LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking > Linux - Wireless Networking
User Name
Password
Linux - Wireless Networking This forum is for the discussion of wireless networking in Linux.

Notices

Reply
 
Search this Thread
Old 02-18-2013, 05:05 AM   #1
jtwdyp
Member
 
Registered: Apr 2011
Distribution: antiX, Bodhi, OpenSuSE, Sabayon, etc... I multi-boot
Posts: 33

Rep: Reputation: 0
how to use wifi securely? web:https? emailTLS? or is it lost cause?


If I understand it right, using a free fifi connection at some "Internet Cafe" can expose my data to the owner of the cafe...

I think (but don't know for sure) that by carefully using trusted https: websites, the data transfered to/from the website is protected by the encryption even from the owner/operator of the wifi connection?

I'm less certain of what happens if I use a mail client like alpine to connect to an IMAP account via a TLS connection. would the owner/operator of the wifi connection be able to read the email, (body, header, or even just the so called envelope)???
 
Old 02-18-2013, 05:41 AM   #2
descendant_command
Member
 
Registered: Mar 2012
Posts: 792

Rep: Reputation: 179Reputation: 179
Quote:
Originally Posted by jtwdyp View Post
If I understand it right, using a free fifi connection at some "Internet Cafe" can expose my data to the owner of the cafe...

I think (but don't know for sure) that by carefully using trusted https: websites, the data transfered to/from the website is protected by the encryption even from the owner/operator of the wifi connection?
Yes (more or less).
Once you are connected to a public wifi network (including with encryption like wpa2) everyone else that is connected to the same network can see your plain text traffic (as on a LAN also), unless there are measures to separate traffic to individual nodes. This is where end to end encryption becomes important, so that the 'plain text' data is not visible to anyone between you and the server you are talking to. SSL web connections are (currently) reasonably secure in most situations.
It is worth considering though, other network traffic that is not encrypted, like DNS lookups for instance, there is opportunity to read (or spoof) DNS data.
Utilising VPN's or SSH tunnels to provide a secure encrypted connection to a trused server and sending all traffic via that, is a way to further reduce risk.
Quote:
I'm less certain of what happens if I use a mail client like alpine to connect to an IMAP account via a TLS connection. would the owner/operator of the wifi connection be able to read the email, (body, header, or even just the so called envelope)???
No. That is the whole point of Transport Layer Security, the entire connection is encrypted.
 
1 members found this post helpful.
Old 02-18-2013, 01:11 PM   #3
sundialsvcs
Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 5,359

Rep: Reputation: 1106Reputation: 1106Reputation: 1106Reputation: 1106Reputation: 1106Reputation: 1106Reputation: 1106Reputation: 1106Reputation: 1106
Assume that wireless, by itself, is insecure .. even if the access-point you are connecting to uses WPA2 or something else.

For that matter, assume that an ethernet cable is insecure, too, because that traffic can rather easily be "tapped," too.

Use tunneling technologies such as VPN to encrypt the traffic. Then, it doesn't matter who "taps the wires" nor by what means they do it: the traffic itself is unintelligible.
 
1 members found this post helpful.
Old 02-18-2013, 02:08 PM   #4
onebuck
Moderator
 
Registered: Jan 2005
Location: Midwest USA, Central Illinois
Distribution: SlackwareŽ
Posts: 11,148
Blog Entries: 3

Rep: Reputation: 1406Reputation: 1406Reputation: 1406Reputation: 1406Reputation: 1406Reputation: 1406Reputation: 1406Reputation: 1406Reputation: 1406Reputation: 1406
Moderator Response

Moved: This thread is more suitable in <Linux - Wireless Networking> and has been moved accordingly to help your thread/question get the exposure it deserves.
 
Old 02-25-2013, 05:39 AM   #5
jtwdyp
Member
 
Registered: Apr 2011
Distribution: antiX, Bodhi, OpenSuSE, Sabayon, etc... I multi-boot
Posts: 33

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by descendant_command View Post
Yes (more or less).
Once you are connected to a public wifi network (including with encryption like wpa2) everyone else that is connected to the same network can see your plain text traffic (as on a LAN also)
(wpa2 on a public wifi??) OK about that, and the LAN...
Since I can be sure that nobody else on my LAN at home even knows the difference between encrypted and non-encrypted data... {win xp user who needs my help to fix desktop icons that launch firefox at a bookmarked site if the bookmark goes stale (for example)} And since my laptop (to which nobody else has access) is only device on which I ever installed my wpa2-psk key. So I'm not too worried about that on my local LAN. It's when if I bring my laptop elsewhere...

Quote:
Originally Posted by descendant_command
It is worth considering though, other network traffic that is not encrypted, like DNS lookups for instance, there is opportunity to read (or spoof) DNS data.
Spoofing is why I like that my bank does two stage authentication with a private personal image that they display at the 2nd stage login prompt...

Quote:
Originally Posted by descendant_command
Utilising VPN's or SSH tunnels to provide a secure encrypted connection to a trused server and sending all traffic via that, is a way to further reduce risk.
Don't suppose there are any truly trustworthy free VPN providers out there?

Quote:
Originally Posted by descendant_command
No. That is the whole point of Transport Layer Security, the entire connection is encrypted.
Good! That is what I thought it was supposed to mean... But I wasn't sure that the so called envelope was also protected.

Thanks...
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
HTTPS and LoadBalancer (WEB) helptonewbie Linux - General 4 10-15-2010 04:19 PM
Clients cannot connect to Apache when using HTTPS to view web pages. mehoggan Linux - Server 2 06-01-2009 03:10 PM
short of HTTPS - any way to have a secure username/password on the web? rholme Linux - Security 4 05-19-2008 07:49 AM
redirecting https web page to http internal website baboow Linux - Server 2 12-17-2007 08:27 AM
Lighttpd HTTPS Web Pages Speed Synesthesia Linux - Software 0 03-07-2007 09:16 PM


All times are GMT -5. The time now is 03:42 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration