Earlier this year, I demonstrated to a colleague just how easy it was to sniff data out of the air when everyone's connected to a public network.
We were sitting in the Chandler Library at WordCamp Phoenix, and he had been watching me write an article about network security. He challenged me to snoop on his machine, so I pulled up a network profiling tool and started rattling off the names of every application on his Mac that were talking to the network.
He, understandably, freaked out and shut off his machine.
How Secure Are You?
I was clearing out my laptop's list of trusted networks the other day when I discovered some troubling entries there. Once upon a time, I was forced to work from a Starbucks and their generic "attwifi" network was added to my whitelist of networks to which the machine will "automatically connect."
Not very secure.
I do travel a lot, though, and I have several hotels and airports permanently loaded in my machine's list of trusted connections. Since I'm traveling this weekend - to a country known to have hacking and data security issues - I wanted to be sure my data was safe.
So I configured a VPN.
A "virtual private network" is a way to keep your data secure, whether your on a dedicated 4G tether or connected to Starbuck's free wireless. Traffic from your machine is encrypted at the machine, sent to a remote (trusted) server, decrypted, and proxied to the real network target.
It's similar to how a man-in-the-middle attack might work - except I happen to trust the guy in the middle sniffing my traffic, and I can completely secure my communications with him. He, in turn, forwards my web requests (and server responses) on to their destination.
I can browse any site on any network with a high level of confidence that my information is secure.
One setup, which I hope to investigate soon, is to set up a dedicated server in my home network and open an encrypted ssh tunnel from my remote location to my home. The advantages here are manifold:
- Traffic from my machine will always come from my home office's IP address
- The only person I need to trust with my information is, well, myself
- Once tunneled in to my home network, I'll have access to the same resources (printers, NAS, etc) that I do at home
An open-source tool called sshuttle will make this possible with relative ease.
The setup I'm currently using is a contract with Private Internet Access. A one-year contract costs less than running my VPS for the year. It also comes with a level of anonymity that ssh-ing to my local network would not provide. I can flip a switch and route my traffic through data centers on the East coast, the West coast, Europe ...
I don't have the benefit of accessing my home network's resources remotely, but I do now have the ability to visit sites and conduct business with relative anonymity.
I value anonymity almost as much as I value security. Not having to maintain my own hardware is an added bonus.