electronic brain surgery since 2001

Conference WiFi Security

WiFi is widespread today and makes the life of the modern web worker much easier. Conferences are a typical place where nearly everyone is connected to the internet using the same wireless network. But very few people realize how vulnerable they are while using the shared network.

Tools like dsniff make it dead simple to passively sniff passwords from any unencrypted connection.

Example? Despite previous warnings the organizers of re:publica saw up to 5 passwords per minute going in clear text over their network!

So when using the internet over an insecure network, you should always use the following precautions:

Don't run any unnecessary services on your machine (apache, mysql, …) or secure them by a firewall
Use SSL whenever possible
Tunnel unsecured connections through a VPN or SSH

I wrote about securing your mail services by SSL before. Unfortunately SSL is not always available when using third party websites.

The easiest way to secure all your web connections is using SSH as SOCKS proxy. All you need is SSH access to a trusted machine. This could be your root server or a machine at your company.

To open the proxy just use the following line:

$> ssh -D 8000 -N you@your.server.net

Where you is your username and your.server.net is the trusted machine of course.

All you need now is to make Firefox using the proxy, by adding it as SOCKS proxy under Edit → Preferences → Advanced → Network → Settings… (see screenshot).

Now all your Firefox web traffic will be tunneled through SSH and your passwords are safe from the sniffer in the chair next to you.

Tags:: security,; ssh,; wifi

Similar posts:

Posted on Wednesday April the 9th, 2008 (6 weeks ago).

Comments

For the paranoid: go to the page "about:config" in Firefox and set "network.proxy.socks_remote_dns = true" to also send your DNS queries via the SOCKS proxy.

2008-04-09 20:35:19

jan

Yes it's kind of scary to see at my university (I'm studying computer science), who many of my kind know about WiFi security. Every where you see FTP/Email/HTTP accounts/logins. I think the people believe, when the connection is crypted by WPA/WPA2 the are protected, they are protected against such //attacks//. Sad to see, that they don't seem to realize that everyone within the same network is able sniff these information.

I've avoided checking some Email accounts so far, because of this problem. The solution using a SSH proxy is a nice idea and I definitely will try this!

2008-04-09 21:17:00

Julian Knauer

Yes, SSH is the most simplest method to add a bit security. But keep two things in mind:

* stay alert to changed host keys - man in the middle attacks are very simple to do

* be sure to use a *trusted* host - a shared web host or university account is probably as dangerous as the WiFi ;-)

2008-04-09 21:42:13

Andi

A stupid question perhaps, but do you not need some sort of proxy software running on your home server? I did a 'man ssh' and read about -D, and saw stuff about 'GatewayPorts' and so am no longer 100% sure... Also you don't mention anything about any additional software on your home server, so I was wondering if perhaps it really is that easy?

2008-04-12 20:48:38

chris

Chris, this is why this solution is so easy. There is no additional software required. Everything is handled by the SSH daemon on the server side and your SSH client on your laptop PC.

2008-04-13 02:03:18

Andi