Feb 13, 2011

RE "Wi-Fi service can expose your really sensitive data to cybercriminals"


This short article is "non-panic" class of material referenced to Kaspersky Lab article WiFi + Airport = Lost password
We left following comment for this article on www.securelist.com
Just opinion...
Wireless connection or wired... Secured traffic is secured traffic. If you talking about security and exposed credential, it is no matter what "last mile" do you have. People, who are hunting, personal credentials, encryption certificates and so on, will do their job even with your existing VPN (pairing traffic for PKI extraction for example, especially on M$ Windows platforms).

It is just talking about egg and chicken. So, if KaspLab placed egg affront and says "this is solution" (making money BTW), why not?

low level education in IT security of regular users is just a reason to have such of product on-board of their laptops, PCs, etc. It is kinda business, is it?

Simple solution is:
1. Enable firewall on your netbook/laptop/PC, and carefully research what traffic do you use, and what is necessary to pass in and out (DO NOT TRUST wizards of any firewall software, each wizard leaves back-door for "technical" reason even KaspLab products)
2. Be aware of what you gonna explore in Internet. Even you have super cool antivirus or any security enabled controlling software, this will not warranty that you will not get trojan-style virus, or rootkit, or fake login pages or any related which may be not yet recognizable by installed antivirus on your HW.
3. Even you have simple and proved traffic protection on your PC, you are not protected. Your PC is your PC, but rest of the world is opened even you are protected incide of your PC. Strong advise of ANY more less in mind security specialists — change your password, do not be lasy, change your personal credentials frequently (once a week, once a month, once... as «once» as possible)
4. Do not use M$ products. Tobe honest, it is rare situation that commercially delivered operating system is most patched, even KspLab products just developed as extension of file system interfaces, networking interfaces (as patch alternative of own M$). Did you think ever why? So, try alternative OSs, and enjoy most virus-free and stable user environments.
5. If you have business needs to access to your banking or incorporate resources, the best solution is to use dynamic encryption of traffic access for VPN access on numbers of ports (even on HTTP, HTTPS). What is dynamic encryption? It is mostly hardware implemented pass phrase generator for access to remote secured areas via VPNs. Yes, yes, VPN ports can be blocked, ask sysadmins to add for binding additional ports that can be available anywhere.
6. Never, never and never exchange your e-mails WITH NO SSL/TLS encrypted connection!
7. Do not afraid to use open Wireless networks – no difference in general will you use WiFi, GPRS or HSDPA.

Again, this is just opinion.

No comments:

Post a Comment