Slashdot Mirror
Network Security While Traveling?
truesaer writes "I'll be spending all of next year backpacking through South America. In the past I've used Internet cafes while away, but this time I plan to bring a netbook and rely primarily on Wi-Fi hotspots. I'll be facing the same issues and risks that business travelers in hotels and airports face, as well as those encountered by millions of other backpackers, gap-year travelers, and students. Since my trip is so long I'll have no choice but to access my banking, credit card, and investment accounts on public networks. I will not have a system at home to connect through. Other than an effective firewall, a patched system, and the use of SSL, what else should I do to protect my information? Keep in mind that many places have very poor bandwidth and latency."
I would recommend purchasing a shell account from a reputable host that will allow you to tunnel your internet traffic over an SSH tunnel/SOCKS proxy. It's really easy to set up using Putty or OpenSSH.
All network security is for naught when someone can just steal your netbook and read all the passwords and form data that firefox helpfully remembers for you. You have to make sure that your firefox profile directory (as well as all other confidential data, like passwords and bank statement pdfs) is stored on an encrypted block device. On Linux, a loopback device encrypted with dm-crypt works well.
So it needs to be said regardless, but I feel VPN probably should have sufficed.
There are two solutions to this issue:
a) Do it Yourself!
In this scenario, the individual purchases a term contract with a hosting provider and proceeds to install a VPN solution. This is the most flexible plan available and can be achieved for roughly 10$ or less per month (plus domain costs). The down side to such a solution is that if there is maintenance that must be performed there is really only one mechanic. (unless the mechanic has very good friends or if he is a heartless bastard with no relations to the external world then perhaps a fellow slashdoter will land the man a vpn solution. Never mind he is a freeloader... roaming from country side to country side... possibly infecting your server... and you were just trying to be a nice guy. shame on you)
b) Rent a VPN!
There are countless VPN solutions available for seemingly random values. I have little doubt that an equally cost effective solution can be found. This has the obvious advantage of not having to maintain the VPN solution. The obvious con when compared to solution "A" is that there is certainly no flexibility in this offering. You get what you get. With the economy falling into the virtual comode it is quite likely that any business you place your trust in will either lose all of your information or sale it on the black market. By the time you return you will likely be spammed, identity thieved and otherwise placed with the very best experiences the awful inky darkness that is the bad side of the humanity offers.
Invariably there will be suffering no matter what option you choose.
Regardless, ensure your netbook is protected and if you may wish to utilize a solution I myself rather enjoy. In rather horrible untrusted networks I rely on a lovely Fedora live distribution over usb flash. It doesn't offer much in the way of persistent storage, but for one time transactions it's quite useful.
"You should always go to other people's funerals; otherwise, they won't come to yours." -- Yogi Berra
If someone is truly smart enough to crack your system and steal your bank account info - when you are a fairly intelligent tech-savvy guy who uses SSL and won't just click the first open wifi network that pops up like 90% of the population would - what the heck are they doing in the jungles of South America where maybe 5 students with negative bank balances pass through every year? "The same issues and risks that business travelers in hotels and airports face, as well as those encountered by millions of other backpackers, gap-year travelers, and students". Do you honestly think 99% of them have a clue? And yet 99% of them make it home perfectly fine. As someone with an above-average IT security knowledge, you will be fine. Seriously, while I don't advocate writing your bank details in 10-foot high letters of fire on Macchu Picchu, the chances of anything happening are infinitesmal. By the way, South America is awesome to backpack through. And not being tethered to the Interwebs is a good thing.
I'd tell a UDP joke, but you may not get it. I'd tell a TCP joke, but I'd have to keep repeating it until you got it.
I just returned from my backpacking trip. So here are my tips... If you are using your own laptop, an effective firewall, a patched system, and the use of SSL is all you need. Since you are posting on Slashdot, I assume you are capable of keeping your own laptop clean and secured. In reality the risk of someone stealing your laptop is much higher than the risk of anyone breaking into your laptop, so... 1) Some sort of chains/locks on your backpack is much more important than a VPN. 2) Do not store any password, sensitive documents on your laptop. In case it will be stolen later.. 3) Keep backup of important documents (e.g. scan copy of your travel insurance) in a gmail account... 4) Do not keep all your vacation photos in one laptop, copy it to CD/DVD/cheap USB devices and send it home every few months. 5) Bring a USB drive and backup everything on your harddrive (including your vacation photos), store the USB drive in a different location (e.g. inside your main backpack) If you are really desperate and have to access your bank in an internet cafe, here's what you can do... 1) To make it harder for key loggers to steal your password, scramble your url/password using your mouse. e.g. if your password is ILovePizza, you can type IHatePizza, highlight the word "Hate" with your mouse, click delete and type "Love" instead. It's not 100% secured, but it's better than nothing. 2) As soon as you reach a safe location, change your password.