public internet security
Paul S
paulatgm at gmail.com
Sun May 6 18:42:54 UTC 2007
Bart Silverstrim said the following on 05/06/2007 10:28 AM:
>> If you setup an ssh tunnel, you can use it to point all your traffic
>> through it. Case in point, you can certainly point email to use the
>> ssh
>> tunnel thus keeping everything encrypted.
>>
>> If the op wishes to get to his deskop at home, again, ssh is the
>> key to
>> this. It can be set to allow certs or by IP - if the latter is setup,
>> while the port is there, end users on the internet will be black-
>> holed.
>>
>> The op should really consider how flexible ssh tunnels can be.
>
> Is full-on tunneling a-la' VPN a new SSH feature?
>
> I've only been familiar with ssh port forwarding and tunneling. But
> for public use, that's all that's really needed for me.
>
> I mean, think about it...remotely, the only "private" things most
> people do involves email. I port forward (with SSH) SMTP and IMAP
> traffic. All of that is then encrypted.
>
> Most people aren't picky about whether Panera's or Starbucks knows
> what websites I'm reading. Webmail is normally https-based, so it's
> encrypted, as is web banking. More to the point, you don't need to
> route all the traffic through a VPN to slow down access (if you
> wanted to hide what you're doing almost completely, that's what you
> would end up doing) nor would you need to fudge with routing issues
> to route XYZ traffic to the VPN and ABC traffic directly so as to
> have a faster, non-encumbered connection.
OK, here's what prompted me to raise this question in the first place.
It's a Q&A from the Wall Street Journal Mossburg column of May 3 at this
address:
http://mailbox.allthingsd.com/20070503/accessing-financial-web-sites-on-a-public-connection/
Here's the exact quote that has me concerned.
"Q I am concerned about security on my laptop when traveling and using
nonsecure Internet connections available at motels. Is there a way to be
secure when accessing my financial Web sites while using a motel's
connection?
A. You can install a good firewall, and sweep your laptop with security
software for spyware and other malicious software that might transmit
passwords. And you can make sure you are using antiphishing software.
Better yet, you could use a sort of private Internet tunnel, called a
Virtual Private Network, or a remote control service, like GoToMyPC, so
you are actually using your home PC --- remotely --- to contact the Web
sites involved.
But, the bottom line is that, unless you are on a network that you can
control and secure, such as a home or office network, I wouldn't advise
accessing financial accounts online, or performing financial
transactions. I wouldn't trust sensitive online transactions to any
public Internet connection, such as those at motels. There are too many
people, including other guests, the motel staff, and the people at the
company that provides the motel's Internet service, who could
potentially be watching what you are doing."
Is Mossburg just wrong when he says even https connections aren't safe
on public internets?
the OP
More information about the ubuntu-users
mailing list