One more "sensitive info" security question

I appreciate all the suggestions I received about securing private
information when using wireless internet in public places, but now I'd like
your opinion about using web security programs such as JWire Spotlock I
downloaded it because they have a free internet hotspot directory, but to
use the security feature requires a monthly subscription. If I disable all
folder sharing, use Windows XP and Internet Explorer with SP2, Microsoft
Antispyware, and install Zone Alarm or Sygate Personal Firewall, is it
necessary for me to use one of these subscription services? I'd just as
soon not obligate myself to yet another monthly bill. Also - which is the
better free firewall, ZA or Sygate? I've used both at one time or another
and liked them both. Thanks in advance! ....Pam

On 15-Sep-2005, " Pam" <(E-Mail Removed)> wrote:

> I appreciate all the suggestions I received about securing private
> information when using wireless internet in public places,

No problem. That is what this group is all about...Helping others with Wi-Fi
issues and being helped.

but now I'd
> like
> your opinion about using web security programs such as JWire Spotlock I
> downloaded it because they have a free internet hotspot directory, but to
> use the security feature requires a monthly subscription.

I'm not surprised. Wireless internet using Hot Spots is the new "Hot Thing"
and businesses are maneuvering to cash in on it. It's simply business.

> If I disable
> all
> folder sharing, use Windows XP and Internet Explorer with SP2, Microsoft
> Antispyware, and install Zone Alarm or Sygate Personal Firewall, is it
> necessary for me to use one of these subscription services?

Just add in a dash of common sense and you have everything you need to
safely surf the web in public hotspots.

> I'd just as
> soon not obligate myself to yet another monthly bill.

Well, we now know you have common sense. (smile)

> Also - which is
> the
> better free firewall, ZA or Sygate? I've used both at one time or another
>
> and liked them both.

Although I've used about every software firewall available at one time or
another, my personal preference is Sygate. That's not to say that Zone Alarm
is not worthy because it is. I just prefer Sygate.


Thanks in advance! ....Pam

You're welcome.



--
Just Me, D

" Pam" <(E-Mail Removed)> wrote in message
news:82pWe.113173$084.39707@attbi_s22...
>I appreciate all the suggestions I received about securing private
>information when using wireless internet in public places, but now I'd like
>your opinion about using web security programs such as JWire Spotlock I
>downloaded it because they have a free internet hotspot directory, but to
>use the security feature requires a monthly subscription.

> If I disable all folder sharing, use Windows XP and Internet Explorer with
> SP2, Microsoft Antispyware, and install Zone Alarm or Sygate Personal
> Firewall, is it necessary for me to use one of these subscription
> services?

Although the software is nice to have above, the buck really stops with the
XP O/S and no where else in protecting the machine from attack. You should
consider securing the XP O/S from attack by hardening the O/S for a machine
that has a direct connection to the Internet, especially a machine using the
NT based O/S. Some things you can do are disable the MS File and Print
Sharing service since I don't think you'll want to share resources with
other machines, strong passwords, disable the Everyone group account etc,
etc along with other things being mentioned in the links.

http://labmice.techtarget.com/articl...ychecklist.htm
http://www.ntsvcfg.de/ntsvcfg_eng.html
http://www.petri.co.il/disable_admin...ive_shares.htm

None of the software above is going to prevent wireless eavesdropping on the
your air waves. So if that software you're talking about kind provide
additional wireless protection on eavesdropping on the wireless air waves,
you should use it. However, you may want to find an ISP that provides a VPN
solution for their clients. They are out there too.


> I'd just as soon not obligate myself to yet another monthly bill. Also -
> which is the better free firewall, ZA or Sygate? I've used both at one
> time or another and liked them both. Thanks in advance! ....Pam

I'll be at a client's site in a hotel for the next six month with my XP pro
laptop on a dial-up direct connection to the Internet and I am now hardening
the O/S to attack and shutting down or closing things I don't need active on
the XP O/S and activating other solutions like IPsec which is being
mentioned in the link above implanting the AnalogX Secpol rules for IPsec to
supplement the BlackIce PFW that I use and IPsec can stop inbound or
outbound traffic by port, protocol, or IP behind any personal FW solution.
With the machine connected to my home network none of it is implemented.

http://www.petri.co.il/block_ping_tr...with_ipsec.htm
http://www.analogx.com/contents/articles/ipsec.htm
http://support.microsoft.com/?id=813878

The one thing that a 3rd party personal FW or IPsec cannot do is get to the
TCP/IP connection at boot and protect the machine from the Internet like the
XP FW can do and can get to the TCP/IP at boot and protect the machine
before any thing else can get there. I put a short-cut for Active Ports
(free) in the Start-folder so I can see all connections at the boot a logon
process.

Duane

On Fri, 16 Sep 2005 01:16:52 GMT, " Pam" <(E-Mail Removed)>
wrote:

>If I disable all
>folder sharing, use Windows XP and Internet Explorer with SP2, Microsoft
>Antispyware, and install Zone Alarm or Sygate Personal Firewall, is it
>necessary for me to use one of these subscription services?

No. Their major purpose is to keep your protection up to date. You
can do that yourself. It is tedious but a necessary habit. Be sure
to do updates for:
1. Windows Update.
2. Office Update.
3. Spyware scanner update (I suggest Microsloth Anti-Spyware Beta 1)
4. Anti-Virus update.
5. Firewall Update.
In addition, many applications tend to have security holes. Recently,
there are holes in Winamp, Acrobat, etc. These have either automatic
updated features or notifications that updates are available.

The real danger for laptops and wireless are sending unencrypted
logins and passwords over the internet. It's easy enough to sniff for
these and use them. For example, one of my customers non-cleverly
used the same password on *ALL* his accounts. Someone sniffed his
POP3 email login and password, figured out his eBay and Paypal ID, and
tried the password. It worked. I was fortunate enough to catch it
before they could do any damage but the potential was certainly there.
Do NOT use a password twice. Do not send unencrypted passwords over
the internet. That means use a VPN to download your mail or use
encrypted webmail (i.e. Squirrel mail) to read online. The list of
programs that send logins and passwords over the internet in the clear
is extensive so be careful.


>Also - which is the
>better free firewall, ZA or Sygate?

I like Kerio, with Zone Alarm as a tolerable 2nd best. I haven't
tried Sygate for many years. No clue on it.


--
# Jeff Liebermann 150 Felker St #D Santa Cruz CA 95060
# 831.336.2558 voice Skype: JeffLiebermann
# http://www.LearnByDestroying.com AE6KS
# http://802.11junk.com
# (E-Mail Removed)
# (E-Mail Removed)

Jeff Liebermann wrote:

> The real danger for laptops and wireless are sending unencrypted
> logins and passwords over the internet. It's easy enough to sniff for
> these and use them. For example, one of my customers non-cleverly
> used the same password on *ALL* his accounts.

It's good advice, unfortunately human nature being what it is, it _isn't_
going to happen (at least in most cases). I finally have a system where I
can use different passwords, have my computer memorize them in a secure
location (well, as secure as possible), and am starting to use more
passwords, but for most people it simply isn't an achievable goal. If you
_do_ use different passwords, how do you remember them?

> Do NOT use a password twice. Do not send unencrypted passwords over
> the internet. That means use a VPN to download your mail or use
> encrypted webmail (i.e. Squirrel mail) to read online.

That's a little extreme (and you must have meant "e.g.", not "i.e." - there
are any number of secure web mail solutions - even Hotmail encrypts the
password dialog). Many people don't have access to VPNs and Web mail is no
solution for someone who gets a lot of email. Most mail servers now can
use TLS for secure login, and most mail clients can also. TLS is a fine
alternative and if your ISP doesn't provide it ask them why not. If you
don't have a clue how to set up your email to use TLS, call your ISP's
support line and ask them.

> The list of
> programs that send logins and passwords over the internet in the clear
> is extensive so be careful.

I've been planning to close a security hole on my system for too long, and
this has prompted me to get with the program...

> I like Kerio, with Zone Alarm as a tolerable 2nd best. I haven't
> tried Sygate for many years. No clue on it.

I'm happy with Zone Alarm for my wife's purposes (my system is Linux with a
self-configured firewall). If it's only a "tolerable 2nd best", I'll
accept Jeff's recommendation of Kerio.
--
derek

Thanks again. I'll start working on security for my laptop before I attempt
to access any hotspots. You've been a great help. Best Regards, Pam
" Pam" <(E-Mail Removed)> wrote in message
news:82pWe.113173$084.39707@attbi_s22...
>I appreciate all the suggestions I received about securing private
>information when using wireless internet in public places, but now I'd like
>your opinion about using web security programs such as JWire Spotlock I
>downloaded it because they have a free internet hotspot directory, but to
>use the security feature requires a monthly subscription. If I disable all
>folder sharing, use Windows XP and Internet Explorer with SP2, Microsoft
>Antispyware, and install Zone Alarm or Sygate Personal Firewall, is it
>necessary for me to use one of these subscription services? I'd just as
>soon not obligate myself to yet another monthly bill. Also - which is the
>better free firewall, ZA or Sygate? I've used both at one time or another
>and liked them both. Thanks in advance! ....Pam
>

On 16-Sep-2005, Jeff Liebermann <(E-Mail Removed)> wrote:

<snipped>
> That means use a VPN to download your mail
<snipped>

Please explain how to do this. Current personal setup is as follows:

Windows XP PRO w/ SP2
Roadrunner (broadband) is the ISP
PC is the HP Pavilion dv4170US
Wireless Router is D-LINK DI-624 rev c (firmware v. 2.70)
Wireless card is Intel Pro 2200 BG
Wireless Config is Intel Pro/Set 9.0.2.1

Even though there are 4 PCs connected, via ethernet cable to DI-624 and 3
notebooks are connected wirelessly, I do not use Windows Internet Connection
Sharing. Now, based on your comment above, is it possible to download my
email messages from my ISP, via VPN, while using my wireless notebook pc? If
so, how?

--
Just Me, D

On Fri, 16 Sep 2005 09:33:20 -0300, Derek Broughton
<(E-Mail Removed)> wrote:

>If you
>_do_ use different passwords, how do you remember them?

I only try to remember the ones that I use constantly. For the rest,
I have my ever growing list of passwords printed on 4 pieces of paper
from an Excel spreadsheet. The spreadsheet is in an encrypted
filesystem on my PC and on a USB dongle. No way do I store it on my
PDA or cell phone. I'm not worried about losing the encrypted
spreadsheet or dongle, but the printed version is a problem. If I
ever lose that, I'm toast as it also contains my customers passwords.

>> Do NOT use a password twice. Do not send unencrypted passwords over
>> the internet. That means use a VPN to download your mail or use
>> encrypted webmail (i.e. Squirrel mail) to read online.

>That's a little extreme

Which is extreme? Not reusing a password twice or using an encrypted
pipe to get and send your email? I do both and have few problems.

>(and you must have meant "e.g.", not "i.e."

Correct. I'll review my Latin abbreviations when I have time.

> - there
>are any number of secure web mail solutions - even Hotmail encrypts the
>password dialog). Many people don't have access to VPNs and Web mail is no
>solution for someone who gets a lot of email. Most mail servers now can
>use TLS for secure login, and most mail clients can also. TLS is a fine
>alternative and if your ISP doesn't provide it ask them why not. If you
>don't have a clue how to set up your email to use TLS, call your ISP's
>support line and ask them.

Good advice. TLS (transport layer security) is an incompatible
extension of SSL. However, I still see a substantial number of ISP's
that offer unencrypted POP3 logins for email. I would be gratified if
they would dump these in favour of more secure solutions. Not one of
the local ISP's currently offers TLS email security. A few offer VPN
terminations (PPTP or IPSec). One offers nothing but POP3. If the
locals are any indication of the general status, we have a long way to
go. The good news is that the high volume ISP's (Yahoo, Hotmail, AOL,
Earthlink) all have encryption features.

>> The list of
>> programs that send logins and passwords over the internet in the clear
>> is extensive so be careful.

>I've been planning to close a security hole on my system for too long, and
>this has prompted me to get with the program...

I spent much of last night interrogating a customer for the names of
all her important online accounts. Her sole password was leaked (by
her daughter at college borrowing her mom's email account) and was
used for a small Paypal test purchase. She caught it in time and we
got to spend a dull and boring evening changing ALL her passwords. In
the process, we found a few online store accounts that had the
attached email address changed and was in the process of having the
password change confirmed. She's going to take the day off today and
call or email all these vendors and try to reclaim the accounts.
Also, a review of all the important financial accounts to verify that
nothing as gone astray. This is about the 4th time I've personally
seen such a mess precipitated by a lost common password.


--
Jeff Liebermann (E-Mail Removed)
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558

On Fri, 16 Sep 2005 16:45:51 GMT, "Doug Jamal"
<(E-Mail Removed)> wrote:

>
>On 16-Sep-2005, Jeff Liebermann <(E-Mail Removed)> wrote:
>
><snipped>
>> That means use a VPN to download your mail
><snipped>
>
>Please explain how to do this.

Your unspecified ISP has to provide the VPN termination at their end.
You'll need to contact them to see if they offer the service. You
can't do it with just your end of the puzzle. They need to provide a
VPN termination.

You then install a VPN client on your end, or use the Windoze supplied
PPTP or IPSec client. I'm currently using the Cisco VPN client.
There are also SSH, SSL, and TLS solutions.

>I do not use Windows Internet Connection
>Sharing.

Good.

> Wireless Router is D-LINK DI-624 rev c (firmware v. 2.70)

This has VPN passthru for both IPSec and PPTP. That should work.
However, I can't seem to determine how many VPN tunnels can be
simultaneously passed through the router. Hopefully, it's more than
one.

>Now, based on your comment above, is it possible to download my
>email messages from my ISP, via VPN, while using my wireless notebook pc?

Sure, but there's a problem. Most VPN's will change the default route
to the terminating server and block local LAN access. That's to
insure that one of your other machines on your home LAN does not
bridge through your computer, through the VPN tunnel, and into the
network at the other end. Only your machine goes through the VPN.
The result is that you're effectively disconnected from the rest of
the LAN and internet while connected to the VPN. There are ways
around this but it is a potential problem.

As for your question, the purpose of the VPN is to provide a secure
tunnel between you and your ISP. Of course you can read your email
while connected in this manner. A VPN may be overkill for just email
security. It's generally used to provide a secure tunnel for access
to ALL the resources at the terminating end. If I connect to my
palatial office, I can see all the servers, shares, and printers from
network neighborhood. That's a bit too much for just checking your
email. Simply encrypting the email and passwords would be sufficient
without encrypting everything.


--
Jeff Liebermann (E-Mail Removed)
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558

Thanks Jeff. I really appreciate your help and advice. Take care.

--
Just Me, D