Paranoid Penguin - Brutally Practical Linux Desktop Security
When using any public, hostile or otherwise untrusted network, you must pay careful attention to your browser's padlock icon. If there is any problem with any certificate being presented by an SSL-protected site you've had no issues connecting to in the past, you should assume that somebody is attempting a man-in-the-middle, proxy or imposter Web site attack.
Gmail, Yahoo, Windows Live (Hotmail) and on-line banking sites are all particularly likely for someone to attempt to proxy or spoof. If you must visit such a site from a hostile LAN, again, watch for any certificate weirdness.
If you have your own Webmail server or have access to Webmail from a smaller provider, such as a regional ISP, those may be less likely for someone to attempt to spoof or proxy than one of the “big guys”. For maximum paranoia though, using a strong VPN connection really is best.
And with that, we're out of space for this month, but we're done! If I say so myself, it wasn't a bad column's work. My laptop is now hardened for DEFCON WLAN use, and you've hopefully learned a thing or two about Mick's brutally pragmatic approach to desktop security. We'll see whether I end up on the Wall of Sheep this year (if so, maybe I'll admit it, and maybe I won't). Good luck with your own public LAN adventures!
Mick Bauer (firstname.lastname@example.org) is Network Security Architect for one of the US's largest banks. He is the author of the O'Reilly book Linux Server Security, 2nd edition (formerly called Building Secure Servers With Linux), an occasional presenter at information security conferences and composer of the “Network Engineering Polka”.
- Readers' Choice Awards 2013
- Mars Needs Women
- RSS Feeds
- Sublime Text: One Editor to Rule Them All?
- December 2013 Issue of Linux Journal: Readers' Choice
- Raspberry Pi: the Perfect Home Server
- IBM Will Minimize Impact of Future Disasters
- Linux Systems Administrator
- Tech Tip: Really Simple HTTP Server with Python
- Senior Perl Developer
- So girls had it better ?
2 hours 33 min ago
- Reply to comment | Linux Journal
2 hours 53 min ago
- why is GNOME 3 in the fifth position at 14.1 %?
8 hours 26 min ago
- Sublime Is Brilliant!
13 hours 29 min ago
13 hours 48 min ago
- Rapid[Disk,Cache] better than native ram caching?
14 hours 13 min ago
- Nothing is perfect
14 hours 26 min ago
- Mixtapes Community
20 hours 5 min ago
- KDE is one true DE
20 hours 40 min ago
- Command Line Shells (Bash, Zsh, etc.) are 2nd place
21 hours 8 min ago