wifi privacy software??

My wife and i have been using our e1505 at hotels, coffee shops, airports, and hospitals for surfing and checking on medical records (wife is a MD). It occurs to me that due to the sensitive nature of some of the info - patient medical records i might need some sort of software to protect our privacy on these public networks. We do run ZoneAlarm Free edition as a firewall.

Is there any type of software that will mask this info and who we are? Is that what zonealarm is doing? What else do we need and how do YOU keep private on these public networks.

 

while in zonealarm make sure the settings are at stealth mode. This will help make your computer not seen to any other network

 

If you're checking these medical records over the internet, I don't think a firewall will help you much at all; that's for protecting your computer against hacking attempts.

You are right to be concerned. I honestly don't know the most complete solution and I am curious about this as well, but I know that any traffic that you send to the Wifi router or that the router sends to you is publicly available. I think it would help if you enabled an SSL connection between you and the router and/or between you and the host website for the records. This way, someone else can still see the (encrypted) information but it'll seem to be garbage; only you and the other participant in the connection will be able to decode the information. Perhaps someone can give us further details on this kind of solution.

 

I'm afraid that djroze is correct to the best of my knowledge, the only way to encrypt the data is to send it over an encrypted network. The only real solution is to not use any un encrypted WIFI, or like djroze said, to use a SSL (encrypted) connection between you and the website which holds these records. - mind you i'd be suprised if this wasn't encrypted in the first place.

 

Yes, and maybe the privacy of the people whose medical records your wife is accessing? Seriously, she should not do this at all (_especially_ if she works for the VA) until she can be certain that data is secure. That means something like using an encrypted Virtual Private Network to connect the laptop to the computers which hold that data (so that the data is encrypted at all times when travelling between them). She also needs to be sure that every trace of those records is wiped from that laptop when she's done so that inappropriate people (e.g. you) cannot access them.

Are you in the USA? Your wife should talk to the HIPAA compliance officer at the facility where she works.

 

It's perfectly safe if you do something like a VPN connection to what you're checking online. Check with her office, and see if they offer a VPN connection of some sort (such as Mr. Foolish said), and possibly use a VPN + a remote desktop session of some sort to just connect to a computer that's physically secure at the workplace.
But this is over ANY internet connection, not just wireless. If you have the choice, use a wireless network with WPA or WEP encryption of some sort at the minimum.

 

While it does seem to make sense to use WPA or WEP if the choice is there, I think WEP won't even offer sufficient protection here (I'm not sure about WPA). Does anyone know if WEP and/or WPA protect users from each other? I think both are intended to keep 'just anybody' from accessing the network, but apparently WEP has already been broken and I don't know in detail how WPA works. Perhaps once you give the key to log on to a WPA network, your PC engages in an encrypted connection with the router (so that only you can read the data, regardless of its content or which website you're accessing). Like I said, I don't know for sure; does anybody else? Either way, that will unfortunately be up to whoever is providing your internet access, not you. :-/

 

WEP and WPA just keep people from looking at the traffic you're broadcasting. I can capture wireless traffic from a wireless network without ever being on the network, because they're sent to everyone around you.
Protecting users from each other, they're already on the network, so no, there isn't a protection from that, aside from a VPN or something similar that prevents you from decoding the packets that are sent over the local network and the Internet. But even those are hard to sniff unless they're broadcast packets.

 

it's irresponsible to do that over a wifi connection

in all honesty it's something the AMA would probably discipline her for doing

 

By "people" you mean those outside the network, right? So there's no user-specific encryption within the network under either of those standards, if I'm understanding correctly. You'd think a smart router would (perhaps by way of these standards) initiate a unique encrypted session with each user logged on so that any given user's information is private to the router.

 

...excepting if you're using a VPN, then there's really no way that anyone could do anything about it. All traffic is encrypted and secured, as much as possible. If that's not allowed, there shouldn't be remote access at all, and there should be a guard at the door 24/7 to their office that fingerprints everyone.

 

Yes. Within the network, with a VPN, the encryption runs from your computer to the VPN server residing within your workplace. Everything that touches a remotely public network is completely encrypted, and pretty secure. Basically, the smart router exists at your workplace, and you connect to it with an encrypted session, and the only people that can see the data are:
a) You
b) Anyone that happens to be on the VPN segment INSIDE the office
So that pretty much keeps it as secure as possible, while still being accessible.

 

Yeah; I understand the VPN concept, I just meant for the public routers and WEP/WPA encryption.

On a side note, this sort of goes along with what you said about "if VPN is not allowed, nothing should be allowed remotely at all..." - technically, if you are using any public router, even the VPN connection is not guaranteed to be secure. If the router is compromised, or if you don't know which router you're using (someone could just bring in their own and make it look like the router you're looking for, I think ) then you're vulnerable to a "man-in-the-middle attack". I assume that's a threat for a VPN connection as well as secure browsing; you might think you're securely connected to the VPN, but a compromised router could be communicating with the VPN on your behalf and reading all of your data. So as you mentioned, if they're *really* concerned about privacy, no untrusted access points should be used for any 'segment' of the internet connection all the way up to the VPN.

 

well - i just checked into this a bit. it appears it is all safe. It uses a secure tunnel - whatever that is (vpn maybe?) - to guard the privacy in terms of encryption. This system requires a login to access the web portal and another login to access the database/software. At that point it opens up a proprietary program (not ie or firefox) for the interface. So that leaves the patient data safe. this system was designed to let the physician access the hospital patient records remotely. i just wasnt sure how wireless played into this.

now - what about other transmissions - regular surfing etc. how do i keep the starbucks computer geek from knowing that someone with mac address xx.xx.xx.xx..... just ordered a thong for his wife at victoria's secret?

also for those interested - patient medical records are quickly going electronic. my wifes practice just implemented elec. med. records (EMR) recently. its basicaly a giant database that is mirrored on two machines. each provider gets a tablet thinkpad. all that data is sent wirelessly back and forth from the client tablets to the database wirelessly pretty much in real time. it uses voice recognition for dictation. thats alot of data flying about the office. im told its quite secure.

 

I would still argue that you're potentially vulnerable to a man-in-the-middle attack if you're ever using a public wireless access point. I'm no security expert, but I believe that it doesn't really matter how many times you put in a username/password combination or what programs are actually transmitting the data; as long as you (the "unwitting user", though you are indeed witting) accept a fake cert(ificate), the router can silently pass all of your messages through to the destination server without the server or you ever knowing the difference (and it can record whatever it likes). The odds of that are probably low, and if you know what to watch out for with the certificate then you should be able to protect yourself, but it's something to keep in mind as an inevitable issue with a public wireless network.

I think this is where you run into trouble - there's probably no way to avoid this unless there's some kind of unique encryption enabled between you and the router like I was mentioning above. So I guess you could

a) hold off ordering the thong until you get home
or
b) order one for the computer geek as well to keep him quiet.

This is probably considered secure because the only devices that know the key for the internal wireless network are those tablet PC's. They assume that all of these PC's are secure (which one cannot guarantee will remain true), and that since the only computers on the private wireless network are secure, there is no risk of inappropriate people viewing the medical data (because no intruder can see the traffic without that secret key).

 

So does this mean its a bad idea to use credit card over a ssl connection for online purchases at a wireless cafe? Your man in the middle argument whould hold true for ssl as well as vpn and secure tunnel right? makes using these wireless hotspots and hotel wireless networks kinda pointless if i cant ebay, paypal, buy online, check bank statements, work, or DL porn . seems like everything i do online has a sensitive nature to it in someway.

 

Ha ha ha - just make sure you don't upload the porn in place of patient records.

Well (and I have to preface this again with "I'm no expert", but...) I think the man-in-the-middle attack is a threat in any of those situations; most certainly SSL. However, it's not an unbeatable attack. When you initiate an SSL connection with a party (say, PayPal), they provide you with a signed certificate to say "yeah, you can trust me with your credit card information". Now, it's probably signed by someone like VeriSign, and your computer is probably already set to automatically accept it, since we implicitly trust VeriSign to ensure that the website is safe and legitimate.

What happens during a MITM attack is that the bad guy (say, the compromised WiFi router) provides you with a fake certificate. I think they could have it say whatever they want (PayPal, Inc.), but it won't be signed. Your browser notes, "Oh, golly...this isn't a certificate that I know I can trust!", so it asks you - "Hey Joe, this guy says he's PayPal. Should I let him through?" Now, if you've done your homework, you'll know what kind of certificate you should expect from PayPal, and maybe it's already configured in your browser. This is where you, as the user, have the power to stop this kind of attack - you can say "No, he's an imposter...and I have PROOF!", and that's where you madly wave around some Top Secret documents you have of the deep-seeded corruption of the wireless router (exaggerating here :-D).

Now, if you say "Yes, that's fine", like most people, you are telling your browser that it's okay to open an SSL connection with "PayPal, Inc.". The problem is that "PayPal, Inc." isn't really the PayPal you are aiming for - it's probably some fake-ness set up by the router. You've really just opened up a connection with the router, which will then get your login information and use it for whatever. Your router could *even* use your login information to actually log in to PayPal, so you can't trick it into revealing that it's a fake by giving it worthless login data. I remember an e-mail spoof for CitiBank recently that did something like this.

So the bottom line is, I think (think) if you're careful about which certificates you accept, you can safely shop online using SSL connections. That's not to say that you are ever 100% safe, but that's pretty darn safe as far as I know. You might find it useful to read up more on this and how to tell a fake certificate, but the general rule of thumb is not to just click yes to anything your browser pops up, because I believe that is the crucial step in the attack (and the only one you can be aware of, if it's performed correctly).

 

I think that your analysis of MITM attacks is correct. However, remember that in this particular case, hldr's wife has connected to that web portal many times, and likely in a controlled environment (at the hospital, where the local IT guys should be in control of all of the potential "middles"). It is quite possible that she has long since saved the certificate associated with the web portal. As long as the web portal doesn't change certificates (due to the certificate expiring, the hostname changing, or whatever), she would be safe from MITM attacks.

 

I'm not sure I quite agree, unless I'm misunderstanding you. If she had connected to the portal in a secure environment and saved the certificate, then the "real" portal connection would be considered trusted. However, the danger is still there if she unwittingly accepts a false certificate. The execution of the MITM attack isn't really related to the certificate on the web portal; the MITM can always just act on hldr's wife's behalf and get any new certificates necessary. I think it boils down to:

a) she may already be the victim of a MITM attack because at some point in the past she accepted a false certificate from such an attacker

or

b) she will (at some point in the future) have to accept a false certificate in order to become a victim of said attack. If no such certificate is accepted, there should be little to no danger of prying eyes getting the information.

If the actual portal should need to change certificates, either they will be signed by a trusted (according to her browser) authority, in which case she'll probably never be notified of the event, or else the new certificate will require her acceptance. In this case, she'll need to be able to tell that it's a legitimate new certificate from the portal and not a fake certificate from an attacker.

 

Of course, this isn't likely. It is almost certain that the first time she connected to that portal from that laptop, she got the right certificate, even moreso if the laptop was connecting from a secure environment.

Agreed. Let me add this as well: I am under the impression that you cannot accept a new certificate for a website without removing the old one by hand. I'm sure most web browsers allow you to do this (in IE, go to the "Content" tab then click "Certificates"). Still, it's extra work, and is likely to make someone suspicious. This means that having previously accepted a good certificate for a site would give some extra protection (though not perfect protection) against this sort of attack with regards to that site. Perhaps I am mistaken, but that's what I was thinking when I posted previously. Surely a user would have to do something explicitly to replace an existing certificate.

I think that in my last post, when I said she would be "safe from MITM attacks", "safe" was too strong a word. "Well protected" might have been more appropriate. Aside from that, I think we're in agreement.

 

I think I see why we're a bit out of sync. I believe that you would not have to remove the "old" valid certificate in order to install a "new" fake one. The reason is, your browser doesn't know that the site the router is serving up is supposed to be PayPal. You know that you meant to access PayPal, but the browser just queries the URL and gets back some data. In other words, I don't think your browser associates a URL with a certificate; it simply tries to open an SSL session with the other party, and the certificate in question for that session either is or is not valid (or trusted) according to a certain set of rules. If you've already seen that certificate (when it's actually PayPal), then there's no problem. But if you get some other unsigned certificate, even if the name is similar, I don't think your browser observes a conflict with your genuine PayPal certificate.

What you think about that claim probably helps to decide a), in that the Mrs. either would or would not have had to remove the valid certificate at some point in the past (after having installed it, which I agree, was probably done in a secure setting).

 

for my wife's med access. she logs onto a webstie with IE. once she enters her valid id and password then another program (not ie) opens a new window. the application that is opened then requires another (different) login and password. In the icon tray a icon appears and if you hover it says "(program name) secure tunnel" I dont think that ssl has anything to do with it - although i do believe it has its own encryption. Wether or not this is renewed each session i have no idea.

she uses this in her office, at home on the desktop, and now on her notebook over wifi from home. honestly, i can only think of one time where she used this on a public network to check a patient status. however she does take it on the road just in case, so i figured it was worth asking about. my home network is secured with all of the tips from the network guide sticky.

im no techno expert, however i have found this interesting as it seems more and more data (sensitive and not) is becoming airborne.

thoughts?

 

I'm no techno expert either, haha.

If you're hinting at the issues with the proprietary access program, I'm guessing the attacker would have to know whatever encryption or secure connection method was used to obscure that communication. This attack scenario is, of course, unlikely, and probably more unlikely with the proprietary software. However, I think the take-home message is that there are certain types of attacks (read: MITM) that can probably affect you no matter what program you're using for access, as long as the attacker knows how to intercept and mimic communications through that program.

In a sense, I'd imagine you're more secure in that the program is probably not widely known or used. On the other hand, it may not have the equivalent of a browser's ask-user-if-certificate-untrusted feature. If you don't know what's going on under the hood to ensure a secure connection, and if this type of thing is not enabled, then I think it's possible that you could be the victim of a MITM attack without any opportunity to avoid it or any knowledge of it. In other words, the program might just accept any certificate with a particular name for whatever it's doing, so an attacker could present a fake certificate, watch future communications, and the access program might never notify you of the untrusted environment.

 

I should add that the wireless comes into play here in a couple of respects:

a) other users might be able to see your traffic, whereas on a LAN they hopefully would not

b) you don't know what nodes your packets are travelling through on the way to their destination (which is true of any public access point, wireless or not, and even of your home connection after a certain number of servers).

The idea behind the safety of your home connection is that you trust your ISP and all of the nodes they control, and you trust that they trust whoever is managing the traffic beyond that (and you all trust the DNS servers). If you go to a public router, suddenly there's a node whose controller you do not know and/or trust, so you have less reason to be comfortable engaging in a secure connection through their facilities.

 

Actually, web browsers most certainly do associate a certificate with a particular server (not the whole URL, just the hostname). That's the whole point. The certificate includes the SSL encryption key which will be used to encrypt data to that server. Thus if you have an existing certificate with one particular encryption key, you need to remove it before you accept a new certificate with a new encryption key. You need to have the one and only one correct encryption key to communicate with that server. And of course, once you have the correct certificate and key, you can just store it and use it next time, which I'm sure is what most people (including hldr's wife) would do for frequently visited sites.

You're right, though, that a web browser wouldn't see a conflict between your stored certificate for www.paypal.com and a new certificate for www.paypa1.com (note the number "1" instead of the "L"). That's a genuine method of attack, though it's not a MITM attack, which involves the attacker intercepting and manipulating traffic between the client and the correct site. Still, if a person connects to some site and never gets a message about accepting a certificate, then one time they do get that message, I think that's likely to set off some warning bells. So having saved a certificate for a site still provides a sort of protection.

 

I think I agree with the second portion of your message; I can't say either way on the first part because I'm not knowledgeable enough in the field.

Another issue that might be of interest is something I read in a magazine article today, a comment about a "man-in-the-endpoint" attack. It's concievable that this laptop could have recieved, or will recieve, some sort of trojan that actually deals locally (read: from within the browser) with the SSL connection to the remote server. As the authors point out, technically the SSL is still working correctly, but we've assumed up to this point that "the laptop" is secure. Really, if you wanted to be quite careful, you might not assume that what you type on your keyboard is not being inspected before it reaches your network card. I'm guessing such a trojan could actually send account information through the browser to a remote site (probably travelling under your firewall's radar), all the while providing you with the "genuine SSL experience" (TM, but not really). Trippy, eh?