Fulltimer51 Posted August 20, 2016 Report Share Posted August 20, 2016 I am trying to understand the safety, or the lack there of, for "secure" WIFI in campgrounds/RV parks. I have always thought that a WIFI network that had to be signed into does nothing more than limit the number of people who can use the network. The data is no more secure than an open network. True or not? HTTP connections are just as safe on either network? Yes or no? Thanks George2011 F350 6.7PSD CC 4X4 DRW Lariate2015 Mobile Suites 41 RSSB4 5th Wheel Link to comment Share on other sites More sharing options...
wildmandmc Posted August 20, 2016 Report Share Posted August 20, 2016 true, anyone that has password aka passcode can access that network an with a bit of pc savy can also access your harddrive an anything else connected to that network. 2000 Itasca Horizon DP (Got Total During Irma). Vice President of Charlotte County Defenders LE MC http://charlotte.defenderslemc.com/ Link to comment Share on other sites More sharing options...
wildmandmc Posted August 20, 2016 Report Share Posted August 20, 2016 adding this. as for the http or even https on an open network is not secure. one way to be a little bit more secure is to use a device that contains no banking login info. sort of like a tablet/kindle that is just used to watch a movie but then again there is prob a login for that which opens up that same can of worms. 2000 Itasca Horizon DP (Got Total During Irma). Vice President of Charlotte County Defenders LE MC http://charlotte.defenderslemc.com/ Link to comment Share on other sites More sharing options...
k4rs Posted August 20, 2016 Report Share Posted August 20, 2016 One way to enhance your security on a public network is to use a VPN. There are numerous companies that provide this service for reasonable fees. I pay just under $40 per year for my PIA (Private Internet Access) account. https://www.privateinternetaccess.com/ Safe Travels... Roger, K4RS and Toni, K1TS Amateur Radio Operators - Motorcycle Riders (Harley Davidson Tri-Glide Ultra) Fulltime from 2003-2016 - Now longtime RVers On the road, living the dream... Ford F-250 Super Duty 7.3 liter diesel and Forest River XLR Toyhauler. Position report via amateur radio Link to comment Share on other sites More sharing options...
docj Posted August 20, 2016 Report Share Posted August 20, 2016 as for the http or even https on an open network is not secure. I'm curious about what you're basing this statement on. I've heard that the NSA does have a way to intercept HTTPS transmission but I've never seen evidence that anyone else does. Sandie & Joel 2000 40' Beaver Patriot Thunder Princeton--425 HP/1550 ft-lbs CAT C-12 2014 Honda CR-V AWD EX-L with ReadyBrute tow bar/brake systemWiFiRanger Ambassador Follow our adventures on Facebook at Weiss Travels Link to comment Share on other sites More sharing options...
SCClockDr Posted August 20, 2016 Report Share Posted August 20, 2016 NSA level mischief pretty much has us covered no matter the tools we might deploy. If the encryption methods uses an agreed source/target key & method they have the data/tools to deal with it. There are very few if any public accessible methods available to ensure secure web browsing in this environment. Local and opportunists are a bit easier to block. I use a router between my devices and public accessible AP's, we rarely stay in one location beyond 4 days. I think those two factors significantly reduce our local risk. Our packets can still be grabbed & stored and later busted but we should be long gone. That and periodic changes to our critical PW's and two factor authentication when available allow us to sleep reasonably soundly. Link to comment Share on other sites More sharing options...
docj Posted August 20, 2016 Report Share Posted August 20, 2016 Our packets can still be grabbed & stored and later busted but we should be long gone. FWIW, although you are probably a sophisticated enough user to know how to use a VPN, the current WiFiRanger software has a built in "one button" pseudo-VPN which establishes a "tunnel" from your router back to the WiFiRanger servers in Idaho. Although it isn't the same as a real VPN, it does make it much more difficult to grab your packets if someone was so inclined. Also, as I've previously posted, it does spoof your IP to enable you to connect to US-only streaming sites while vacationing in Canada. Sandie & Joel 2000 40' Beaver Patriot Thunder Princeton--425 HP/1550 ft-lbs CAT C-12 2014 Honda CR-V AWD EX-L with ReadyBrute tow bar/brake systemWiFiRanger Ambassador Follow our adventures on Facebook at Weiss Travels Link to comment Share on other sites More sharing options...
skp51443 Posted August 20, 2016 Report Share Posted August 20, 2016 It turns out that the wonders of HTTPS were far overstated and once folks begin digging past the vendor's hype there were and are severe issues. Too many to count, which embarrasses me as I believed the folks (like my bank and brokerage) telling me how secure things were. Try here for a bit of reading: https://www.google.com/#q=https%20security%20flaw%20problems%20exploit Then of course there are issues with security between your keyboard/screen and the browser where your logon information and passwords can be harvested. DoD has given up on trying to secure personal computers operating systems (all of them) that are used to access their servers and have developed a bootable CD that while it isn't perfect bypasses all but BIOS resident malware. https://en.wikipedia.org/wiki/Lightweight_Portable_Security A VPN will protect you from your computer's network connection to the VPN provider's connection to you but you are still vulnerable to any security issues the VPN provider has and any in the connection from them to your destination as well as malware on your computer. Aside from the cost a VPN has some drawbacks worth reading up on before you sign a contract, most folks can live with them but knowing up front is better than surprised later. There are the usual things you can do, none are perfect: Keep updated and run scans that will help with known and fixed issues. Move to the DoD LPS or another trusted bootable system for your sensitive stuff. Add a VPN either full time or just for your sensitive sites. Just avoid iffy WiFi connections when accessing critical sites - which may be the simplest option. I'd not worry about NSA level tricks or even the other state level crackers unless you have a job involving access to classified information. Read Snowden's leaked catalog and you'll see why worrying about that level of stuff is needless aggravation, you aren't going to stop it. Worry about the criminal organizations that are far more likely to cause you problems, you can do a lot to prevent that from happening by following reasonable security practices. First rule of computer consulting: Sell a customer a Linux computer and you'll eat for a day. Sell a customer a Windows computer and you'll eat for a lifetime. Link to comment Share on other sites More sharing options...
Fulltimer51 Posted August 20, 2016 Author Report Share Posted August 20, 2016 So this is all true for a home WIFI system as well? It is not secure? George2011 F350 6.7PSD CC 4X4 DRW Lariate2015 Mobile Suites 41 RSSB4 5th Wheel Link to comment Share on other sites More sharing options...
Fulltimer51 Posted August 20, 2016 Author Report Share Posted August 20, 2016 One way to enhance your security on a public network is to use a VPN. There are numerous companies that provide this service for reasonable fees. I pay just under $40 per year for my PIA (Private Internet Access) account. https://www.privateinternetaccess.com/ Safe Travels... How can my data be encrypted without encryption equipment? Or do I misunderstand what they are selling? George2011 F350 6.7PSD CC 4X4 DRW Lariate2015 Mobile Suites 41 RSSB4 5th Wheel Link to comment Share on other sites More sharing options...
skp51443 Posted August 20, 2016 Report Share Posted August 20, 2016 So this is all true for a home WIFI system as well? It is not secure? Your home system, if your WiFi router is still supported and has current security patches is fairly secure. Sadly far too many home WiFi routers are sold and get a couple patches and then the manufacturer abandons them leaving any new security issues un-patched and the router vulnerable. I have a box of this type of router that I have confiscated from family and friends and replaced with newer and still supported gear. Keeping up with vulnerabilities and patch status is a lot of work, pitching the old gear once the stream of updates stops and buying new isn't a great plan but it is simple and effective. An option to trashing and replacing is to get a router that supports one of the open-source router firmware packages, they have ongoing updates that keep them reasonably secure. The down-side is that they aren't always quite as simple to use with the new firmware. I'm not current on this option as I went a different direction with a fancy router/firewall computer and access points for WiFi which is overkill for most folks. The problem with the WiFi security comes from access points that aren't what they appear to be but are bad actors impersonating a good connection or when someone has infiltrated malware into a supposedly safe WiFi system that you are connecting to. First rule of computer consulting: Sell a customer a Linux computer and you'll eat for a day. Sell a customer a Windows computer and you'll eat for a lifetime. Link to comment Share on other sites More sharing options...
skp51443 Posted August 20, 2016 Report Share Posted August 20, 2016 How can my data be encrypted without encryption equipment? Or do I misunderstand what they are selling? You do not need specific encryption hardware to do VPN encryption, it can be done by any modern processor at fairly decent speeds. Many newer processors actually include a group of instructions to speed up the encrypt/decrypt process, HTTPS, SSL or VPN. You can see that internal encryption ability as the last line of the snip of my system's dashboard below: Hardware crypto AES-CBC, AES-XTS, AES-GCM, AES-ICM System Information Name pfSense.home System Netgate SG-2440 Serial: 11521XXXXX Version 2.3.2-RELEASE (amd64) built on Wed Jul 20 10:29:55 CDT 2016 FreeBSD 10.3-RELEASE-p5 The system is on the latest version. Platform pfSense CPU Type Intel(R) Atom(TM) CPU C2358 @ 1.74GHz 2 CPUs: 1 package(s) x 2 core(s) Hardware crypto AES-CBC,AES-XTS,AES-GCM,AES-ICM First rule of computer consulting: Sell a customer a Linux computer and you'll eat for a day. Sell a customer a Windows computer and you'll eat for a lifetime. Link to comment Share on other sites More sharing options...
Fulltimer51 Posted August 20, 2016 Author Report Share Posted August 20, 2016 So It looks like a VPN would be the way to go for good RV mobile secure communications? If so, are the VPN services that cost $$ any better than those that are free? Does logic of you get what you pay for rule here ,too? George2011 F350 6.7PSD CC 4X4 DRW Lariate2015 Mobile Suites 41 RSSB4 5th Wheel Link to comment Share on other sites More sharing options...
wildmandmc Posted August 21, 2016 Report Share Posted August 21, 2016 docj. key word in my statement is on open connection. but law enforcement does have ability to do ip reverse. altho a vpn does help in going onlilne in somewhat cognito fashion, but not totally. 2000 Itasca Horizon DP (Got Total During Irma). Vice President of Charlotte County Defenders LE MC http://charlotte.defenderslemc.com/ Link to comment Share on other sites More sharing options...
wildmandmc Posted August 21, 2016 Report Share Posted August 21, 2016 stan, on your home network it is a secured connection, you/ family an anybody that you allow to connect to it are only ones that can access network an anything on that network. 2000 Itasca Horizon DP (Got Total During Irma). Vice President of Charlotte County Defenders LE MC http://charlotte.defenderslemc.com/ Link to comment Share on other sites More sharing options...
Chris-n-Dennis Posted August 21, 2016 Report Share Posted August 21, 2016 Fulltimer, you are partially correct. To address the questions: No, an RV park's wifi is not what you could call secure by any means. Think of it, you first have a multitude of people with the access password given to them by the park. No control on who else was given the password by another camper, employee etc. Couple this with the time frame of when that password is changed - probably rarely. Now, think of this wifi network as a passworded room such as the speak easy from the past. Just say the right phrase and you are in the room, along with countless others and because you are in just one room, everyone in that room can know what everyone else in the room is doing. EXCEPT, in this case there are things you can do to protect yourself. First and foremost is a firewall that only allows connections that you initiated and established. Called a stateful firewall, this protection is like a one way mirror, you can see out but any attempt to see in is blocked. Most modern firewalls are set up this way by default but if you are unsure of yours, you can easily check to see what all you have showing (your fly may in fact be down) by going to Gibson Research Corp's Shields Up site: http://www.grc.com or https://www.grc.com/x/ne.dll?bh0bkyd2 By closing gaps in what can be seen you are narrowing down what can be accessed and/or attacked. Common sense will be your biggest safeguard. Heinlein said it best: There ain't no such thing as a free lunch. A park's free wifi with connection to the internet is bound to come with absolutely no blocks to advertising, DNS hijackers and other minutia. With this in mind it is a no brainer to never respond to some random flashy notice, advertisement or other dire notification that may pop up while surfing the internet. Lastly, when you are done, shut down. Don't stay connected to the wifi network when not actively doing something. Personally I will disconnect even if all I'm doing is taking a short break. I am trying to understand the safety, or the lack there of, for "secure" WIFI in campgrounds/RV parks. I have always thought that a WIFI network that had to be signed into does nothing more than limit the number of people who can use the network. The data is no more secure than an open network. True or not? HTTP connections are just as safe on either network? Yes or no? Thanks Berkshire XL 40QL Camphosting and touring Our blog: cndtravels.blogspot.com Link to comment Share on other sites More sharing options...
Fulltimer51 Posted August 21, 2016 Author Report Share Posted August 21, 2016 Thanks. Ill start with the free VPNs to get used to them, then see which one gets paid for. George2011 F350 6.7PSD CC 4X4 DRW Lariate2015 Mobile Suites 41 RSSB4 5th Wheel Link to comment Share on other sites More sharing options...
skp51443 Posted August 21, 2016 Report Share Posted August 21, 2016 stan, on your home network it is a secured connection, you/ family an anybody that you allow to connect to it are only ones that can access network an anything on that network. Unless you have a router with an unpatched security glitch that gets compromised you are reasonably safe at home. However all the encryption methods including WPA2, the newest and most secure, have security flaws, made worse by short simple passwords. Still for a home router it is unlikely anyone would bother to break in for profit, might have an angry neighbor looking for access though. I learned a lot about WiFi security after I told someone still working in the field that I thought it was pretty secure. I still use wiFi for a lot of stuff but I ran a couple more Ethernet cables to put our main laptops on a wired connection when doing our financial stuff. Probably not necessary but Ethernet cables are cheap insurance against a minor chance of having a severe problem. First rule of computer consulting: Sell a customer a Linux computer and you'll eat for a day. Sell a customer a Windows computer and you'll eat for a lifetime. Link to comment Share on other sites More sharing options...
voyaginator Posted August 22, 2016 Report Share Posted August 22, 2016 Just some suggestions to choose a VPN service provider: 1) Supports your devicesFirst step before signing-up is to make sure your devices are supported by the service provider.2) Does not maintain a logFor privacy reason, the providers should never keep a log. Some service providers even accept Bitcoin, instead of the usual credit card (which has your name and address) to add more privacy.3) Uses shared IP addressesAll users of the service provider should share IP addresses. So, there is no traceability between user account and IP address.4) Is based on OpenVPNPPTP and L2TP are not secure. Check on the vendor website, or ask the sales person.5) Allows simultaneous connectionsThe provider shoud allow more than one device to be connected at once.6) Clearly indicates the locationFor privacy reasons, the service provider should not be under any government control. Although we cannot be 100% certain, recommended countries would include: Cyprus, Iceland, Netherlands, Sweden, Switzerland. Again, without any guarantee! Link to comment Share on other sites More sharing options...
skp51443 Posted August 22, 2016 Report Share Posted August 22, 2016 Here is probably the worst example of a poor choice of WiFi routers: http://www.theregister.co.uk/2016/08/22/ioactive_turns_up_the_most_sohopeless_router_so_far/?utm_source=dlvr.it&utm_medium=gplus “An unauthenticated attacker could bypass authentication, access sensitive information stored in its system logs, and in the worst case, execute OS commands on the router with root privileges.” Bad? Wait, there's more: there are hidden users, default SSH with a hard-coded root password, and the box “injects a third-party JavaScript file into all users' HTTP traffic”. The router includes a hard-coded SID, 700000000000000: if an attacker presents that to the router, they get access to “all authenticated features”. Presenting that SID revealed the hidden user, dms:3. And even better, after a bit more work: “whatever SID cookie value you provide, the router will accept it as proof that you’re an authenticated user”. Goodness. It couldn't get worse, but it does: commands like Traceroute run with root privilege, making escalation a snap, because attackers can run OS commands without authentication. “At this point, we can do anything: Eavesdrop the traffic on the router using tcpdump Modify the configuration to redirect traffic wherever we want Insert a persistent backdoor Brick the device by removing critical files on the router ". Most aren't this bad but if you have a known bug that isn't patched you can become a victim of anything from a serious criminal to a teenager looking to torrent porn without getting caught by their parents. It isn't a likely situation but it happens to folks every day so if you are feeling lucky??? First rule of computer consulting: Sell a customer a Linux computer and you'll eat for a day. Sell a customer a Windows computer and you'll eat for a lifetime. Link to comment Share on other sites More sharing options...
TrapperBob Posted August 22, 2016 Report Share Posted August 22, 2016 Guys thanks for all the information. This has been a great read. Trying to get more educated on using park wifi. Up to now use cell for hotspot and do nothing over parks wifi. So loving forward can someone tell me what is the best router to use for an RV? Thanks for the help Bob and Jenise Class of 2016 Full timers 2008 Newmar Essex 45' 500hp ism towing Honda CRV awd Every day you wake up is a good day!!!! Link to comment Share on other sites More sharing options...
skp51443 Posted August 22, 2016 Report Share Posted August 22, 2016 Best, something like a pfSense router and an UBiquity access point, not cheap or just plug and play to get full use of them but the combination gives you pretty much everything from multiple local LANs to VPNs built in. You have a wide range of hardware that pfSense will run on, much of it far cheaper than the linked system, lots of discussion in the pfSense hardware forum. Four port version, they also have a two port but you give up a lot of options: https://store.pfsense.org/SG-2440/ Ubiquity WiFi access point, Lite or Pro versions: https://www.ubnt.com/unifi/unifi-ac/ Cheaper and a bit easier, you end up with consumer grade WiFi routers that run open-source firmware. I'm happy with the better ASUS hardware for that role, they have a decent update policy for their factory firmware and once they stop supporting it you can move to the open-source firmware on some of their hardware. I'm not current with the latest FCC rules on third-party and open-source firmware, there is some issue with newer hardware and the ability to update because the FCC does not want consumers to control the internal radio hardware as it can interfere with other radio services. I tend to buy friends mid-grade ones from this line: https://www.asus.com/us/Networking/Wireless-Routers-Products/ Cheap, you get the lower tier of consumer routers that offer less functionality, shorter support periods and they won't run open-source firmware so once the updates stop you just toss and replace. All three options have their place, most folks are happy with the second or third option depending on your interest in learning about the gear and choice of maintain or toss as an update policy. If the FCC rules prevent the third party,open-source options the third choice above becomes more attractive since once support ends security begins to fall apart as new flaws are discovered. First rule of computer consulting: Sell a customer a Linux computer and you'll eat for a day. Sell a customer a Windows computer and you'll eat for a lifetime. Link to comment Share on other sites More sharing options...
TrapperBob Posted August 23, 2016 Report Share Posted August 23, 2016 Stanley Thanks. Gives me options and some direction to look at. Looking at stores gives me to many options and I do not want to make choices based just on price. I will look hard at your recommend hardware providers. Take care Bob and Jenise Class of 2016 Full timers 2008 Newmar Essex 45' 500hp ism towing Honda CRV awd Every day you wake up is a good day!!!! Link to comment Share on other sites More sharing options...
skp51443 Posted August 23, 2016 Report Share Posted August 23, 2016 Look for answered questions and reviews on Amazon and NewEgg too, they have proved helpful to me. First rule of computer consulting: Sell a customer a Linux computer and you'll eat for a day. Sell a customer a Windows computer and you'll eat for a lifetime. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.