Security Questions

I should probably just admit in advance that I don't know much about networking (I'm a C.S. major, but a total noob at anything network related).

Anyhow, I just graduated college and no longer have a network to call my own. I'm accessing the internet through various (legal) wireless networks, mostly through local libraries so far. These places don't always provide much in the way of terms of use and at least once, when connecting, I've been warned that no encryption is in place and so others might be able to view my traffic.

Clearly, I need to get up to speed on network privacy and security, and towards that end I have a few questions, if you don't mind, which would help me in that direction (generic resources would also be welcomed):

1. How easy is it for others to access the packets my computer sends to a wireless router? I assume the network admins have essentially unlimited access, but what about others. What precautions should I take if I don't want something seen by others (my PayPal password, say)?

2. How much information about me and my machine does the network administrator have? I already know about MAC addresses (and how to change them), but what else do they know about my machine, my OS, my software, etc? How much access am I giving them by using their systems?

3. What are general best practices for people in my position? What do you recommend for security and privacy?


Thank you for any help. As I said, I'm a bit clueless right now, but I'm trying to rectify that A.S.A.P.

 

1)If the data is not encrypted,it's very easy.
2)MAC address is easy to obtain.I have seen a software which can be used t change it.I never tried it though.
3)Try to use a firewall and common sense(don't take this lightly )

 

Also use WEP or WPA for your wireless link.

 

Thank you both. Wirelessman, do you know of a good article or some such on that? I'm doing research now (starting at Wikipedia of course) but if you had anything more to the point I'd appreciate it.

Also, I like your signature; but I've often found the cost of ignorance to run rather high.

 

You are confusing the terms "network" and "wireless access point". Unless you are given domain logon credentials, you are merely accessing the internet via an open access point. There is no network administrator logging every keystroke and spying on your computer. You have absolutely no control over the encryption used/not used by the "hotspot", so don't worry about WEP and WPA protocols, unless you are planning on setting up a home wireless router. The best you can do in a public setting is to run a software firewall, disable all file and printer sharing on your computer, and be very careful when visiting websites that are not secure. All unencrypted traffic is easily intercepted and deciphered. You can safely do online banking from these spots, since the entire visit is encrypted (the little padlock on the bottom of the browser). However, I don't recommend doing it very often, but that's just me.

 

What is the use to disable "printer" sharing if you are in a public area?

 

If you are at home, which I'm sure you are planning to do, WEP or WPA are essentials, just google WEP/WPA and you will get a thousands links including wikipedia explaining what it is. WEP/WPA are security protocols bult within 802.11xx standard, and they are very simple to setup in your home router and your laptop wireless adapter. When you are at home you want to instruct your newtork to be "private", this way you can trust other computers in your home network link to yours through the router, but if you go our at the library for example, change that for "public", which the laptop will consider other computers in the network as untrusteable.

A firewall in the laptop is always a must to avoid intruders, and once again if you google it you will find many good articles about, I personally use the one coming with Vista, called defender, other prefer other applications like A-Zone, if you want to know the best firewall then I suggest you start another thread which I would call, what is the best firewall and why?, NBR geeks will give you an indigestion with all their suggestions and knowledge, take advantage.

How easy is to sniff you packets, especially when they are not encrypted? very easy, there are actually many applications out there to do so. But hironically it might sound, passwords or users id's or other personal data are more likely to be found in a garbage trash than sniffing your transmission.

 

Under XP, File and Printer sharing are one item. Under Vista, they are separate items. However, in a public hotspot, it's best (IMHO) to disable any and all sharing; if you can get out and share, someone can get in and have access to files and any printers that are currently installed on your machine and are shared.

 

May be in your XP, but in my legal copy of XP, I right click either on a printer or a folder separetely to share them.

 

I'm not talking about security/sharing properties on files or printers, I'm talking about network properties and protocols.

 

To me there is just one way to share, which is the way I described above.

 

Ok, let me try to explain how sharing works. Before you can share files or printers, you must enable sharing in the Network and Sharing Center (Vista), or you must enable File and Printer Sharing in the network adapter properties (XP). If you do not enable that, you cannot share files or printers, because the operating system will not allow users to access your system. Once the global sharing properties are enabled, you can then share files and folders, other than files that reside inside protected account areas, like the My Documents folder in XP.

 

One other thing - if you turn off sharing for one directory, but you have file sharing enabled, I can access your computer's C drive and have full access to all of your files. It is a very easy process, one that I use on my home network all of the time.

 

Even though I don't have the folders shared?

 

Thank you Kegobeer, you were right, I did have those two terms confused and was only talking about connecting to a hotspot.

And yes, I understand that there's nobody logging my every key-stroke, but I was wondering how much information I give the hotspot's owner when I connect (after connection, I know that they could see my traffic, but not most of what's actually going on on my machine--my question is precisely how much information I give to them by signing on). I know they get my MAC address, do I send anything else with it?

 

Yes, even if you don't have the folders shared. Drives are shared out automatically, called administrative shares. It's easy to access, using C$ instead of C.

sitontheedge - The hotspot owner, using just the router, will see your computer name and MAC address, but that's about it. It's not the hotspot owner you should be worried about, it's the guy sitting next to you who's capturing all of your unencrypted data.

 

A bit off-topic, sitontheedge, but just exactly what does a CompSci major learn these days?

 

I had a feeling this might come up (I'm probably reflecting rather poorly on my discipline here, ). For the record, the reason I mention my background at all is to let people know that they needn't give me dumbed down answers, since I suspect my question might otherwise give that impression.

In my C.S. program the main focus was largely on conceptual issues and software development. We did a lot of programming, and most programming was done either C++ with a couple classes in Scheme (a lisp variant) for pedagogical reasons. This work was generally conducted in a linux environment, so we inevitably became somewhat familiar with that as well. At the theoretical level we learned the fundamentals of algorithm design and application, mathematical theory of computation, operating system principles, and learned about a computer's operations at every level from basic circuitry on up through assembly language and operating systems. (There was a class on network applications, but I didn't take it.)

The interesting thing about all this--and something perhaps you've picked up on already--is that a C.S. major doesn't necessarily impart a great deal of everyday knowledge of contemporary, end-user computing. The two often go together; but, at least in my program, this seemed to have more to do with the type of people taking classes than with the classes themselves.

I should add that networking is a special blind spot for me; I'm less clueless in other areas. This is because I never had access to the Internet or even a local network while living at home, and I lived at home through college. My coursework was mostly done on the college network, which I wasn't really in any position to monkey with. This meant that I've never worked with internet connections or networking on my own machines before.

 

I hope it did not come off as critical; it was not meant that way. It was an honest question. I have several degrees, undergraduate and graduate, but last took formal university computer science coursework in the early 1980's. Since then I have, of course, taken periodic ongoing specific coursework and worked. When I have been looking to hire managers or evaluate non-managerial candidates it has become increasingly difficult to find candidates directly out of school. Those who have worked for a few years after graduation, preferably at more than one company, usually stand out more. Thinking back on my early years, this probably has not changed much. Moving around to get ahead and to learn more. Still doing that these days.

 

Don't worry, no offense taken. If anything, I'm a bit self conscious because I'm aware of some glaring gaps in my own knowledge.

Do you mind if I ask what specific skills or types of knowledge especially recommend a candidate to you? I'm currently looking for entry level computing jobs and could likely stand to improve my resume.

 

What are the next two jobs you want, after this entry-level job? The answers to that question may well change over time, but it is a variant of a question I often ask of candidates at any level.

While there is a certain level of knowledge expected at the entry level, styles of how problems are approached, how one works with others, how one approaches learning, leadership skills, what one does with their non-work time, and enthusiasm and attitude are better indicators of success.

Another way of looking at it: below average staff ignore problems; average staff bring problems to their manager; superior staff bring their manager solutions.

 

Other things you might want to consider to make your connection to a hotspot secure are;

1. Use VPN (this protect your personal data (e.g e-mail) only, web browsing is done through the ISP and it is unsecure)
2. Use a firewall
3. Use an antivirus and antispayware
4. Use encryption for your file transfert
5. Use a company HTTP proxy server (this protect your personal data and web browsing)

 

And the darn-fool geniuses just find a way to make the unproblemmatic problemmatic!

 

I personally think, the boss creates the problem and ask the geniuses to fix it, the geniuses consult the viewpoint of the superior staff and the superior staff pass it to the average staff who at its turn gives it to the below average staff, then since there is no another person below and that your job review is coming up and that we have already threated you with possible layoffs to keep you working hard 24/7 and be paid for 10/7, then the below average person find the solution, then it passes it to the average staff who gives it to the superior staff who gives it to the GENIUSES who will take the WHOLE credit. Then the boss applies the solution but forget it afterwards and he starts the whole process again