Wireless Security on the Road Without a VPN
Subject:   A for effort, C for execution
Date:   2006-06-20 17:54:07
From:   chris_barker
All of this is good advice and as the previous poster brought up should be followed wherever you are, but I think the article as a whole kind of missed its intended point. Also it seems a little insincere for the author to ask us to trust O'Reilly and its authors personal sites blindly.

If the target audience is readers who dont have access to or cant figure out how to setup VPNs, most of the advice presented here probably wont make much sense and some of it is actually wrong. Using the "secure" (encrypted) version of any protocol helps a little bit but honestly your messages are going to end up unencrypted somewhere so its not a cure-all by any means.

Additionally due to the way DNS really works, the advice presented here is just hogwash. DNS is in no way a "standalone" thing, even the best servers almost always depend on as many as 40 other servers which are outside of the "good" server admin's control. If one of those gets compromised, you still get "bad" DNS.

Using IP addresses instead of URLs is also pretty much useless. If someone is monitoring your web access they can capture and check the IP address of a server just as easily as reading an interesting URL.

OK having said that, if readers are interested in setting up "stronger" connectivity for email, ask the people who take care of your mail service if they support SSL (sometimes called TLS) for POP and SMTP (recieving and sending) and ask them for the details you will need to use SSL/TLS. Once thats done, if you are using, go into the preferences and account settings to enter these changes for each of your accounts. If you check the checkboxes for SSL/TLS in your preferences, will change the port numbers used to connect to your mail server(s). The numbers it uses are the standard ones, but make sure they match what your provider told you for the details of their servers. Some providers may try and tell you these things only work with MS Outlook, but I've found that does SSL/TLS for POP & SMTP just fine. Dont forget that this connection is only "secure" between your computer and the mail server itself. Once your mail leaves the server its sent in the clear.

In any case, the advice to look for https in a URL or to use SFTP, SSH, etc is good. Just remember that its still not any kind of guarantee of security.

If you are even mildly serious about security when traveling for business, make your techies setup an IPSEC VPN. Almost every firewall on the market includes this feature and your Mac has the client software built in. There are plenty of good books about setting up IPSEC VPNs out there for less than the cost of a business dinner. Unfortunately the first and second edition of the O'Reilly VPN books cost more than a pizza and were far less satisfying.

1 to 1 of 1
  1. FJ de Kermadec photo A for effort, C for execution
    2006-06-21 00:10:54  FJ de Kermadec | O'Reilly Blogger [View]

1 to 1 of 1