Dear Ubuntu community,
If I enable Wi-Fi on my laptop and use a public Wi-Fi hotspot at an airport, will a firewall such as UFW be enough to stop hackers accessing my personal files which are NOT transmitted over the Wi-Fi connection?
Dear Ubuntu community,
If I enable Wi-Fi on my laptop and use a public Wi-Fi hotspot at an airport, will a firewall such as UFW be enough to stop hackers accessing my personal files which are NOT transmitted over the Wi-Fi connection?
Last edited by oshirowanen; January 25th, 2010 at 12:59 PM.
oshirowanen,
If just browsing the net and not accessing personal files then a quick boot from a liveCD will allow you to browse and surf without too much fear of snooping.
Browsing with the NoSript, BetterPrivacy and Adblock+ extensions enabled makes you safer still.
Keeping personal data encrypted within something like a truecrypt container will keep it safe from prying eyes.
I do believe that the default settings of the Ubuntu firewall are pretty safe but you can always amend them to suite your needs. I am sure someone with more firewall knowledge than I will be along in a moment to offer further advice.
Firewall or not, there are no services installed by default which would allow anyone to retrieve your files remotely. They can only eavesdrop on the data you send/receive. If you installed some kind of server, then you may have a problem.
If you are that paranoid, you could always tunnel all brower traffic over an SSH tunnel when connecting to public hotspots. That way traffic is encrypted and can't be decrypted if there is someone on the network with a packet sniffer.
I'd do that if I used hotspots.
Come to #ubuntuforums! We have cookies! | Basic Ubuntu Security Guide
Tomorrow's an illusion and yesterday's a dream, today is a solution...
If your firewall is well configured, it will stop them from accessing your machine, however that alone won't stop them from snooping around what you do on the internet. Using https, they can tell what sites you visit, but they can't tell what you're looking at exactly, however they can see the traffic that's not encrypted, such as http sites. If you got a machine at home, I'd suggest establishing a ssh tunnel and sending all your traffic through that tunnel.
To add to the conversation ...
A default installation of Ubuntu has no significant servers listening for incoming connections, so, unless you install a server of some kind,hackerscrackers can not access your personal files.
If you use wireless, your packets travel through the airwaves and can be received by anyone.
Assume any unencrypted traffic (http, ftp) is not private.
If you *must* connect to a bank site or other private use https (ssl).
If you wish to encrypt all your traffic, use VPN or SSH.
There are two mistakes one can make along the road to truth...not going all the way, and not starting.
--Prince Gautama Siddharta
#ubuntuforums web interface
Howdy,
Yes your files on your local system are OK, but there are other things to worry about.
As mentioned above, all your network traffic is open to the world unless you use encryption such as HTTPS. So, what you need to worry about is your username and password when you access your email using a web browser.
Google email is now accessible using HTTPS, but they seem to have bigger backdoor problems. The important thing is that you should never use your email password for anything else, since it is typically a totally insecure service snoped by all and sundry. Never, ever use your email password for your bank for example!
I would take that a step further and say "never enter any email passwords (and possibly others)" while surfing via an open connection. You have to remember that if someone snoops your email password then it's often very easy to visit other sites and request password change (forgotten password) such that the site will send you a new one or provide a form to create a new one. So getting access to your email is often as good as getting the ability to change any other passwords for accounts associated via your email. This can even be domain name control and certificate issuance. So it's a bigger threat than you would expect.
If you use Thunderbird/Evolution then be sure to config all accounts to use tls/ssl based pop/imap. This will ensure user/password info is sent over ssl links only. Gmail has had this mandatory for a long time but many other email providers (ISPs!) still use pop3 unsecure access. Change that!
Read up on using ssh as a secure proxy. -D option - it is very powerful and easy to use for secure surfing.
I`m certainly no network security expert but knowing how relatively simple it is to grab passwords & stuff off a network, https/ssl included, i think i`d just stick with the assumption that there could well be some little skiddie sitting with the relevant software carrying out all kinds of mitm attacks on the Wifi spot in question.
Bookmarks