How to be safe on open and WEP encrypted wireless networks?
May 25, 2011 6:58 PM Subscribe
There are several open and WEP encrypted networks around my apartment complex. A neighbor has allowed me access on their WEP network, but I'm worried about the security. Is there a way to make my web traffic safe?
I know that the open networks are definitely not safe, so I feel like this is my best bet (apart from actually getting my own internet service).
What are my options? I've read some about using SSH and paid services, but I'm still confused. Would it be economical to have web traffic sent through some SSH service? I don't plan on downloading a ton of things using this network, but it would be sensitive information (bank account, email, etc).
I know that the open networks are definitely not safe, so I feel like this is my best bet (apart from actually getting my own internet service).
What are my options? I've read some about using SSH and paid services, but I'm still confused. Would it be economical to have web traffic sent through some SSH service? I don't plan on downloading a ton of things using this network, but it would be sensitive information (bank account, email, etc).
Further to my post, make sure you specify your own DNS servers. The open router could be hacked to point at bad places, allowing man- in- the-middle attacks. You could use openDns or google dns servers. Specify something like that on your own machine. I would also lock down any sharing or open ports on your machine.
posted by PickeringPete at 7:34 PM on May 25, 2011
posted by PickeringPete at 7:34 PM on May 25, 2011
I used Witopia's PersonalVPN service for just this reason a few years ago (on an open network), their simplest plan is $40/yr. As far as peace of mind goes, that's pretty cheap - but it's not strictly necessary as others have pointed out.
posted by unmake at 8:31 PM on May 25, 2011
posted by unmake at 8:31 PM on May 25, 2011
Don't believe that HTTPS sites are secure. Even banks are not necessarily secure usually because they are not using HTTPS properly.
You should be worried. Once you place that machine on someone else's network you are potentially giving them access to a LOT of your machine. Potentially all of it. Presumably you would not be asking this question if you had 100% confidence in your neighbor.
Want to know what someone could do? They could fairly easily put up a "man-in-the middle" web site for your bank, your email whatever...pass it to you via their router and then capture your log in information while passing you on to the regular site.
You log on to someone else's net and you put yourself at risk of compromising any information that you send out. That includes coffee shop WiFi of course. It comes down to just how much risk you are willing to assume.
posted by Poet_Lariat at 10:04 PM on May 25, 2011
You should be worried. Once you place that machine on someone else's network you are potentially giving them access to a LOT of your machine. Potentially all of it. Presumably you would not be asking this question if you had 100% confidence in your neighbor.
Want to know what someone could do? They could fairly easily put up a "man-in-the middle" web site for your bank, your email whatever...pass it to you via their router and then capture your log in information while passing you on to the regular site.
You log on to someone else's net and you put yourself at risk of compromising any information that you send out. That includes coffee shop WiFi of course. It comes down to just how much risk you are willing to assume.
posted by Poet_Lariat at 10:04 PM on May 25, 2011
There are a couple of threats you need to defend against.
First is stopping other machines on your LAN (i.e. anybody else who connects to your neighbor's wifi, including all the drive-by black hats that a WEP network will attract) from messing with your own. Safest way is to put a hardware firewall between your own trusted network and the wireless one you're connecting to, but that costs money. Cheapest way is to make sure your PC has a software firewall that stops others from connecting to it, and if it's a Windows box, make sure file and printer sharing is turned off and that Windows Firewall is not allowing any inbound connections (turn on "Don't allow exceptions").
Next is monitoring and/or interception of your network traffic. You deal with that by making sure all of that traffic is encrypted as it traverses the wifi. Best way to force that is to make all your traffic go via an encrypted tunnel to some trusted endpoint elsewhere on the Internet. These will typically not be free, but they'll be reasonably cheap; Amazon EC2, for example, will charge you 25c/gigabyte to pump data through a virtual machine plus 8.5c/hour or less to run that machine. There are also various subscription-based services (e.g. HotSpotVPN) that let you encrypt everything (not just web traffic) and are easier to set up than my EC2 lash-up.
posted by flabdablet at 3:28 AM on May 26, 2011 [1 favorite]
First is stopping other machines on your LAN (i.e. anybody else who connects to your neighbor's wifi, including all the drive-by black hats that a WEP network will attract) from messing with your own. Safest way is to put a hardware firewall between your own trusted network and the wireless one you're connecting to, but that costs money. Cheapest way is to make sure your PC has a software firewall that stops others from connecting to it, and if it's a Windows box, make sure file and printer sharing is turned off and that Windows Firewall is not allowing any inbound connections (turn on "Don't allow exceptions").
Next is monitoring and/or interception of your network traffic. You deal with that by making sure all of that traffic is encrypted as it traverses the wifi. Best way to force that is to make all your traffic go via an encrypted tunnel to some trusted endpoint elsewhere on the Internet. These will typically not be free, but they'll be reasonably cheap; Amazon EC2, for example, will charge you 25c/gigabyte to pump data through a virtual machine plus 8.5c/hour or less to run that machine. There are also various subscription-based services (e.g. HotSpotVPN) that let you encrypt everything (not just web traffic) and are easier to set up than my EC2 lash-up.
posted by flabdablet at 3:28 AM on May 26, 2011 [1 favorite]
Make your traffic secure? Sure - start by getting your own dedicated connection if you want to be "safer" and if you're really paranoid, don't use wireless for secure transactions (ie: banks).
I say this because after seeing a demonstration of just how easy it is to crack WEP (and to hack most wireless) I would be very leery about sharing anyones' connection, especially if I didn't know who else was sharing with me.
posted by tgrundke at 4:28 AM on May 26, 2011
I say this because after seeing a demonstration of just how easy it is to crack WEP (and to hack most wireless) I would be very leery about sharing anyones' connection, especially if I didn't know who else was sharing with me.
posted by tgrundke at 4:28 AM on May 26, 2011
The least painful solution of all is to deal with a neighbor you trust and get them to move their wireless security from WEP to WPA2 with a strong key. There is no practicable way to break into a WPA2 network unless its pre-shared key is weak enough to crack via a dictionary attack. As long as you know who else your neighbor has given the WPA2 key to, and trust everybody else who has it, that gets rid of both threats without you needing to play silly tunnel and firewall games.
posted by flabdablet at 6:36 AM on May 26, 2011
posted by flabdablet at 6:36 AM on May 26, 2011
StrongVPN. End-to-end encryption with great speeds. Works great on completely unprotected WiFi hotspots as well.
posted by blue_beetle at 10:48 AM on May 26, 2011
posted by blue_beetle at 10:48 AM on May 26, 2011
This thread is closed to new comments.
posted by PickeringPete at 7:10 PM on May 25, 2011