WIFI Security
 

I am getting the N800 for Christmas and can hardly wait! I am a real newbie here and had some questions about security issues with a public WIFI connection.

Is there a firewall, or software that comes with this device to protect private data? Is there some I should download?

My main use with this will be web surfing. Checking stocks, etc. I really need a secure/private connection.

Thanks!

Re: WIFI Security
 

good question, I asked this and someone said there was a SSL when using some sites on WiFi. not sure though

Re: WIFI Security
 

If you're watching sites which contain your private data (passwords, account info) etc. you should only access those sites through https:// links. This is exactly as when you access such sites from your desktop computer, no difference there. Other than that there's nothing in the N800 to worry about, the way it come set up out of the box. Wi-fi or no wi-fi is not the issue here.

Re: WIFI Security
 

This article has me concerned:

http://www.jiwire.com/wi-fi-security...n-overview.htm

It mentions software and firewalls as a solution; but what's compatible/available with the n800?

So, you are saying that as long as I connect through http sites I'm safe from "sniffers"?

Re: WIFI Security
 

"Firewalls" could merely block sensitive services from being remotely accessible - but the N800 has no such service unless you install it.

PUBLIC WiFi access is generally insecure, as secure access schemes would require you to have an account with the service provider. That is, PUBLIC WiFi is entirely unencrypted and accessible by any stranger, so that anybody in range could forge and inject packets, or even assume the identity of the service provider.

The risk of getting a worm delivered to a N800 via forged packets is marginal, though - Maemo/ARM is way too exotic among platforms to be targetted. You would have to worry when surfing a public WLAN with Windows/Intel devices, though, and even cell phones have already been (rarely) targetted...

As for HTTP being safe from sniffers: Nope. HTTPS would be, though. In general, you should use application-level security (like SSL web sites, SSL/TLS on the mail server, and SSH for shell connections) for anything critical, especially on wireless networks. The N800 supports that, but you still have to configure it, and must use SSL capable web/mail servers (which free services sometimes aren't).

Sevo

Re: WIFI Security
 

Such articles always make me shake my head. There's some truth to parts of it, but what they always seem to forget is this:

1. Your home wi-fi network is exposed to maybe some dozen of people.
2. Your ADSL/cable internet connection, on the other hand, is exposed to millions of people. If you ever get the chance, try running a sniffer at the connection point (outside any firewalls) on your ADSL modem. I've done that: Maybe 20 seconds after you fire it up the prodders start to hammer your network connection, scanning for open ports and the like. The network log at work is very interesting reading - this goes on 24/7.

The _real_ problem is connecting to a site requiring any of your private data: It doesn't _matter_ what kind of connection you use, whether that's wi-fi, ADSL, cable, at work: If it's not encrypted, someone can intercept that information. You _must_ use encryption. It doesn't help with the best WPA2 or any other wi-fi encryption, that part doesn't protect your actual network traffic, it only stops others from using your wi-fi network. It doesn't encrypt any of the actual internet traffic.

Let's say you have an adsl modem, a wi-fi router with its own firewall (most have one). There's a much much bigger chance someone will manage to break through to your home computer(s) through the ADSL modem than through the wi-fi router, simply because there are millions of potential attackers on the other side of the adsl modem but a very limited number in wi-fi range. (There is one potential big security problem with that wi-fi router though: If it allows access to its system setup page through wi-fi then the router can be hacked into and reconfigured to e.g. turn off its firewall. Ideally the router should only allow configuration to be done through one of its LAN ethernet ports.)

The big rule is simple: Whenever you transmit (including watching) private data over a network you should use encryption. For the web this means that the sites you watch should be accessible through https://, which is SSL encrypted, not http:// which isn't. As far as wi-fi is concerned you should think of it, and handle it, as the internet at large.

Your wi-fi router should have a firewall. So should your home computer, as otherwise it's open to external attacks in case the wi-fi router's firewall falls down for some reason.

However, your N800 doesn't have any services that can actually be attacked, unless you install one. If there's no one listening then the attacker can shout all he wants, unlike how it's depicted in films and tv shows you can't just break in just because it's a computer in there.

However, there's one popular service you may come to install on your N800, and that's an ssh server. If you do, then suddenly you have something listening on port 22 which can give the attacker a login shell. And as the N800s all come with a well-known, fixed root password.. in other words, if you install either dropbear-server or openssh-server then you must take steps to prevent this (change root password, first of all).

Yes. If you meant to say https sites, not http sites. The former are SSL encrypted, the latter are not. Normal web sites are just http sites, they're not encrypted and usually you won't care, if you're just reading Internet Tablet Talk, for example.

There's one popular wi-fi scam that's worth mentioning though: Be careful with wi-fi hotspots requring credit card info to get access to the network. These are HTTPS/SSL encrypted, but the scam is that someone sets up a fake pay-hotspot and you then go on to provide them with your credit card info.. this scam has been seen in airports, for example.

For the rest: As far as your N800 is concerned, you just have to
a) Set up your home wi-fi network with WPA encryption (if you want to keep others from accessing the internet through your wi-fi)
b) Firewalls in the wi-fi router and on your home computer(s)
c) Use SSL (HTTPS) when accessing sites with private data, whether that's from your N800 or from your desktop computer
d) Don't start worrying about your N800 security until you install a server like ssh.
e) That article mentioned VPNs.. yes, if you access your job network then VPN is an easy way to encrypt everything. But then again it's unlikely there's any other way of accessing that network.

Re: WIFI Security
 

Thanks, I think I just beginning to understand.

I have a wired network at home and wasn't planning on using the N800 there. It's only going to be used outside the home.

I'm going to have to read up more to completely comprehend the responses. Right now it suffices to repeat the KISS Rule: Just use HTTPS Sites for secure encryption.

Again, thanks for taking the time to explain it!

Happy Holidays Everyone!

Re: WIFI Security
 

The real simple answer is don't send private data over wifi, ever. With the right equipment it doesn't matter if it's https or not.


http://www.oxid.it/ca_um/topics/apr-https.htm

Re: WIFI Security
 

You WILL want to use your N800 at home... in the bed, in the kitchen and even in the bathroom. Trust me :) Welcome to the family.

Re: WIFI Security
 

Hi,

my friend has the following problem.
Each time his PC running XP Windows boots on
wifi card driver sets ICF (Internet Connection Firewall) provided by Windows off.
He has to set it manually on.
What's wrong ?
Wiruses, trojans , Adware ?

Darius