Re: wired network security

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MLisa Kachold at <-
MBob Holtzman at ->
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: Bob Holtzman
Date:  
To: plug-discuss
Subject: Re: wired network security
On Sat, Nov 01, 2014 at 05:42:36PM -0400, Michael Butash wrote:
> Your wireless doesn't initiate any security upstream to the
> internet, only making sure your neighbors aren't watching what
> you're looking at on the internet. Trivial without any encryption,
> gradients harder based on your choice of router and/or encryption.
> Use wpa2 with aes (not tkip) with a complex password, you're good
> (for now).

That's what my set up is at present.

>
> VPN only encrypts you to a gateway of your choice and NAT's you out
> their address to the world. Usually work or other admin function,
> but others use these to hide where they bittorrent movies from so
> media cartel ambulance chasers go fish in a foreign country and
> service that doesn't keep your origin IP logs (in theory). If you
> vpn to something, and connect to a website unencrypted, someone can
> still see what is contained in your packets to be able to reassemble
> them if when they hit government black box collectors off optical
> taps at all your favorite ISP's.
>
> Tor is *like* this, but egressing and NAT'ing you out any number of
> random gateways that people donate bandwidth (and liability) to.
>
> Tor and vpn's are more about hiding your IP identity, which with a
> court order is trivial to get your ISP to tell them who you are
> (almost trivial it seems even without these days).
>
> If you want to secure data, you need end to end encryption, so make
> sure everything you connect to uses some kind of ssl, tls,
> encryption, etc - no router will save you. Https on web pages, ssh
> on admin sessions, etc (look for "https everywhere" plugins for your
> browser).

I think I was slowly coming around to that idea. Thanks for the kick.
What was confusing me was that Stephen Partington's reply talked about
turning on security and I was going nuts trying to find out how for my
*wired* connection, which was the subject of my post.

> Sadly there are still a lot of crappy applications that
> talk to the internet that do NOT use encryption on their socket
> connections to send data. Figure out which, and banish them from
> your routines/usage.

Dandy, but looking at source code tells a nonprogrammer (me) little.

I guess I'll just coast along with https for the important stuff even
tho I've read that it can be spoofed.

--
Bob Holtzman
Giant intergalactic brain-sucking hyperbacteria
came to Earth to rape our women and create a race
of mindless zombies. Look! It's working!
---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss

This message was posted to the following mailing lists:
Plug Discuss
Mailing List Info | Nearby Messages		<-Re: wired network securityinstallfest yesterday.....->
Some Mailing List Archive administrated by UnconfiguredLurker (version 2.3)