate some of the activity. And that's alright. If you've experienced this, how do you keep all of your personalities and data straight and secure? What limits do you place on yourself? From someone who's been using the same emails, aliases, and lax attitude toward security for the last few years, this is going to be a big adjustment, so any and all advice is welcomed.

How do I access a work PC from home - file access only?

valleys — Sat, 23 Jun 2007 06:41:36 -0800

How do I access files on my work PC from home? I just need to share files, not take control of the computer. Assume I know nothing about networking / secure access / anything else to do with this subject. I've looked at Remote Desktop, but the work computer needs to be fully useable by whoever is there using it. I've also done some Google searches but didn't find anything that clearly explained the options.

Both computers have XP SP2 - home has XP Home, I believe the work computer has XP Pro. I have admin access to both so can install / configure software & settings at will. Work computer is running our retail Point-Of-Sale system using custom software. I can install the software at home and would like to be able to access real-time POS data at home by accessing the data files across the internet, without locking out the work computer.

I assume I need to install something on the work computer that will allow me to securely connect and share certain files, while providing the best possible protection against hackers. Suggestions on how to proceed / what software to look at are required.

If this is something that is either a security nightmare or very difficult to set up safely, please tell me. I do have the option of working from nightly backups of the files if accessing them real-time is not feasible.

Good, free firewalls.

Effigy2000 — Wed, 25 Apr 2007 21:12:02 -0800

What's a good, free firewall I can use on my home PC (running WindowsXP SP2) that isn't Zone Alarm Pro, Sygate or Kerio? I currently use the last free version of the Sygate firewall. It's great and seems to protect my system from attacks well enough (as far as I can tell) but I'm thinking that it's probably going to start becoming ridiculously obsolete soon (if it isn't hopelessly so already). So I need a new, preferably free firewall solution for my home computer which is linked via an Ethernet cable to one other home computer.

I don't want to use Zone Alarm Pro, for the simple reason that it doesn’t get on with Nintendo's Wi-Fi service. So I suppose one other feature that I'd like to see this new firewall use would be compatibility with that service.

I've tried Kerio, but I didn't like it. Maybe I didn't configure it correctly when I used it or something, but within a day or so of running it my system had collected more spyware than you could shake a stick at, something which simply hadn't happened under Sygate. It got so bad that I had to actually restore my Windows installation to a restore point from before Kerio was installed! So sufficed to say, it was a bad experience and I don’t intend to repeat the Kerio experiment again.

If there aren't any free firewalls out there that are worth using, I'd be happy to hear a few recommendations for low cost firewall solutions, but as I'm sure many here would agree, free is pretty much always better.

Static IP, what can you do for me?

boosh — Thu, 01 Mar 2007 05:17:12 -0800

New ISP offers static IP addresses. Should I take 1 or 8? What can I use them for? Should I be concerned about the RIPE database? I'm about to switch my ADSL connection over to a new ISP (UKFSN, approximate speed should be 2-7 Mb down, 400K up). I've always had a dynamic IP address, but the new provider assigns a single static IP as standard (and if I want I can have 8 IPs for free). It raises a few questions for me:

Applications: What cool things can I do with a static IP address, especially in terms of accessing my LAN from a remote location? What are the best free applications that you've found for doing said things? Is there a way I can get media from my FreeNAS server to my laptop while travelling? Are there any particular security or privacy concerns with a static IP, and how do you deal with them?

8 IPs or 1: I've got a decent router/firewall/modem combo providing NAT and DHCP. I don't currently run my own web or mail servers. Is it worthwhile getting a 8 IP addresses (since it's free) or should I just get one? What could I use them for?

RIPE database entry: Checking through the ISP's T&Cs, I noticed a line stating that if you do request 8 or more IP addresses they may forward your details for entry into the RIPE database. Looking up my current (dynamic) IP in the database gives me my ISP's details, but what sort of information would be held about a home user with static IPs? Are your personal details entered into the administrator fields, for example? What could be discovered about an individual from a lookup? I don't plan to use the connection for nefarious activities and I'm not a political activist nor trading international secrets. but I'm slightly concerned about the privacy implications. Should I be?

Router MAC address: My (wired) router allows me to specify a MAC address instead of using the unit's own address. I've got a handful of MAC addresses from old machines at my former workplace (picked up years ago but never used - the machines/NICs in question will all have been retired/junked by now). Is there any value at all to me intermittently changing the MAC address of my router (assuming that my connection doesn't rely on continued use of the original address, as some do)?

Need new internet security programs

Joleta — Sun, 17 Dec 2006 12:48:58 -0800

I need advice for buying a new internet security suite (or individual programs). For the past few years I've been using McAfee Internet Security Suite, buying a new version each year to keep up to date, and getting 12 months of virus updates. However, I've just read some troubling reviews of McAfee Internet Security Suite 2007 and am thinking I might want to go with something else. I've had bad luck with Norton products in the past but will keep an open mind. I like the ease of a suite of products for anti-virus, firewall, anti-spam, etc. but I'm willing to consider separate products. Ease of use wins out over price. Think of this question like, what would you recommend to your mother, and you can't be there to keep it running right all the time. My computer is Windows XP Media Center Edition. And how much trouble will I have uninstalling my current McAfee Security Suite 2006 if I switch to something else?

Illicit remote access

londongeezer — Thu, 02 Nov 2006 17:51:05 -0800

Mac OS X security question: it may be that one of our employees is illicitly logging in remotely to one of our computers. The evidence: an email with attached document received on one of our work computers was, within a couple of hours of receipt, forwarded to the private email of one of our employees. This much is evident from the MS Entourage inbox.

The forwarding apparently took place on a Saturday when, as far as I know, the employee was not on the work premises. It goes without saying that the forwarding of this confidential information was, in our view, a breach of the employee's contract, and we'll have to deal with that.

What I would like to know from mefites is: what are the various means by which he might have gained access remotely to the work computer? It's running Mac OSX 10.4.4. We don't have any particular security measures in place; it's a small business and I myself login remotely to the same computer sometimes using Timbuktu; as far as I know, the employee does not have access to the Timbuktu password. I suspect he is using another method.

BTW the computer in question shares its internet connection with a second computer via IP over Firewire. The employee didn't have access to this second computer either on the Saturday when the email was forwarded.

Won't be able to respond to technical queries for the next few hours: here it's 01.45 and I'm going to bed; but any and all feedback very much appreciated.

only connect: adding a password to my router screws up my signal

grumblebee — Fri, 27 Oct 2006 16:08:22 -0800

I can't figure out how to password-protect my wireless internet connection. I'm pretty ignorant about networking, so please talk down to me. I have a Linksys Router (Wireless-B, model: BEFW1154) connected to a cable modem via an Ethernet cable. A second Ethernet cable runs from the router into my PC (Windows XP, SP2).

I typed 192.168.1.1 into my browser, set WEP to Mandatory, clicked the WEP Key Setting button and created a password.

This seemed to work: started my 2nd PC (Dell Laptop) and browsed for wireless connections. Instantly, I saw my main PC, and it had that little lock symbol by it, meaning I'd need to enter a password in order to connect with it. I did so, the machines connected, and... a message said "limited to no connectivity." Strange, because I usually get a strong signal and the two machines were just a few feet from each other (and from the router).

I turned WEP off and was instantly got an "EXCELLECT" signal. Turned it on again and got "limited or no connectivity." (And it really is "limited" since I can't use the Internet when I get that message.)

I don't get it. How is turning that security feature on affecting the signal (or making the laptop think the signal is affected)? What should I be doing? Have I totally misunderstood WEP? I just want a password on my connection.

Secure Wireless Internet

Sara Anne — Sat, 30 Sep 2006 13:14:28 -0800

How can I make a wireless internet connection as secure as possible? This question is actually for my father, whose practice is set up in a building that offers free wireless access to its tenants. His computer already has a wireless modem, so he's set up to use the service, but he feels very uncomfortable about it. He needs his messages to be VERY secure. He does evaluations for social security and the interviews he does are generally packed with lots of personal information. He'd like to be able to email things back and forth from his work computer and his home computer, but is uncomfortable with the idea of broadcasting other peoples troubles in a fashion that might be in any way accessible to the unscrupulous or nosy. Help me make my dad's life easier!

I don't think they want to help me

Tixylix — Mon, 10 Jul 2006 19:26:16 -0800

network management filter: I'm working for a local government education department. My team is meant to be maintaining/improving several large websites. The IT support people refuse to install a web browser that isn't IE 6, citing network security as the reason.... are their fears reasonable? One of the replies I got for my request for the installation of one other internet browser:

I have again spoken to Xxx Xxxx today about the problem which is being presented. Xxx has advised that as we currently have a working and maintainable internet explorer, at this stage would not go down the path of testing a new product due to the fact they do not have the resources to maintain keeping the product up to date and working on the xxx environment. Xxx did however advise that Netscape has been tested and approved for the govt COE and should this suit your requirement, we can arrange a quote for the cost of the licence. I am unsure if using alternate internet explorers will be an option as we roll over to the XP SOE,

please note that the Netscape installation will not be configured to be able to connect to the internet. Is it really such an ordeal to configure a web browser to run on a network? Are other browsers inherently less "secure" than MSIE? Cost of the licence... wtf? Is what I'm asking for unreasonable?

You Sir, name password.

DragonBoy — Wed, 21 Dec 2005 14:33:09 -0800

WebSecurityFilter: I'm looking for a PHP or CGI script which would redirect a user to their password protected folder when they enter their username and password. I am trying to build a single entry point for client access to resource files online. The idea is that I can pass out a single 'client access' URL where the client can enter their username and password which would be verified and then redirected to their folder on the server.

The maintenance of this tool needs to be absurdly easy as I plan on handing off maintenance of this to a non-tech-savvy person ASAP.

IP Security Cameras for home use

Mave_80 — Thu, 01 Dec 2005 08:14:50 -0800

Home Security Camera Filter: I'm looking for a wireless camera that can transmit over my existing 802.11g network. Ideally, it would have motion detection and the ability to record to the web rather than just my hard-drive. Where to look? What to Buy? Personal Experiences? Also bonus points for ones that can be mounted outside and most importantly, don't cost an arm and a leg. Ideally would like to keep the budget under $400. Have looked at a couple of cameras such as the DLINK and the Linksys. However, both only seem to offer recording to a PC hard-drive. This would be fine if anyone knows of a way to automatically sync the file on the harddrive to the web, that way if my PC gets nicked, I can still access the footage. Actually if there was a simple program that could do this, then I'm guessing this would be the cheapest option.

Btw, this question was inspired by an old BBC Story

How Can I Run An Open Access Point Without Jeopardizing My Computer's Security?

optimuscrime — Mon, 21 Nov 2005 16:07:34 -0800

I owe a great debt of gratitude to all the noobs in my neighbourhood who keep open, unsecured wireless networks. It's because of them that we can blog from the laundromat, blog from the waterfront park, blog from... well, you get the idea. How can I make my network 'open' to others without compromising the security of my computers? I've heard a million times that unsecured open wifi networks are asking for trouble. But my ISP doesn't cap my bandwidth usage, and I want to share my signal. I love that the student area I live in is dotted with so many wireless networks as to make access almost pervasive.

So, is there a way to offer an open access point that doesn't put the computers on my network at risk? Some caveats: I don't want to have to spend much on additional hardware (I have one wifi router), I don't really want to have to run a machine 24/7 to act as a server, and the solution's gotta be easy enough for a relative idiot (ie me) to figure out.

Home vs. university computer security

shoos — Thu, 10 Nov 2005 16:22:28 -0800

Computer security question. Is a typical home PC, when it's connected to the net via a cable to a DSL modem, any more or less secure against intrusions than if the same computer were plugged into the network on the campus of a typical, large American university? Say, for example, a UC campus.

Please explain routers, firewalls, etc.

_sirmissalot_ — Wed, 12 Oct 2005 16:08:35 -0800

Need nerd help: Is it better to use a software firewall or a router to protect oneself while connected to the internet? Pardon my igorance, but I really am quite stupid. I will be setting up new DSL service soon, and will be getting a wireless router. I have heard that routers are good at protecting "ports" or some such thing, but I don't know how that works. I've used ZoneAlarm in the past and it seems to stop worms and whatnot from "infiltrating" my "computer," but I could really use some help in understanding how I should best be protecting myself. I figured others might find this information useful, too.

What's the cheapest way to get an SSL certificate?

LukeyBoy — Thu, 23 Dec 2004 10:52:26 -0800

What's the cheapest way to get an SSL certificate (for serving HTTPS connections)? Obviously I'd want the company selling these certs to be listed in most browsers as a trusted authority.

Which Mac OS X Files let Safari securely connect to sites?

John Kenneth Fisher — Mon, 14 Jun 2004 16:38:33 -0800

Which Mac OS X Files let Safari securely connect to sites?

I'd accidentally lost some of my System (my fault) and had to reinstall, etc. to get it back. Looks like everything is working... EXCEPT when I try to connect to https:// sites. gmail, hotmail, whatever.

I have other Macs here, so if anyone knows what frameworks or whatever likely make that work, I can easily copy them over and correct the permissions. But WHICH files? (minimally more inside) Just wanted to append that I did the perms repair, other browsers are working fine, etc.