Paranoid Penguin - Brutally Practical Linux Desktop Security
When using any public, hostile or otherwise untrusted network, you must pay careful attention to your browser's padlock icon. If there is any problem with any certificate being presented by an SSL-protected site you've had no issues connecting to in the past, you should assume that somebody is attempting a man-in-the-middle, proxy or imposter Web site attack.
Gmail, Yahoo, Windows Live (Hotmail) and on-line banking sites are all particularly likely for someone to attempt to proxy or spoof. If you must visit such a site from a hostile LAN, again, watch for any certificate weirdness.
If you have your own Webmail server or have access to Webmail from a smaller provider, such as a regional ISP, those may be less likely for someone to attempt to spoof or proxy than one of the “big guys”. For maximum paranoia though, using a strong VPN connection really is best.
And with that, we're out of space for this month, but we're done! If I say so myself, it wasn't a bad column's work. My laptop is now hardened for DEFCON WLAN use, and you've hopefully learned a thing or two about Mick's brutally pragmatic approach to desktop security. We'll see whether I end up on the Wall of Sheep this year (if so, maybe I'll admit it, and maybe I won't). Good luck with your own public LAN adventures!
Mick Bauer (email@example.com) is Network Security Architect for one of the US's largest banks. He is the author of the O'Reilly book Linux Server Security, 2nd edition (formerly called Building Secure Servers With Linux), an occasional presenter at information security conferences and composer of the “Network Engineering Polka”.
|Reglue: Opening Up the World to Deserving Kids, One Linux Computer at a Time||Jul 29, 2014|
|diff -u: What's New in Kernel Development||Jul 23, 2014|
|Great Scott! It's Version 13!||Jul 21, 2014|
|Adminer—Better Than Awesome!||Jul 17, 2014|
|It Actually Is Rocket Science||Jul 16, 2014|
|Android Candy: Repix, Not Just Another Photo App||Jul 14, 2014|
- Reglue: Opening Up the World to Deserving Kids, One Linux Computer at a Time
- Download "Linux Management with Red Hat Satellite: Measuring Business Impact and ROI"
- Numerical Python
- NSA: Linux Journal is an "extremist forum" and its readers get flagged for extra surveillance
- RSS Feeds
- Linux Systems Administrator
- diff -u: What's New in Kernel Development
- Senior Perl Developer
- Technical Support Rep
- UX Designer