Re: wired network security

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MBob Holtzman at <-
MLisa Kachold at ->
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: Michael Butash
Date:  
To: plug-discuss
Subject: Re: wired network security
Your wireless doesn't initiate any security upstream to the internet,
only making sure your neighbors aren't watching what you're looking at
on the internet. Trivial without any encryption, gradients harder based
on your choice of router and/or encryption. Use wpa2 with aes (not tkip)
with a complex password, you're good (for now).

VPN only encrypts you to a gateway of your choice and NAT's you out
their address to the world. Usually work or other admin function, but
others use these to hide where they bittorrent movies from so media
cartel ambulance chasers go fish in a foreign country and service that
doesn't keep your origin IP logs (in theory). If you vpn to something,
and connect to a website unencrypted, someone can still see what is
contained in your packets to be able to reassemble them if when they hit
government black box collectors off optical taps at all your favorite ISP's.

Tor is *like* this, but egressing and NAT'ing you out any number of
random gateways that people donate bandwidth (and liability) to.

Tor and vpn's are more about hiding your IP identity, which with a court
order is trivial to get your ISP to tell them who you are (almost
trivial it seems even without these days).

If you want to secure data, you need end to end encryption, so make sure
everything you connect to uses some kind of ssl, tls, encryption, etc -
no router will save you. Https on web pages, ssh on admin sessions, etc
(look for "https everywhere" plugins for your browser). Sadly there are
still a lot of crappy applications that talk to the internet that do NOT
use encryption on their socket connections to send data. Figure out
which, and banish them from your routines/usage.

-mb


On 10/31/2014 06:46 PM, Bob Holtzman wrote:
> On Wed, Oct 22, 2014 at 09:13:10PM -0700, Stephen Partington wrote:
>> well you might want to turn it on. because you are now an open AP
>>
>> http://en.wikipedia.org/wiki/Wireless_security
> Extremely sorry to be so late getting back on this. Life intrudes.
>
> Interesting link. Unfortunately it deals exclusively with wireless
> security. Did I miss something?
>
> My initial impression was that the router's encryption covered all
> signals passing thru it, wired and wireless. I now think that it only
> covers b'cast signals, leaving the wired network unprotected. Yes/no?
> Been scouring the i'net but find nothing about activating security for
> wired connections short of using ssh or maybe vpn.
>
> Any help, clarifications, pointers, etc?
>

---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss

This message was posted to the following mailing lists:
Plug Discuss
Mailing List Info | Nearby Messages		<-Re: scp/connection refusedRe: wired network security->
Some Mailing List Archive administrated by UnconfiguredLurker (version 2.3)