| Events |
|
|
|
|
|
|
|
|
| Services |
|
|
|
|
|
|
|
|
| Interact |
|
|
| -
|
| -
|
|
|
|
|
| About Us |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Re: [vox-tech] Laptop WiFi Security
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [vox-tech] Laptop WiFi Security
Bob Scofield wrote:
I have two questions about WiFi security in laptops. (I don't have a laptop
that allows me to do much WiFi, but I'm interested in these issues anyway.)
If a person uses a WiFi connection at an airport, hotel, coffee house, etc.
clearly the connection is not encrypted. I have been told that if you use an
open connection, someone can get into your hard drive. That is, a hacker
could read your files. This leads me to ask two questions.
1) One computer professional told me that the solution to the problem is to
have firewall software on your laptop. He recommends Zone Alarm for Windows,
but my interest is Linux. I know that SuSE comes with a firewall. My first
question is: Is there a firewall package for Debian?
Firestarter is a nice little GUI-based firewall. I use that and like it.
2) The second question is whether there is *any* merit in the following idea
I thought of. Suppose you had a laptop that had a major Windows partition,
and a major Linux partition on it. Suppose you also put a second very small
Linux partition on it. The small Linux partition would be used exclusively
for e-mail and web surfing at open WiFi connections.
Would such a set up protect the files in the main Linux partition when the
small partition was booted and being used with an open WiFi connection? I
suppose one problem with such a Baroque set up would be that the password you
use for e-mail on the small Linux partition would still be subject to theft
by a hacker.
So is there any value in this type of set up?
Thank you.
Bob
I guess that would be effective ... as long as no one gained root
access. (If they did, they could just mount the other partitions.)
Personally, I think it's overkill, though. There's several security
tweaks that I'd recommend doing to a laptop before even considering
that, such as:
* run a firewall, like above, and only allow port forwarding to a daemon
when absolutely necessary
* disable all unnecessary daemons - especially login shells like ssh,
telnet, etc. Also samba too.
* if you must allow ssh access, don't allow root logins, and only allow
access via public keys instead of passwords
* keep your systems up-to-date with your distro's latest security patches
* since you're using an unsecured and unencrypted network, try to use
encryption for outgoing traffic whenever possible - i.e., use ssh,
https, imaps, tls, etc.
If you religiously apply techniques like this, I'd say you'll be in very
good shape security-wise, and there's probably no need to do what you're
suggesting. It certainly can't hurt, but I think it provides not much
benefit for the amount of work involved.
Just my $0.02.
HTH,
DR
_______________________________________________
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech
|
|
