How to Secure a Laptop on Public WiFi?

RaggedOldMan

When I'm out of the house and out on business calls, I'll often take my laptop computer with me as it's very useful for both business needs and for my spare time. However, connecting to public wireless networks can be dangerous if your computer isn't secure, and all kinds of things can happen. I think I've got it covered, but I'd like it if someone checked through this list and tell me if there's anything else I need to do in order to secure my computer on an open WiFi connection...

Make sure firewall and AV are beefed up, latest patches and updates
Latest OS patches and updates - stops old exploits from working, especially on a Windows laptop
Disabling shared folders so people can't snoop through my stuff

That's all I've got right now. I don't know what else I can actually do, but I'd really appreciate some suggestions.

Unknown

I can't actually think of anything else other than what you've specified. I think you'd do a lot better with an SSH tunnel on top of all that too, if possible. SSH tunnel straight back to your home machine, and you'll be totally safe from MITM attacks too

ShadyTroll

What about using Hot Spot Shield? http://hotspotshield.com/

Unknown

ShadyTroll wrote: »

What about using Hot Spot Shield? http://hotspotshield.com/

That's definitely an option, but I wouldn't personally use anything like that in fear of the providers logging my every move. If we're going down the VPN route, I think it would be much safer, again, to set one up from home.

Thanks for the suggestion :thumbsup:

RaggedOldMan

Thanks for your responses. Since creating this thread, I've given my laptop a complete overhaul and beefed everything up. I also got rid of AVG and installed Avast! which is fucking brilliant (thanks for the tip in another thread), and I've got all the latest updates and software patches. I'm going to configure myself a SSH connection between my laptop and the Desktop I've got at home :thumbsup: Can't believe I didn't think of that one before. On the subject of SSH servers... Does anyone know how to set them up properly? I'm worried that exposing the machine to the world wide web will end in some nasty consequences.

duuude

I'm not sure if this would be useful but what about scanning your system with Nmap to see which ports are open that you could close from any kind of attack. I might need to do this to my on machine.

RaggedOldMan wrote: »

Thanks for your responses. Since creating this thread, I've given my laptop a complete overhaul and beefed everything up. I also got rid of AVG and installed Avast! which is fucking brilliant (thanks for the tip in another thread), and I've got all the latest updates and software patches. I'm going to configure myself a SSH connection between my laptop and the Desktop I've got at home :thumbsup: Can't believe I didn't think of that one before. On the subject of SSH servers... Does anyone know how to set them up properly? I'm worried that exposing the machine to the world wide web will end in some nasty consequences.

I think trx has a guide on that somewhere in this section.

Unknown

Yeah, give that a shot. Step inside the hacker's shoes for a second. If you were looking for a person to attack on the network, what would you be looking for? I know you're into Backtrack and the world of hacking so I'm sure you understand the dangers of leaving ports open If you don't go and read a few of my guides :thumbsup:

Slartibartfast

tunnel everything through ssh.

I have a free account over at shellmix.com that i use for this.

for linux servers with openssh installed and configued, on the client:

ssh -ND 3333 user@server

This is secure enough, but if you want to force ssh2 and use compression:

ssh -2 -C -D 3333 user@server

then i configure firefox to use socks with localhost:3333

I'd imagine it's the same for windows servers but with putty. I'm not sure how this is done.

RaggedOldMan

Can you tell me more about shellmix.com? I just looked at it but I can't really figure out what it's all about

Slartibartfast

It's shell access.

It's some guys linux server. He gives people access to it. Anyone can create an account and you're able to log into the PC remtotely with ssh. The shellmix.com server is in poland.

you get a command line with a comprehensive set of tools/apps installed.

This type of shared access was a popular way to access unix systems before Linux. Linux was created exactly because he was fustrated with some of the limitations of his universitiy unix server.

Unknown

Wow, that's badass. What's he like regarding logging and suchlike? I mean, would you log into Totse while SSH'd into his computer?

Slartibartfast

There's a fair few out there: http://shells.red-pill.eu/

They're all pretty vague on privacy. I'd imagine if the police start pounding on their doors, they'll do their best to help. Can't expect anything else.
He's basically a MITM. I'm sure the way he's set it up, he can't see anything BUT he does have root access - so meh.

Man, i log into totse without anything. What's the point, i post everything on a public forum - it's no secret.

Unknown

I was more concerned about credentials being logged, moreover the fact that you're posting on Totse in the first place. If someone was to get ahold of my password then they could do a lot of damage to this place