Keep it low: December 2010

Saturday, 4 December 2010

Enhancing security at Coffee Shop (B)

"Oh, what if I don't have a VPN server at home? What can I do?"

The main issue of Internet link provided by Coffee shop (Public network) is that everyone can access the Access Point (AP)

* Web
You might know it is best to access a website with HTTPS (Hypertext Transfer Protocol Secure) instead of HTTP. But how?

For Chrome browser: "Use HTTPS"
https://chrome.google.com/extensions/detail/kbkgnojednemejclpggpnhlhlhkmfidi

For Firefox browser: "HTTPS Everywhere"
https://addons.mozilla.org/en-US/firefox/addon/229918/

It is also important to know that Facebook offers https access, so installing the "force https" when accessing facebook.com will let you enjoy a more secure web browsing experience.

* Email

Email is one of the oldest product since Internet was invented. All messages are sent via plain text, which obviously not suitable for today's security standard. Therefore, it is necessary to further enhance the security by introducing Transport Layer Security (TLS). The network ports used are listed as below

- TCP 465 SMTP over TLS/SSL

- TCP 587 SMTP over TLS/SSLSTART

- TCP 993 IMAP over TLS/SSL

- TCP 995 POP3 over TLS/SSL

# Pictures are provided by mail.google.com

If we take Gmail as an example, we can find the setting is easy to make.

Related material: Enhancing security at Coffee Shop (A)
http://infosecmatrix.blogspot.com/2010/12/enhancing-security-at-coffee-shop.html

Friday, 3 December 2010

Enhancing security at Coffee Shop (A)

WiFi is a two-sided sword, it provides a great mobility of Internet access for us, but it also allows us to intercept others data easily. This is the fact, the only thing that we can do is to try our best to protect our data from being exposed instead.

The best way is to make a virtual private network (VPN) connection to your home desktop/server. This solution will let you to enjoy the same security as you are at home. However, for sure, you have to confirm the security of your regular channel from home to external servers.

The following diagram illustrate the solution.

Insecure way: connecting via Insecure Channel

More secure way: connecting via Secure Channel (VPN) to your home

Further reading: How to setup PPTP server with your Windows XP

http://securitykernel.blogspot.com/2010/12/how-to-setup-pptp-server-with-your.html

Related: Enhancing security at Coffee Shop (B)

http://infosecmatrix.blogspot.com/2010/12/enhancing-security-at-coffee-shop-b.html

Wednesday, 1 December 2010

How to setup PPTP server with your Windows XP

Note: If you just need a quick look of how to setup the PPTP server with WinXP, just skip the introduction part and start with the pictures.

I need to access my home desktop through a secure communication channel, what can I do?

If you want to setup a VPN server at home, you can consider to choose either PPTP or SSL VPN. Setting up a SSL VPN server involves maintaining a Certificate Authority (CA), Registration Authority (RA), Certificate Revocation List (CRL) and Digital Certificates. These names are scary and are not friendly to many people......

Therefore, we will go for an easier way, which is setting up a PPTP VPN server. But now, we have come up with another question, what platform should we build on, this can be either

Windows
Linux
Dedicated firmware (DD-WRT)

Linux is powerful but not many people will build a linux server or VM at home.
DD-WRT is easy for user to setup but it requires the user to modify the firmware of their router.
Windows is popular and user can deploy the setting with just a few minutes. Therefore, it makes the ideal choice to do the job.

Step 1. OPEN the Network Connection