wired network security
Bob Holtzman
holtzm at cox.net
Sun Nov 2 12:46:35 MST 2014
On Sat, Nov 01, 2014 at 05:42:36PM -0400, Michael Butash wrote:
> Your wireless doesn't initiate any security upstream to the
> internet, only making sure your neighbors aren't watching what
> you're looking at on the internet. Trivial without any encryption,
> gradients harder based on your choice of router and/or encryption.
> Use wpa2 with aes (not tkip) with a complex password, you're good
> (for now).
That's what my set up is at present.
>
> VPN only encrypts you to a gateway of your choice and NAT's you out
> their address to the world. Usually work or other admin function,
> but others use these to hide where they bittorrent movies from so
> media cartel ambulance chasers go fish in a foreign country and
> service that doesn't keep your origin IP logs (in theory). If you
> vpn to something, and connect to a website unencrypted, someone can
> still see what is contained in your packets to be able to reassemble
> them if when they hit government black box collectors off optical
> taps at all your favorite ISP's.
>
> Tor is *like* this, but egressing and NAT'ing you out any number of
> random gateways that people donate bandwidth (and liability) to.
>
> Tor and vpn's are more about hiding your IP identity, which with a
> court order is trivial to get your ISP to tell them who you are
> (almost trivial it seems even without these days).
>
> If you want to secure data, you need end to end encryption, so make
> sure everything you connect to uses some kind of ssl, tls,
> encryption, etc - no router will save you. Https on web pages, ssh
> on admin sessions, etc (look for "https everywhere" plugins for your
> browser).
I think I was slowly coming around to that idea. Thanks for the kick.
What was confusing me was that Stephen Partington's reply talked about
turning on security and I was going nuts trying to find out how for my
*wired* connection, which was the subject of my post.
> Sadly there are still a lot of crappy applications that
> talk to the internet that do NOT use encryption on their socket
> connections to send data. Figure out which, and banish them from
> your routines/usage.
Dandy, but looking at source code tells a nonprogrammer (me) little.
I guess I'll just coast along with https for the important stuff even
tho I've read that it can be spoofed.
--
Bob Holtzman
Giant intergalactic brain-sucking hyperbacteria
came to Earth to rape our women and create a race
of mindless zombies. Look! It's working!
More information about the PLUG-discuss
mailing list