Willy
Premium
join:2000-09-24
USA
 ·Verizon FIOS
 ·Optimum Online
|  Safe at public HotSpots??
I would like to know how safe I am, if at all, when using a public Wi-Fi hotspot.
I ‘m running Windows XP, fully patched, IE6 and Outlook 2003.
I use the ZoneAlarm security Suite and JiWire.
I also use Roboform as my password manager.
I guess my questions are:
1. Am I OK using Outlook to retrieve email;
2. (And most important) Am I safe logging onto sites with personal information
Banking, financial, and other password protected sites |
|
docrice
join:2008-03-31
Fremont, CA
4 edits | This has probably been answered before in different form, but here are some quick answers for the sake of brevity. Keep in mind that I'm going to generalize, else a technically-complete explanation would be rather lengthy.
There are several different areas of "security" to worry about at public access locations. The first is machine-level security (operating system hardening, software firewall / its configuration, exposed services, user privilege level, corresponding process privilege impersonation, application vulnerabilities, and of course, the actions made by the person behind the keyboard). Having your XP system fully-patched is good, and ZoneAlarm from what I understand is generally good as well. I'm assuming you have proper rule sets in place for the firewall. Application issues (such as IE not preventing a JavaScript-based attack, etc.) are other problems, but this doesn't specifically involve your exposure at a hotspot per say.
Another area in "security" is in the actual data transmissions from point A to B with the potential eavesdropping along the way. Public Wi-Fi hotspots are usually open without any link-layer security in place (for the obvious access convenience). One of JiWire's client is also a VPN client (which I assume is what you're referring to) that encrypts your data up to the point of their gateway. Beyond that, it's generally clear text unless you're using another form of encapsulation (such as SSL / TLS) to the final endpoint (website, mail server, etc.). In general, your traffic beyond their VPN server will be plainly visible to everyone unless the protocols involved make use of some form of encryption.
So from the perspective of the hotspot coverage area itself, if you're using an encrypted encapsulation method (IPSec or SSL VPN), your data is generally safe. This does depend on how the VPN client is set up (split-tunneling disabled, negotiated cipher suites, etc.) and I don't have any experience with the JiWire client to know how it's configured.
Banking sites and other entities which involve sensitive personal information will typically enable SSL / TLS for the confidential portion of the website by design (for liability reasons, etc.). "Password protected" sites usually use SSL. That said, some may not due to intended implementation or accidental neglect. Buyer beware.
If you're using your Outlook client to log onto a POP server which supports SSL-based connections, then you're ok. If not, but if you're using a VPN over the hotspot network, then you shouldn't be exposed at that point. |
|
SoonerAl
Old Enough To Know Better
Premium,MVM
join:2002-07-23
Norman, OK
|  reply to Willy
To add, if your ISP does not provide SSL email then you could setup a free Gmail account and filter your ISPs mail through that. Gmail is SSL protected. You can then access your email via Gmail webmail interface or via Outlook/Outlook Express/Windows Mail/etc depending on if your using your own PC/laptop or using a PC at a friends/families/public location or skipping among numerous ISPs, ie. at different hotels and other hotspots. This thread details how I setup all of this with Gmail, my ISP and using Windows Mail on my Vista laptop while traveling.
»Re: [AZ] Helping out relatives with sending email
--
"When all else fails, read the instructions..."
MS-MVP Windows – Desktop User Experience |
|
Willy
Premium
join:2000-09-24
USA
·Verizon FIOS
·Optimum Online
| reply to docrice
Thanks for the replies. Most of what I'm reading is alphabet soup to me. I don't understand most of what I'm reading but I'll try to reference it as I can with my limited access for the next few weeks.
When I mentioned JiWire I was actually referring to a program that, as it turns out, is no longer available. "JiWire hotspot Helper" at »www.jiwire.com/hotspot-helper-su···-faq.htm
Part of what's on that page is the following:
Q. Why can't I access my local network when JiWire hotspot Helper is enabled?
A. JiWire Wi-Fi security isolates your computer on its own encrypted private virtual network, separate from other computers on the local network. If you would like to connect to other computers or printers, you can disable hotspot security temporarily, but remember to turn it back on so your computer stays protected.
This seems to cover virtual network issue and I assume I'm in good shape at least until my subscription runs out.
What do you guys think. Again it's greek to me.
Thanks again |
|
docrice
join:2008-03-31
Fremont, CA
| As long as your VPN is up and running before you run your applications (browser, mail client, etc.), you're probably generally safe in regards to data visibility in the Wi-Fi domain. You can always do a packet trace (using something like Wireshark and WinPCap) if you're curious what gets exposed outside the tunnel, but this requires you to be able to read trace outputs. |
|
Willy
Premium
join:2000-09-24
USA | Thanks |
|
mudturtle74
join:2007-06-29
Killen, AL
| reply to Willy
I use the free hotspot Shield from AnchorFree at public hotspots:
»www.anchorfree.com/downloads/hotspot-shield/
I don't do any banking with it, but it is better than wide open connections. |
|
