Most secure way to use open WIFI

[wtburnette]

I'm going to be traveling for the next few days and will be using the hotel open wireless network to get online. My system is reasonably hardened, I have AV, windows firewall enabled, I use a regular user account, the admin account is renamed and the Guest account has been disabled.

I've heard the best thing to do is use an open VPN connection, but I've never done that before. Since I'm working all day and don't have a ton of time to research, I thought I'd throw this out there to see if I can get some suggestions

 

[awesomo]

Best thing to do is purchase a VPN connection for a month from somewhere and tunnel all the traffic through it. Or, you know, not care. If you have a firewall on, I wouldn't care. Anything that would be sensitive traffic such as banking, online shopping, etc... Is encrypted anyways, it doesn't matter how open the wifi is. If you are concerned about email, make sure your client is using encryption to make the connection to the server.

 

[MontyAC]

Check out DNSCrypt:

http://www.opendns.com/technology/dnscrypt/

 

[wtburnette]

Best thing to do is purchase a VPN connection for a month from somewhere and tunnel all the traffic through it. Or, you know, not care. If you have a firewall on, I wouldn't care. Anything that would be sensitive traffic such as banking, online shopping, etc... Is encrypted anyways, it doesn't matter how open the wifi is. If you are concerned about email, make sure your client is using encryption to make the connection to the server.

Well, the only email I'll be checking is Gmail and it uses HTTPS, so that should be fine. My Comcast email I'll check on my phone or just ignore. I don't get a lot through that service anyway.

I don't agree with the assessment that other traffic is encrypted and thus secure, as I've read too much about banking sites and such being spoofed. I'll simply refrain from using my online banking or purchasing anything online. I only plan to surf a few sites on my downtime and possibly look up movie listings and such. For that I should be pretty safe.

Check out DNSCrypt:

http://www.opendns.com/technology/dnscrypt/

I'll check that out, thanks.

 

[robvas]

You could also do all your surfing from a VM so the actual data on your machine isn't put at risk.

As well as using a VPN. Even just a simple ssh tunnel + putty will do it

Get a super cheap web host that allows ssh (does Dreamhost still allow it?), or a cheap VPS from LowEndBox, or have a friend with one make you a shell account.

http://www.godlikemouse.com/2011/08/03/browsing-the-web-through-an-ssh-tunnel-putty-firefox/

 

[Brak710]

Set up a VPN server at your house and just VPN home. It would be exactly like being on your home connection. Some routers can do this by themselves, but it isn't hard if you need to use a computer/server to do it.

 

[Ruffy]

buy a $1-3 dollar VPS server. Change the SSH port to 443 and restart SSH. (This negates all funny port blocking open wifi locations like to do)
http://www.lowendbox.com/

Use Putty or even better Bitvise Tunnelier(click on services, hit enabled on Socks HTTP proxy
http://www.bitvise.com/tunnelier, change Login tab with your server creds and save)

Change your browsers proxy settings to your shiny new tunnel 127.0.0.1:1080

Even if you don't use IE, change the proxy settings in Control panel or from IE(other apps use this, including chrome)

You have now have a secure tunnel that encrypts all your traffic through SSH. Bitvise tunnelier will auto-reconnect. So you don't have to mess with putty.

No complicated config on the VPS server, you edit 1 file and run one command to restart SSH. No need for openVPN.

 

[wtburnette]

Thanks for the info all

 

[surrealillusion]

It all boils down to how sensitive your information is and how paranoid you are. Worst case scenario is that someone decides to intercept your wifi connection and decrypt your SSL secured connections to see what you're doing.

http://www.networkworld.com/news/tech/2013/011813-ssl-decryption-265948.html

Like the others I would suggest using a known secure connection (if I'm travelling I normally log back into my home Internet via OpenVPN and do anything important from there), otherwise I don't really care if someone watches me reading the news or streaming youtube videos.

 

[wtburnette]

I'm actually just reading some tech news sites and reading my Gmail. Nothing too personal. Occasional checking of Facebook because it's my birthday and people are posting messages. I was going to order some Keurig coffee, as I'm getting low, but I'll wait till I get home. Too paranoid to enter payment info.