Paranoid Penguin - Brutally Practical Linux Desktop Security
When using any public, hostile or otherwise untrusted network, you must pay careful attention to your browser's padlock icon. If there is any problem with any certificate being presented by an SSL-protected site you've had no issues connecting to in the past, you should assume that somebody is attempting a man-in-the-middle, proxy or imposter Web site attack.
Gmail, Yahoo, Windows Live (Hotmail) and on-line banking sites are all particularly likely for someone to attempt to proxy or spoof. If you must visit such a site from a hostile LAN, again, watch for any certificate weirdness.
If you have your own Webmail server or have access to Webmail from a smaller provider, such as a regional ISP, those may be less likely for someone to attempt to spoof or proxy than one of the “big guys”. For maximum paranoia though, using a strong VPN connection really is best.
And with that, we're out of space for this month, but we're done! If I say so myself, it wasn't a bad column's work. My laptop is now hardened for DEFCON WLAN use, and you've hopefully learned a thing or two about Mick's brutally pragmatic approach to desktop security. We'll see whether I end up on the Wall of Sheep this year (if so, maybe I'll admit it, and maybe I won't). Good luck with your own public LAN adventures!
Mick Bauer (email@example.com) is Network Security Architect for one of the US's largest banks. He is the author of the O'Reilly book Linux Server Security, 2nd edition (formerly called Building Secure Servers With Linux), an occasional presenter at information security conferences and composer of the “Network Engineering Polka”.
|Secure Server Deployments in Hostile Territory, Part II||Jul 29, 2015|
|Hacking a Safe with Bash||Jul 28, 2015|
|KDE Reveals Plasma Mobile||Jul 28, 2015|
|Huge Package Overhaul for Debian and Ubuntu||Jul 23, 2015|
|diff -u: What's New in Kernel Development||Jul 22, 2015|
|Shashlik - a Tasty New Android Simulator||Jul 21, 2015|
- Secure Server Deployments in Hostile Territory, Part II
- Hacking a Safe with Bash
- KDE Reveals Plasma Mobile
- Huge Package Overhaul for Debian and Ubuntu
- Home Automation with Raspberry Pi
- The Controversy Behind Canonical's Intellectual Property Policy
- Shashlik - a Tasty New Android Simulator
- Embed Linux in Monitoring and Control Systems
- diff -u: What's New in Kernel Development
- General Relativity in Python