Parents want to do online shopping, banking from free wifi spots, how to secure?

topcat989

topcat989

Extremely [H]
Joined
Jan 2, 2001
Messages
32,925
First off, I read the faqs and searched for "wireless security" and couldn't find the answers I needed.

My parents will be traveling, and they each have new laptops running windows vista. They need to check emails, surf, and unfortunetly do shopping and online banking, and do it from unsecure free wifi spots like in hotels, airports, starbucks, etc.

I'm at a loss. Any help here? I simple "just don't do it" won't fly. They will be on the road, and they need to have access to bank accounts, etc. That criteria simply will not change, so I need help as to go about making the best of what I have to work with.

As always, your time and advice is really appreciated.:eek:
 
I wouldn't recommend it or do it personally (and honestly that is IMO the right answer if they need banking do it by phone), tell them to use wired access at their hotel?
 
Well, seeing that wireless packets can be easily captured, you are taking a risk. Given enough time and resources, anything can be cracked.
 
I would setup a VPN at some central point, and have them do their work over that. OpenVPN comes to mind.

Still a horrendous idea however. Make sure they have an AV and firewall protection.
 
Sorry pal but it's not the best thing to do. The chances of something actually happening aren't likely but it's a high enough risk that would make people want to avoid it. I myself wouldn't consider it... I would recommend they find some alternative through a wired connection but if it's absolutely mandatory, make sure the security settings on the laptops are set to a max with a good anti-virus program, solid spyware protection, etc. There are enough cases of hacking that happens to make anyone scared of doing it... I wouldn't risk such critical information.
 
XOR != OR said:
I would setup a VPN at some central point, and have them do their work over that. OpenVPN comes to mind.

Still a horrendous idea however. Make sure they have an AV and firewall protection.
Click to expand...


Couldn't have said it better myself.
 
thx for the replies. As far as VPN, I was under the impression that it had to be setup at both ends, such as exectutives who logon from the road to their companies, where the VPN is configured on their laptop and configured on the company computers. My parents are retired, and will be traveling, and they WILL need to access the internet to do their finiancials, (ironically one of the reasons they are so adiment about logging on and checking their bank and credit card accounts is to look for signs of ID theft. These folks are old school, and worked very hard, more then you can imagine, for their money, and have heard ID theft horror stories. They don't do well banking by phone, they will do it online, reguardless.

I have them setup with good firewall and AV , antispyware (although don't be shy about mentioning your specific recomendations for those) I think I'm not so worried about when the packets get onto the net, but how to protect them from their laptops to the AP. I'm more concerned about a script kiddie with a laptop at the same wifi spot with tools to snif the wireless traffic. How do I keep him from reading the packet that contains say, the bank login info? What sucks is that it seems the vast amajority of these free access points are completely unsecured, they either have NO encryption or use the weakest one, WEP instead of WPA. :( *sigh* help me obi-one........:(

PS - I appeciate the help - I am on a real time crunch and just do not have the time to research properly
 
Spectre said:
I wouldn't recommend it or do it personally (and honestly that is IMO the right answer if they need banking do it by phone), tell them to use wired access at their hotel?
Click to expand...

at places where their is a choice I will tell them to use wired access instead of wireless. I wonder how that is setup for cecurity though? is it possible for other hotel guests that are hooked to the wired access be able to port scan my parents laptops?

anyways, unfortunetly there will simply be too many instances where they will only have the internet through wifi hotspots as in hotels, coffee shops, etc.

How to deal with that?:confused:
 
topcat989 said:
at places where their is a choice I will tell them to use wired access instead of wireless. I wonder how that is setup for cecurity though? is it possible for other hotel guests that are hooked to the wired access be able to port scan my parents laptops?
Click to expand...

Yeah other people could, they are still going to want to take the usual precautions and have the usual defenses (firewall, strong passwords, limited accounts, etc) but it is a hell of a lot better than wireless.

anyways, unfortunetly there will simply be too many instances where they will only have the internet through wifi hotspots as in hotels, coffee shops, etc.

How to deal with that?:confused:
Click to expand...

They are old school and they don't do banking by phone well? Seems they would do that better since it is a technology that would be closer to their frame of reference....at any rate that is usually how I handle it when I travel. Luck.
 
There might be some companies that do managed VPN services catered to users who roam public WIFI hot spots. Someone here may have some recommendations for that. In general, you're gonna need some kind of a VPN because it's very easy to sniff out traffic on a wireless network.

As far as other protections, I'd have them get a credit monitoring service. Their bank probably offers it for a few bucks a month. See if their insurance company provides identity theft insurance. I know some people who have purchased this, and ended up needing it. Further more, have them use American Express Travelers Checks, or I think AMEX also has Travelers Cards now. If they are going to be using an ATM or Debit card, make sure it's not linked to their savings account or main bank account. Some banks will automagically withdraw money out of your savings account if you overdraft a checking account. Today, many credit card companies and banks that issue Visa/Mastercards to their customers will be more than happy to note on your account that you're traveling, and a lot of them actually recommend that you let them know when you are. It may be wise to have your parents call the CC Company/Bank and let them know what their travel plans are, so A) their card doesnt get locked for suspicious but legitimate activity, and B) the company can better monitor the account for real suspicious activity. And finally, you can take a Sharpie and write on the back of your cards "CHECK I.D." I realize that a lot of merchants dont even check the back of the card, but it only takes one.
 
Spectre said:
Yeah other people could, they are still going to want to take the usual precautions and have the usual defenses (firewall, strong passwords, limited accounts, etc) but it is a hell of a lot better than wireless. .
Click to expand...

thx, i'll be sure to stress using wired whenever possible........however.........



Spectre said:
They are old school and they don't do banking by phone well? Seems they would do that better since it is a technology that would be closer to their frame of reference....at any rate that is usually how I handle it when I travel. Luck.
Click to expand...

I't's all about the visual. The phone is a PITA with wait times, menus, etc. Where online they just click the account and get all the info right there in front of there eyes. They won't do phone, sorry.
 
topcat989 said:
thx for the replies. As far as VPN, I was under the impression that it had to be setup at both ends, such as exectutives who logon from the road to their companies, where the VPN is configured on their laptop and configured on the company computers.
Click to expand...
That's normal, yeah. It doesn't have to be fancy though; You can run openvpn on your home system, for instance, and they can run a properly configured client on their end, then forward all of their web traffic through your connection over the vpn.

It's a bit of work, setting it up and learning on how openvpn works( but far less, it's worth noting, than learning something from cisco ), but once you've got it, it will typically "just work" from that point on.
 
Could they not be relatively certain that their information is secure as long as they are using a financial institution that has implemented safeguards such as SSL, if they use a complex password, and if they change said password at regular intervals, etc?

As long as NO data is sent unencrypted, this especially applies to the login (username/password), then even if someone did obtain this information they could not do anything with it.

Obviously, depending on how paranoid they are and how well they trust their financial institution, then the above suggestions would obviously be more appropriate.

The online shopping however is a different matter, I would not personally trust any online retailer to properly secure every part of the transaction.
 
PHUNBALL said:
As long as NO data is sent unencrypted, this especially applies to the login (username/password), then even if someone did obtain this information they could not do anything with it.
Click to expand...

Worst assumption ever. Never, ever, EVER assume the web application you are using is going to be completely secure if it is for a critical service such as banking. Your system could for example, be using a vulnerable cryptography library which has a bug in it that allows forged MD5 signatures (OpenSSL iirc had this vuln at one point), possibly resulting in a MITM attack. The software could also have a secure login, but might not have everything else over SSL, like say gmail. Say they get access to your mail account, then the hacker could possibly use that to gain access to the banking systems by attempting to reset the password, or something like that. Point being, never, ever, ever assume they will have a solid security scheme.

Your best bet, will probably be (as basically already discussed)-
-A secure system (constantly patched, since its likely windows AV/firewall)
-An encrypted tunnel, VPN, or other system which has a good security track record to completely encapsulate all of your data securely.
-If you are using outlook, or any other e-mail program, make sure it is configured to use SSL or a secure SSL proxy. A surprising number of people manage to not do this and leave their systems automatically checking their e-mail every n minutes, resulting in your account being compromised.
-Don't be dumb. As awful as this sounds, be aware of whats going on. If something is acting funky with the website, look further. Watch for page redirects, embedded content, and the like.
-Do not use RDP (Remote Desktop). It is largely insecure in the non-server versions.
 
hokatichenci said:
Worst assumption ever. Never, ever, EVER assume the web application you are using is going to be completely secure if it is for a critical service such as banking. Your system could for example, be using a vulnerable cryptography library which has a bug in it that allows forged MD5 signatures (OpenSSL iirc had this vuln at one point), possibly resulting in a MITM attack. The software could also have a secure login, but might not have everything else over SSL, like say gmail. Say they get access to your mail account, then the hacker could possibly use that to gain access to the banking systems by attempting to reset the password, or something like that. Point being, never, ever, ever assume they will have a solid security scheme.
Click to expand...

That's why I said "As long as", meaning they have done the proper research and are certain that the financial institution they are using meets the criteria they require. Maybe I should have been more clear, but in no way did I mean to imply that you should assume they are secure just because they say so...
 
You must log in or register to reply here.
Back
Top