wired network security

Bob Holtzman holtzm at cox.net
Sun Nov 2 12:46:35 MST 2014


On Sat, Nov 01, 2014 at 05:42:36PM -0400, Michael Butash wrote:
> Your wireless doesn't initiate any security upstream to the
> internet, only making sure your neighbors aren't watching what
> you're looking at on the internet.  Trivial without any encryption,
> gradients harder based on your choice of router and/or encryption.
> Use wpa2 with aes (not tkip) with a complex password, you're good
> (for now).

That's what my set up is at present. 

> 
> VPN only encrypts you to a gateway of your choice and NAT's you out
> their address to the world.  Usually work or other admin function,
> but others use these to hide where they bittorrent movies from so
> media cartel ambulance chasers go fish in a foreign country and
> service that doesn't keep your origin IP logs (in theory). If you
> vpn to something, and connect to a website unencrypted, someone can
> still see what is contained in your packets to be able to reassemble
> them if when they hit government black box collectors off optical
> taps at all your favorite ISP's.
> 
> Tor is *like* this, but egressing and NAT'ing you out any number of
> random gateways that people donate bandwidth (and liability) to.
> 
> Tor and vpn's are more about hiding your IP identity, which with a
> court order is trivial to get your ISP to tell them who you are
> (almost trivial it seems even without these days).
> 
> If you want to secure data, you need end to end encryption, so make
> sure everything you connect to uses some kind of ssl, tls,
> encryption, etc - no router will save you.  Https on web pages, ssh
> on admin sessions, etc (look for "https everywhere" plugins for your
> browser).

I think I was slowly coming around to that idea. Thanks for the kick.
What was confusing me was that Stephen Partington's reply talked about
turning on security and I was going nuts trying to find out how for my
*wired* connection, which was the subject of my post.

> Sadly there are still a lot of crappy applications that
> talk to the internet that do NOT use encryption on their socket
> connections to send data.  Figure out which, and banish them from
> your routines/usage.

Dandy, but looking at source code tells a nonprogrammer (me) little.

I guess I'll just coast along with https for the important stuff even
tho I've read that it can be spoofed.

-- 
Bob Holtzman
Giant intergalactic brain-sucking hyperbacteria 
came to Earth to rape our women and create a race 
of mindless zombies.  Look!  It's working!


More information about the PLUG-discuss mailing list