Total Security

[freshpoint]

I have to admit I'm a total noob when it comes to securing my personal network. I use a router and zone alarm firewall along with OpenDNS to try and have some sort on security.However after watching the show yesterday and seeing just how easy it is to get someones username and password I was floored.I had no idea it was that easy and since I use online banking it makes me wonder how safe it really is if you can just intercept the infomation that easily.I have gone to GRC and done port scans and it says my computer is in stealth mode, but is it really?

My question is how do you totally secure your connection or is that even possible? Thanks for any advice.Love the show by the way even though most of the time I haven't a clue what the hell your talking about.

[Sparda]

You can avoid SSL Strip attacks by ensuring that you only ever submit your username and password over SSL. You can enable firefox's "submitting data insecurely" warning, but that's pretty annoying as every web site that has a form and doesn't use SSL will set it off. You could install https://addons.mozilla.org/en-US/firefox/addon/11894 but that's basically the same but it looks for a password field on the page before giving you a warning.

The internet is very insecure (generally). If you are worried about people listening on your internet traffic at your ISP level or at your home, you can use VPN services to get you on the internet, but then some one who is listening to the VPN provider will get all your traffic, and the VPN provider is probably a bigger target than you because of the service they provide.

You can use TOR which is basically a decentralised anonymising network with some VPN functionality. Trouble with this, any one can run a exit node, and can continually be running SSL Strip and TCP dump in the hopes of grabbing any passwords.

If you don't want to have security concerns, don't use the internet ;)

[Iain]

There's paranoia and there's paranoia. I think the chances of John Doe being snooped by a third party or their ISP on a regular basis is extremely unlikely. I'd have thought a VPN back to base would be sufficient for the vast majority of we "ordinary" users. Of course, if I were a highly secret government agency or linked to a major illegal outfit (drugs, kiddie porn, terrorism etc.), I guess that's where the efforts to monitor internet traffic would be concentrated (by the "bad guys" or the "good guys" respectively).

I understand Sparda's comment "If you don't want to have security concerns, don't use the internet" and it's similar to "If you don't want to get killed in a motorway accident, don't leave the house". The internet is here to stay and will become ever important in our day to day lives. We can only do so much to reduce any risk.

[freshpoint]

There's paranoia and there's paranoia. I think the chances of John Doe being snooped by a third party or their ISP on a regular basis is extremely unlikely. I'd have thought a VPN back to base would be sufficient for the vast majority of we "ordinary" users. Of course, if I were a highly secret government agency or linked to a major illegal outfit (drugs, kiddie porn, terrorism etc.), I guess that's where the efforts to monitor internet traffic would be concentrated (by the "bad guys" or the "good guys" respectively).

I understand Sparda's comment "If you don't want to have security concerns, don't use the internet" and it's similar to "If you don't want to get killed in a motorway accident, don't leave the house". The internet is here to stay and will become ever important in our day to day lives. We can only do so much to reduce any risk.

Thanks for replies,I'm not paroinoid at all I just didn't realise the ease of being able to get someones password and such. I am just tring to be as defensive as possible. So would you say that a wired network is much more safer than a wireless for home use? If your not broadcasting to everyone around you then chances are slim that anyone will know you exsit or is this a wrong assumption?

[Sparda]

Well, presently WPA encryption for wireless has no known 'easy hacks'. Wired connections will always be safer, that only stops localised attacks. If a router on the internet got compromised (for example) any one with traffic going through that router would have... problems.

[Burncycle]

Security is not about being impervious to attack, it's about not being the low hanging fruit on the tree. In other words, you can't be totally secure (it's impossible and a pipe dream) but you can make yourself less attractive to attackers. If you make your system (or data) more difficult to get at than your neighbor, an attacker will go after your neighbor because there is less effort involved.