Wireless Security on the Road Without a VPN
Subject:   A for effort, C for execution
Date:   2006-06-21 00:10:54
From:   F.J.
Response to: A for effort, C for execution


I am afraid I wasn't clear: in no way am I asking you to trust O'Reilly or its authors blindly. The examples I quote are simply URLs of "general purpose" sites that do not make logging into a system or passing along confidential information mandatory. You'll notice I rely on good old "*" a couple times in the article but, for the sake of diversity, thought I should also quote some real world examples.

Encrypted protocols certainly do not encrypt the message on the destination server. That is not what they are intended to do. In that, I do not believe recommending that they be used be "wrong". If one cannot expect one's email provider or host to take reasonably good care of one's accounts, then the problem goes beyond what most users would be able to solve by themselves.

As far as DNS goes, I agree as well: the way it works makes it easy for one bad server to poison a great many downstream servers. Yet, if one is on a particularly weak link, it cannot hurt to bypass that one, which brings the odds of a "bad server" back to those one would encounter on a home or small business connection.

I also agree about the IP. On a moderately busy WiFi network however, access logs can be pretty large. Conducting a reverse DNS lookup, no matter how easy, is an additional step to take for someone who will, anyway, normally have a great deal of addresses to look up. Also, note I am not recommending one uses IP addresses to thwart shoulder surfers but simply as a way to avoid relying on the local DNS server.

All in all, we seem to agree! Remember this article is intended for readers who do not have a "techie" at hand, which is a vast majority of users. And as far as firewalls including VPN servers, I am afraid this is not the case: most of them allow for VPN pass-through but they do not act as servers themselves.