In <ecfa260c0908050445l7c843b7qe4aef32632547...@mail.gmail.com>, Zachary Uram wrote: >2) How do I make my laptop more secure so others on wifi network can't >steal or sniff my packets?
That depends on the security used by the network, which is not a choice you make when connecting to it, but rather a choice made by the entity that provides the network. If the wireless network has no security, packets are basically plain-text. Don't do anything over this network that isn't public or end-to-end secured (ssh, ssl, tls, vpn, etc.). If the wireless network has WEP security, packets are encrypted, but in a way that is trivial to break. Anyone that wants to put in some effort can see your packets. Treat this the same way you would a network with no security. If the wireless network uses WPA, you might be safe. There are some fairly sophisticated attacks against WPA personal, that don't require much resources besides time. So, treat those networks has if they have no security. However, WPA enterprise and WPA2 are still secure at this point in time; you can trust that an attacker can't see your packets between your radio and the AP's radio. However, NO wireless security protocol can protect you from packet sniffing at or *behind* the AP. If the entity that provides the network is a potential attacker, you must use end-to-end security (ssh, ssl, tls, vpn, etc.) for anything not public. BTW, self-signed certificate != end-to-end security, it is trivial for an attacker to perform a man-in-the-middle attack. Actually, that's true for any certificate that doesn't already have chain of trust to your trusted certificate authority stores. It's also true for any ssh/vpn "fingerprint" that you haven't approved over a secured link. If you get a trust/don't trust prompt over a non-trusted network, DO NOT TRUST! -- Boyd Stephen Smith Jr. ,= ,-_-. =. b...@iguanasuicide.net ((_/)o o(\_)) ICQ: 514984 YM/AIM: DaTwinkDaddy `-'(. .)`-' http://iguanasuicide.net/ \_/
signature.asc
Description: This is a digitally signed message part.
