LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Wireless Networking (http://www.linuxquestions.org/questions/linux-wireless-networking-41/)
-   -   how to use wifi securely? web:https? emailTLS? or is it lost cause? (http://www.linuxquestions.org/questions/linux-wireless-networking-41/how-to-use-wifi-securely-web-https-emailtls-or-is-it-lost-cause-4175450629/)

jtwdyp 02-18-2013 05:05 AM

how to use wifi securely? web:https? emailTLS? or is it lost cause?
 
If I understand it right, using a free fifi connection at some "Internet Cafe" can expose my data to the owner of the cafe...

I think (but don't know for sure) that by carefully using trusted https: websites, the data transfered to/from the website is protected by the encryption even from the owner/operator of the wifi connection?

I'm less certain of what happens if I use a mail client like alpine to connect to an IMAP account via a TLS connection. would the owner/operator of the wifi connection be able to read the email, (body, header, or even just the so called envelope)???

descendant_command 02-18-2013 05:41 AM

Quote:

Originally Posted by jtwdyp (Post 4894272)
If I understand it right, using a free fifi connection at some "Internet Cafe" can expose my data to the owner of the cafe...

I think (but don't know for sure) that by carefully using trusted https: websites, the data transfered to/from the website is protected by the encryption even from the owner/operator of the wifi connection?

Yes (more or less).
Once you are connected to a public wifi network (including with encryption like wpa2) everyone else that is connected to the same network can see your plain text traffic (as on a LAN also), unless there are measures to separate traffic to individual nodes. This is where end to end encryption becomes important, so that the 'plain text' data is not visible to anyone between you and the server you are talking to. SSL web connections are (currently) reasonably secure in most situations.
It is worth considering though, other network traffic that is not encrypted, like DNS lookups for instance, there is opportunity to read (or spoof) DNS data.
Utilising VPN's or SSH tunnels to provide a secure encrypted connection to a trused server and sending all traffic via that, is a way to further reduce risk.
Quote:

I'm less certain of what happens if I use a mail client like alpine to connect to an IMAP account via a TLS connection. would the owner/operator of the wifi connection be able to read the email, (body, header, or even just the so called envelope)???
No. That is the whole point of Transport Layer Security, the entire connection is encrypted.

sundialsvcs 02-18-2013 01:11 PM

Assume that wireless, by itself, is insecure .. even if the access-point you are connecting to uses WPA2 or something else.

For that matter, assume that an ethernet cable is insecure, too, because that traffic can rather easily be "tapped," too.

Use tunneling technologies such as VPN to encrypt the traffic. Then, it doesn't matter who "taps the wires" nor by what means they do it: the traffic itself is unintelligible.

onebuck 02-18-2013 02:08 PM

Moderator Response
 
Moved: This thread is more suitable in <Linux - Wireless Networking> and has been moved accordingly to help your thread/question get the exposure it deserves.

jtwdyp 02-25-2013 05:39 AM

Quote:

Originally Posted by descendant_command (Post 4894287)
Yes (more or less).
Once you are connected to a public wifi network (including with encryption like wpa2) everyone else that is connected to the same network can see your plain text traffic (as on a LAN also)

(wpa2 on a public wifi??) OK about that, and the LAN...
Since I can be sure that nobody else on my LAN at home even knows the difference between encrypted and non-encrypted data... {win xp user who needs my help to fix desktop icons that launch firefox at a bookmarked site if the bookmark goes stale (for example)} And since my laptop (to which nobody else has access) is only device on which I ever installed my wpa2-psk key. So I'm not too worried about that on my local LAN. It's when if I bring my laptop elsewhere...

Quote:

Originally Posted by descendant_command
It is worth considering though, other network traffic that is not encrypted, like DNS lookups for instance, there is opportunity to read (or spoof) DNS data.

Spoofing is why I like that my bank does two stage authentication with a private personal image that they display at the 2nd stage login prompt...

Quote:

Originally Posted by descendant_command
Utilising VPN's or SSH tunnels to provide a secure encrypted connection to a trused server and sending all traffic via that, is a way to further reduce risk.

Don't suppose there are any truly trustworthy free VPN providers out there?

Quote:

Originally Posted by descendant_command
No. That is the whole point of Transport Layer Security, the entire connection is encrypted.

Good! That is what I thought it was supposed to mean... But I wasn't sure that the so called envelope was also protected.

Thanks...


All times are GMT -5. The time now is 10:50 PM.