wired network security

Michael Butash michael at butash.net
Sat Nov 1 14:42:36 MST 2014 

Your wireless doesn't initiate any security upstream to the internet, 
only making sure your neighbors aren't watching what you're looking at 
on the internet.  Trivial without any encryption, gradients harder based 
on your choice of router and/or encryption. Use wpa2 with aes (not tkip) 
with a complex password, you're good (for now).

VPN only encrypts you to a gateway of your choice and NAT's you out 
their address to the world.  Usually work or other admin function, but 
others use these to hide where they bittorrent movies from so media 
cartel ambulance chasers go fish in a foreign country and service that 
doesn't keep your origin IP logs (in theory). If you vpn to something, 
and connect to a website unencrypted, someone can still see what is 
contained in your packets to be able to reassemble them if when they hit 
government black box collectors off optical taps at all your favorite ISP's.

Tor is *like* this, but egressing and NAT'ing you out any number of 
random gateways that people donate bandwidth (and liability) to.

Tor and vpn's are more about hiding your IP identity, which with a court 
order is trivial to get your ISP to tell them who you are (almost 
trivial it seems even without these days).

If you want to secure data, you need end to end encryption, so make sure 
everything you connect to uses some kind of ssl, tls, encryption, etc - 
no router will save you.  Https on web pages, ssh on admin sessions, etc 
(look for "https everywhere" plugins for your browser).  Sadly there are 
still a lot of crappy applications that talk to the internet that do NOT 
use encryption on their socket connections to send data.  Figure out 
which, and banish them from your routines/usage.

-mb


On 10/31/2014 06:46 PM, Bob Holtzman wrote:
> On Wed, Oct 22, 2014 at 09:13:10PM -0700, Stephen Partington wrote:
>> well you might want to turn it on. because you are now an open AP
>>
>> http://en.wikipedia.org/wiki/Wireless_security
> Extremely sorry to be so late getting back on this. Life intrudes.
>
> Interesting link. Unfortunately it deals exclusively with wireless
> security. Did I miss something?
>
> My initial impression was that the router's encryption covered all
> signals passing thru it, wired and wireless. I now think that it only
> covers b'cast signals, leaving the wired network unprotected. Yes/no?
> Been scouring the i'net but find nothing about activating security for
> wired connections short of using ssh or maybe vpn.
>
> Any help, clarifications, pointers, etc?
>

More information about the PLUG-discuss mailing list