public internet security
bsilver at chrononomicon.com
Sun May 6 14:28:27 UTC 2007
On May 5, 2007, at 5:17 PM, Chris wrote:
> Joris Dobbelsteen wrote:
>>> -----Original Message-----
>>> From: ubuntu-users-bounces at lists.ubuntu.com
>>> [mailto:ubuntu-users-bounces at lists.ubuntu.com] On Behalf Of
>>> Scott Lockwood
>>> Sent: zaterdag 5 mei 2007 16:21
>>> To: Ubuntu user technical support,not for general discussions
>>> Cc: Kubuntu Help and User Discussions
>>> Subject: Re: public internet security
>>> On Sat, 2007-05-05 at 09:30 -0400, Paul S wrote:
>>> It does
>>> however address the weakness of
>> Which is?
>> I, at this moment, do not know any design flaws in WPA that hamper
>> security to an unacceptable level.
>> (Exclude users chosing bad passwords, which isn't a design flaw).
>> - Joris
> If you setup an ssh tunnel, you can use it to point all your traffic
> through it. Case in point, you can certainly point email to use the
> tunnel thus keeping everything encrypted.
> If the op wishes to get to his deskop at home, again, ssh is the
> key to
> this. It can be set to allow certs or by IP - if the latter is setup,
> while the port is there, end users on the internet will be black-
> The op should really consider how flexible ssh tunnels can be.
Is full-on tunneling a-la' VPN a new SSH feature?
I've only been familiar with ssh port forwarding and tunneling. But
for public use, that's all that's really needed for me.
I mean, think about it...remotely, the only "private" things most
people do involves email. I port forward (with SSH) SMTP and IMAP
traffic. All of that is then encrypted.
Most people aren't picky about whether Panera's or Starbucks knows
what websites I'm reading. Webmail is normally https-based, so it's
encrypted, as is web banking. More to the point, you don't need to
route all the traffic through a VPN to slow down access (if you
wanted to hide what you're doing almost completely, that's what you
would end up doing) nor would you need to fudge with routing issues
to route XYZ traffic to the VPN and ABC traffic directly so as to
have a faster, non-encumbered connection.
Just my $.02
More information about the ubuntu-users