public internet security

Bart Silverstrim bsilver at chrononomicon.com
Sun May 6 14:28:27 UTC 2007 

On May 5, 2007, at 5:17 PM, Chris wrote:

> Joris Dobbelsteen wrote:
>>> -----Original Message-----
>>> From: ubuntu-users-bounces at lists.ubuntu.com
>>> [mailto:ubuntu-users-bounces at lists.ubuntu.com] On Behalf Of
>>> Scott Lockwood
>>> Sent: zaterdag 5 mei 2007 16:21
>>> To: Ubuntu user technical support,not for general discussions
>>> Cc: Kubuntu Help and User Discussions
>>> Subject: Re: public internet security
>>>
>>> On Sat, 2007-05-05 at 09:30 -0400, Paul S wrote:
>> [snip]
>>> It does
>>> however address the weakness of
>> [snip]
>>> WPA.
>>
>> Which is?
>>
>> I, at this moment, do not know any design flaws in WPA that hamper  
>> its
>> security to an unacceptable level.
>> (Exclude users chosing bad passwords, which isn't a design flaw).
>>
>> - Joris
>>
>>
>
> If you setup an ssh tunnel, you can use it to point all your traffic
> through it. Case in point, you can certainly point email to use the  
> ssh
> tunnel thus keeping everything encrypted.
>
> If the op wishes to get to his deskop at home, again, ssh is the  
> key to
> this. It can be set to allow certs or by IP - if the latter is setup,
> while the port is there, end users on the internet will be black- 
> holed.
>
> The op should really consider how flexible ssh tunnels can be.

Is full-on tunneling a-la' VPN a new SSH feature?

I've only been familiar with ssh port forwarding and tunneling.  But  
for public use, that's all that's really needed for me.

I mean, think about it...remotely, the only "private" things most  
people do involves email.  I port forward (with SSH) SMTP and IMAP  
traffic.  All of that is then encrypted.

Most people aren't picky about whether Panera's or Starbucks knows  
what websites I'm reading.  Webmail is normally https-based, so it's  
encrypted, as is web banking.  More to the point, you don't need to  
route all the traffic through a VPN to slow down access (if you  
wanted to hide what you're doing almost completely, that's what you  
would end up doing) nor would you need to fudge with routing issues  
to route XYZ traffic to the VPN and ABC traffic directly so as to  
have a faster, non-encumbered connection.

Just my $.02

-Bart

More information about the ubuntu-users mailing list