Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Let's say your roommates use an unencrypted wireless network. Is there any decent way to have secure internet? Is it practical for a novice to create an encrypted tunnle to a server 500 miles away, and then use that server as a sort of proxy? Would you just get new roommates instead?
Last edited by halfpower; 05-14-2008 at 08:06 PM.
Reason: add roommate joke
I recommend you set up a VPN, something like OpenVPN or FreeSWAN and give the users the option to connect to the VPN in order to communicate securely both within the local network while also being able to access the internet.
The roomies could use this website to set up the freeswan client on a windows computer: http://vpn.ebootis.de/
or not, they could just go insecure while you always connect to the VPN so your connection within your local network is secure. This is a very useful strategy to employ when contractors are brought into your corporate network, they can get out, but can't connect to anything on the inside network unless they connect to VPN.
Using Tor for cases like this would be asking for trouble IMHO. Not only because it's the wrong tool for the job, but because it would slow you down to a crawl and would also leave you vulnerable to all sorts of attacks by rogue exit nodes when you aren't using HTTPS websites. Keep in mind I'm talking about an always-on solution. Using Tor once in a while to stop your room-mates from snooping on you at certain times is fine as long as you take precautions (to protect yourself against evil exit nodes). Using Tor all the time would be fine too, but only if you exclusively used HTTPS sites and didn't care about your performance taking a hit.
All traffic within the Tor network is encrypted, but that only gets as far as the exit node (from there on you're on your own). This is a key characteristic of Tor which many people seem to not understand and consequently they end-up using Tor for something it wasn't designed for (it wasn't designed to provide security, only anonymity - two totally different things). Remember that dude that obtained those hundreds and hundreds of government passwords and stuff a while back? He used Tor for that. He set up rouge exit nodes with password sniffers on them, and essentially exploited the government employees' notion that Tor was magically providing them with end-to-end encryption or whatever.
I second networkr's suggestion to set up a VPN for yourself. You've got all kinds of options (both from a software and a hardware perspective) so you are sure to find one that suits your needs/tastes. For example, depending on what kind of wireless router you have, you might be able to VPN right into it, without needing to set up a dedicated VPN box. And BTW, the VPN server wouldn't have to be 500 miles away, it could be in the same house as long as it is not in any danger of being physically compromised by your room-mates, and as long as you are only concerned about them snooping on you via radio and not via copper/fiber.
As a side note, some consumer-grade wireless routers can be made to provide more than one SSID. If yours is one of those, you can have an open wireless network for your room-mates, and a WPA2-protected one exclusively for you without having to buy another router.
Do you want to secure all traffic for you and your roommates? Or do you just need it for yourself? The best/first solution would be to just secure the wireless.
If you just want to secure your web traffic (http), you could tunnel that using ssh. But, of course, you would need a server to ssh into. If they, for some reason, refuse to secure the wireless, you could just host the server at your location. You can then ssh into it for wireless, and have the traffic leave by wire (not encrypted, just like most of your traffic).
I use that because I already mess around with a server I built, and that was already available to me. The most secure solution is VPN.
You wouldn't happen to be "borrowing" some bandwidth from your roommates (or them from the neighbors)? Hence the reason for off-site VPN/solution. If so, your traffic would be encrypted but the endpoint would still be known, therefore traceable. So just in case, that would not be recommended (because it is wrong, #1, and you could get caught, #2).
Even if your roommates won't go with a secure connection, you can still set up a secure subnet on the house connection. While this won't prevent your traffic in and out from being snooped on by anybody who is piggybacking off of the house router, it will prevent any bad guys from cracking your machine using the insecure way in, and it will secure YOUR wireless traffic, even if your roommates is not secure.
The simplest way to do this is to just get another router, make sure it is set for a different address range than the house router, and plug it into the house router like it was a computer. Then plug your computer into your router (or set up a secure wireless connection to your router), and voila! you have subnetted. You then secure your subnet to suit you.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.