wireless security

How secure is wifi for doing things like paying bills and personal banking?
Thanks




cheriha

cheriha <(E-Mail Removed)> wrote:

> How secure is wifi for doing things like paying bills and personal banking?

Your browser displays a padlock when you visit the banks site, doesn't
it?

cheriha escribió:
> How secure is wifi for doing things like paying bills and personal banking?
> Thanks
>

Security is achieved by encripting information at upper layers. So
confidence level should be determined by right encription algorithms.

On Fri, 06 Apr 2007 18:52:07 +0200, Àngel Català <(E-Mail Removed)>
wrote in <(E-Mail Removed)>:

>cheriha escribió:

>> How secure is wifi for doing things like paying bills and personal banking?

>Security is achieved by encripting information at upper layers. So
>confidence level should be determined by right encription algorithms.

True, and rather than just rely on the competence of your bank (which
may not be all that competent), my recommendation to use a good VPN
service as well; e.g., <http://www.jiwire.com/spotlock.htm>

--
Best regards, FAQ for Wireless Internet: <http://Wireless.wikia.com>
John Navas FAQ for Wi-Fi: <http://wireless.wikia.com/wiki/Wi-Fi>
Wi-Fi How To: <http://wireless.wikia.com/wiki/Wi-Fi_How_To>
Fixes to Wi-Fi Problems: <http://wireless.wikia.com/wiki/Wi-Fi_Fixes>

On Apr 6, 11:52 am, Àngel Català <ning...@null.org> wrote:
> cheriha escribió:
>
> > How secure is wifi for doing things like paying bills and personal banking?
> > Thanks
>
> Security is achieved by encripting information at upper layers. So
> confidence level should be determined by right encription algorithms.

HUH?

Repeating the usual spiel, I think that the answer for Cheriha is:

1)Make sure you are using WPA as your wireless security. Older wifi
gear doesn't have it, more recent ones do. Don't use WEP as a
substitute, it's older and can now be easily broken into.

2) Make sure that your passphrase is 20 + characters, random, mixed,
so it can't be cracked with a dictionary attack.

3) When you are banking, make sure that you are really at the site you
think you are at. Avoid email links and instead use your own, tested
"favorites" or just correctly type in the address.

-Check that it says "https" (with the "s") before the address when
you are banking.

- And make sure that it is spelled right. If you click an email link
to paypal.com and end up at http://www.paypalm.com then you might be
screwed. Happened to me once. It may look the same, but it's not
close enough. It's a fake site and will get your password and then
possibly your money.

cheers,
Steve

seaweedsteve escribió:
> On Apr 6, 11:52 am, Àngel Català <ning...@null.org> wrote:
>> cheriha escribió:
>>
>>> How secure is wifi for doing things like paying bills and personal banking?
>>> Thanks
>> Security is achieved by encripting information at upper layers. So
>> confidence level should be determined by right encription algorithms.
>
> HUH?
>
> Repeating the usual spiel, I think that the answer for Cheriha is:
>
> 1)Make sure you are using WPA as your wireless security. Older wifi
> gear doesn't have it, more recent ones do. Don't use WEP as a
> substitute, it's older and can now be easily broken into.
>
> 2) Make sure that your passphrase is 20 + characters, random, mixed,
> so it can't be cracked with a dictionary attack.
>
> 3) When you are banking, make sure that you are really at the site you
> think you are at. Avoid email links and instead use your own, tested
> "favorites" or just correctly type in the address.
>
> -Check that it says "https" (with the "s") before the address when
> you are banking.
>
> - And make sure that it is spelled right. If you click an email link
> to paypal.com and end up at http://www.paypalm.com then you might be
> screwed. Happened to me once. It may look the same, but it's not
> close enough. It's a fake site and will get your password and then
> possibly your money.
>
> cheers,
> Steve
>

Hi Steve,

I think point 3) doesn't concern wireless, it's a common question to
every access network. Of course, everybody should check this kind of issues.

On the other hand, your points 1) and 2) talk about wireless security. I
think it's a must to have a good wireless secure access in order to have
privacy between your computer and your access point. And that's the
point: wireless security protocols and tools protect (or at least they
try to do it) at the wireless channel, but when cheriha talks about
banking and billing I think that security should concern between user
(or user software) and remote server. And I try to guess that was the
question asked.

cheers,
Angel.

> Hi Steve,
>
> I think point 3) doesn't concern wireless, it's a common question to
> every access network. Of course, everybody should check this kind of issues.
>
> On the other hand, your points 1) and 2) talk about wireless security. I
> think it's a must to have a good wireless secure access in order to have
> privacy between your computer and your access point. And that's the
> point: wireless security protocols and tools protect (or at least they
> try to do it) at the wireless channel, but when cheriha talks about
> banking and billing I think that security should concern between user
> (or user software) and remote server. And I try to guess that was the
> question asked.
>
> cheers,
> Angel.- Hide quoted text -

Bueno. I am curious about all this myself as I often get asked this
question.

My main answer is: I understand that WiFi is as secure as a wired
connection to the internet ONLY IF you use WPA and a strong
passphrase. Correct, no?

After that, all the rest is the same as wired, no? The JiWire
hotspot VPN sounds like a good trick for security when on public wifi,
though it seems that it would be uneccesary for private LANs.

And, yes, my #3 point about avoiding phishing is unrelated to wifi.
Not the question asked.

I don't suppose it hurts to mention it as good practice. I was just
answering the same question yesterday for somebody on our LAN and
simply repeated myself. I bring it up because I understand that
phishing has been the security breach that actually affects the most
people in the past two years.

Saludos,
Steve

On 7 Apr 2007 08:27:07 -0700, "seaweedsteve" <(E-Mail Removed)>
wrote in <(E-Mail Removed) .com>:

>My main answer is: I understand that WiFi is as secure as a wired
>connection to the internet ONLY IF you use WPA and a strong
>passphrase. Correct, no?

Arguably even more secure, since many wired installations aren't
protected against someone tapping in.

>After that, all the rest is the same as wired, no?

Yes. And _not_ secure.

>The JiWire
>hotspot VPN sounds like a good trick for security when on public wifi,
>though it seems that it would be uneccesary for private LANs.

It increases security even for private LANs. Is that worth it?
I wouldn't buy the service just for that purpose -- instead I'd use an
ISP clueful enough to offer VPN (e.g., Sonic.net in Northern California)
-- but if I were buying it for public hotspot use, then I'd also use it
on my LAN.

>And, yes, my #3 point about avoiding phishing is unrelated to wifi.
>Not the question asked.
>
>I don't suppose it hurts to mention it as good practice. I was just
>answering the same question yesterday for somebody on our LAN and
>simply repeated myself. I bring it up because I understand that
>phishing has been the security breach that actually affects the most
>people in the past two years.

Yep -- never hurts to add good advice that's related to the basic issue.

--
Best regards, FAQ for Wireless Internet: <http://Wireless.wikia.com>
John Navas FAQ for Wi-Fi: <http://wireless.wikia.com/wiki/Wi-Fi>
Wi-Fi How To: <http://wireless.wikia.com/wiki/Wi-Fi_How_To>
Fixes to Wi-Fi Problems: <http://wireless.wikia.com/wiki/Wi-Fi_Fixes>

> >After that, all the rest is the same as wired, no?
>
> Yes. And _not_ secure.
>
> >The JiWire
> >hotspot VPN sounds like a good trick for security when on public wifi,
> >though it seems that it would be uneccesary for private LANs.
>
> It increases security even for private LANs. Is that worth it?
> I wouldn't buy the service just for that purpose -- instead I'd use an
> ISP clueful enough to offer VPN (e.g., Sonic.net in Northern California)
> -- but if I were buying it for public hotspot use, then I'd also use it
> on my LAN.


All this about the wired networking being insecure is something new to
me. I would like to know about it.

1) If we browsing at a secure site, then where is the exposure?
2) Can somebody on the WWW intercept the packets and read them?
3) I'm guessing that VPN keeps it secure up to the server that you are
connecting with. After that? ...Or how does it work?

I realize that this is OT and even "off-group" here and will check
elsewhere if you don't want to go into it...

Steve

On 8 Apr 2007 13:12:28 -0700, "seaweedsteve" <(E-Mail Removed)>
wrote in <(E-Mail Removed) .com>:

>> >After that, all the rest is the same as wired, no?
>>
>> Yes. And _not_ secure.
>>
>> >The JiWire
>> >hotspot VPN sounds like a good trick for security when on public wifi,
>> >though it seems that it would be uneccesary for private LANs.
>>
>> It increases security even for private LANs. Is that worth it?
>> I wouldn't buy the service just for that purpose -- instead I'd use an
>> ISP clueful enough to offer VPN (e.g., Sonic.net in Northern California)
>> -- but if I were buying it for public hotspot use, then I'd also use it
>> on my LAN.
>
>All this about the wired networking being insecure is something new to
>me. I would like to know about it.
>
>1) If we browsing at a secure site, then where is the exposure?
>2) Can somebody on the WWW intercept the packets and read them?
>3) I'm guessing that VPN keeps it secure up to the server that you are
>connecting with. After that? ...Or how does it work?
>
>I realize that this is OT and even "off-group" here and will check
>elsewhere if you don't want to go into it...

The exposure I had in mind is that someone might tap into a wired LAN.
I've seen this happen in companies -- in one case there was a neat
little wireless unit in the wiring closet connected to the wired LAN --
everyone just assumed it belonged there. I've even seen this happen in
residences (e.g., condos, apartments) where cables can be accessed.

That said, third-party VPN also increases security with regard to your
own ISP -- instead of most traffic passing through your ISP in the clear
(and thereby subject to easy monitoring), all of your traffic is
encrypted between you and the VPN provider (and thus can't be monitored
by or at your ISP). ALthough it's in the clear past the VPN provider,
that's probably a lower risk.

--
Best regards, FAQ for Wireless Internet: <http://Wireless.wikia.com>
John Navas FAQ for Wi-Fi: <http://wireless.wikia.com/wiki/Wi-Fi>
Wi-Fi How To: <http://wireless.wikia.com/wiki/Wi-Fi_How_To>
Fixes to Wi-Fi Problems: <http://wireless.wikia.com/wiki/Wi-Fi_Fixes>