l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
January 6: Social gathering
Next Installfest:
TBD
Latest News:
Nov. 18: Club officer elections
Page last updated:
2006 Apr 25 09:33

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] Laptop WiFi Security
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] Laptop WiFi Security



Bob Scofield wrote:
I have two questions about WiFi security in laptops. (I don't have a laptop that allows me to do much WiFi, but I'm interested in these issues anyway.)

If a person uses a WiFi connection at an airport, hotel, coffee house, etc. clearly the connection is not encrypted. I have been told that if you use an open connection, someone can get into your hard drive. That is, a hacker could read your files. This leads me to ask two questions.

1) One computer professional told me that the solution to the problem is to have firewall software on your laptop. He recommends Zone Alarm for Windows, but my interest is Linux. I know that SuSE comes with a firewall. My first question is: Is there a firewall package for Debian?
Firestarter is a nice little GUI-based firewall.  I use that and like it.

2) The second question is whether there is *any* merit in the following idea I thought of. Suppose you had a laptop that had a major Windows partition, and a major Linux partition on it. Suppose you also put a second very small Linux partition on it. The small Linux partition would be used exclusively for e-mail and web surfing at open WiFi connections.

Would such a set up protect the files in the main Linux partition when the small partition was booted and being used with an open WiFi connection? I suppose one problem with such a Baroque set up would be that the password you use for e-mail on the small Linux partition would still be subject to theft by a hacker.

So is there any value in this type of set up?

Thank you.

Bob

I guess that would be effective ... as long as no one gained root access. (If they did, they could just mount the other partitions.)

Personally, I think it's overkill, though. There's several security tweaks that I'd recommend doing to a laptop before even considering that, such as:

* run a firewall, like above, and only allow port forwarding to a daemon when absolutely necessary

* disable all unnecessary daemons - especially login shells like ssh, telnet, etc. Also samba too.

* if you must allow ssh access, don't allow root logins, and only allow access via public keys instead of passwords

* keep your systems up-to-date with your distro's latest security patches

* since you're using an unsecured and unencrypted network, try to use encryption for outgoing traffic whenever possible - i.e., use ssh, https, imaps, tls, etc.

If you religiously apply techniques like this, I'd say you'll be in very good shape security-wise, and there's probably no need to do what you're suggesting. It certainly can't hurt, but I think it provides not much benefit for the amount of work involved.

Just my $0.02.

HTH,

DR

_______________________________________________
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech



LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
Sunset Systems
Who graciously hosts our website & mailing lists!