Slashdot Mirror

← Back to Stories (view on slashdot.org)

Network Security While Traveling?

Posted by kdawson on from the moving-duck dept.

truesaer writes "I'll be spending all of next year backpacking through South America. In the past I've used Internet cafes while away, but this time I plan to bring a netbook and rely primarily on Wi-Fi hotspots. I'll be facing the same issues and risks that business travelers in hotels and airports face, as well as those encountered by millions of other backpackers, gap-year travelers, and students. Since my trip is so long I'll have no choice but to access my banking, credit card, and investment accounts on public networks. I will not have a system at home to connect through. Other than an effective firewall, a patched system, and the use of SSL, what else should I do to protect my information? Keep in mind that many places have very poor bandwidth and latency."

10 of 312 comments (clear)

  1. dm-crypt by tetromino · · Score: 5, Insightful

    All network security is for naught when someone can just steal your netbook and read all the passwords and form data that firefox helpfully remembers for you. You have to make sure that your firefox profile directory (as well as all other confidential data, like passwords and bank statement pdfs) is stored on an encrypted block device. On Linux, a loopback device encrypted with dm-crypt works well.

    1. Re:dm-crypt by iron-kurton · · Score: 4, Insightful

      Banking passwords should be memorized and never, ever, EVER written down or saved (and that includes firefox too). So when (not if) someone steals his netbook, he won't have to worry about them having his passwords (even if encrypted).

      --
      Change is inevitable, except from a vending machine -- Robert C. Gallagher
  2. Re:OpenVPN by Anonymous Coward · · Score: 4, Insightful

    Most Ask Slashdot problems are solved by throwing out the most ridiculous requirement. Usually this is because the poster has logic-ed themselves into a blind spot. The classic where-are-my-glasses-I've-searched-everywhere-oh-here-they-are-in-my-hand kind of a thing.

    In this case, the "no system at home" requirement is the offender. Just set up an old linux box with a friend, and like the GP said, VPN to it. You do have friends, don't you? Family? Non-tech savvy coworkers who won't question that computer case with the post-it note that says DO NOT DISCONNECT?

  3. Privacy has some monetary cost, just like travel! by gilgongo · · Score: 4, Insightful

    "I will not have a system at home to connect through."

    Then get one if you're concerned about your privacy. Really, are your bank details not worth ten or twelve bucks a month for a virtual server somewhere?

    --
    "And the meaning of words; when they cease to function; when will it start worrying you?"
  4. Any VPN provider will do by fluch · · Score: 3, Insightful

    I've tried SwissVPN (http://www.swissvpn.net/) and had good experiences (about 6$/month on a prepaid basis, no limits).

  5. Re:are you sure you're asking the right question? by agnosticnixie · · Score: 4, Insightful

    Backpacking through south america doesn't mean OP is spending 5 months in the middle of the Amazon. Besides, how does internet access limit it? Oh, right, it doesn't. And phones aren't technology? Is this slashdot or some sort of faux-luddite assembly.

  6. And the assumptions continue! by Tsar · · Score: 3, Insightful

    When you're backpacking through South America, "at home" can mean anywhere in your country of origin or current residence. That covers anything from a $100/month blade server at a hosting company to a $30 dd-wrt router in a friend's basement. Either way, please keep the ad hominem attacks out of it, okay? We're all just trying to help here.

  7. Re:Phone banking? by nacturation · · Score: 3, Insightful

    My credit union still has a system for doing much of my banking over a phone line. I'd rather take my bets on the security through the phone lines than the interwebs.

    Because touch tones are so much more difficult to intercept than 128 bit SSL secured connections??

    --
    Want to improve your Karma? Instead of "Post Anonymously", try the "Post Humously" option.
  8. Re:Some Advice by AK+Marc · · Score: 3, Insightful

    And it's so silly it's insane. For #3. If that's the issue, just get a bootable DVD and run your OS from there. Every boot is a clean install of the OS, unless the compromise your BIOS or something. It's like #3, but a whole lot less trouble. If you want, store stuff to the HD, and don't run files from it, and when you get back, toss it in as an extra disk in a system, scan the files, and you have your pictures or whatever you wanted. But they can't compromise an OS on a DVD.

    Or #1. SSL to a bank site is insecure, but SSH to your home system is more secure? By a difference enough to make it worth the trouble setting it up? Really?

    #5 What keys? He knows his passwords. He has sites like Bank of America where they authenticate themselves to him with pictures to make sure he's on the right site, so he's not getting fished. Maybe have a DNS server of his own manually coded, and could even run occasional traceroutes to make sure there isn't something doing a DNS redirect. But to have to carry keys with you to check a couple secure sites? Overkill.

    #6. You think a virus will infect your machine, and a reboot will clear it? Then we should be free of viruses everywhere on the planet if we just all reboot our computers at midnight tonight. And this is the guy you are claiming is informative? Reboots as a security measure? And if you are worried about resuming from suspend, put a stupid password on it. There isn't much commercially available that will beat that (in terms of gaining access to the contents of RAM, programs open and such, not in terms of compromising the machine). Sure, if the US government were after him and willing to spend millions, I'm sure they could read the RAM state of a computer without logging in after a resume.

    #7. Irrelevant to the issue of keeping his bank account secure. Sure, they'll get his computer, but if you have the governments start breaking into people's private bank accounts across international lines, they'll be opening a huge can of worms. That's a completely useless piece of advice in terms of protecting the account details he types into the computer for the bank sites and bills he was talking about. Unless you are worried Chile will break into his phonebill and pay it.

    --
    Learn to love Alaska
  9. Re:SSH & SOCKS Proxy by tlhIngan · · Score: 3, Insightful

    That's a good thought, but the problem is that tunneling TCP over TCP (such as HTTP over SSH) is subject to the TCP retransmission cascading effect, a.k.a. TCP-over-TCP meltdown, which is particularly likely to be a problem for him given the kind of Internet connections he may be stuck with on his travels.

    Except SSH tunneling or SOCKS proxying (over SSH) don't do TCP-over-TCP. Instead, using an SSH tunnel, the application creates a TCP connection to localhost, the SSH program then takes the data from that connection and forwards it to the destination over its own TCP connection, where the SSH daemon makes a connection on your behalf. No TCP-over-TCP, just handing data over multiple TCP links.

    Ditto with a proxy - the app connects to the proxy server, the server makes a new connection on your behalf, and bridges the data between your application and the destination.

    In fact, if you can properly buffer the connections, this can lead to higher throughput as a high latency link can be hidden by the proxy servers which locally ACK the packets, and the high-latency link can have data blasted through with different TCP settings that allow for high bandwidth-delay products.