“Private Networking” On the Road

Topic

New Reply

Next year, I am likely going to doing some traveling. At home, I have the protection of my own home network but on the road it will be nearly impossible to avoid using public WiFi so I thought it prudent to look into what the current state of affairs is. Despite having a fair knowledge of networking I have to admit that WiFi on the road is a topic that I have not had occasion to spend much time on so my level of ignorance is rather high.

I know that there is VPN software for PC and apps for iPad (I have both) and there are plug in devices for PC’s and portable WiFi firewall routers. What I’m very unclear on is what advantage one has over the other. I’m really unclear on the differences between things like VPN’s, anonymizers, and torrents. Trying to read about some of this on the net is tough because it seems that much of the info assumes certain knowledge and much seems to be directed to hiding your actions from restrictions (e.g. repressive governments).

Can I get some guidance and suggestions on which way to go?

Reply | Quote

Replies

If you have VPN software and declare the network to be private that should be enough as long as you don’t troll the dark side of the internet.

--Joe

Reply | Quote

If you have VPN software and declare the network to be private that should be enough as long as you don’t troll the dark side of the internet.

VPN software… If I understand the purpose, it will keep your WiFi connections safe from prying eyes?

Suggestions on which software?

Reply | Quote

Sorry but I have no particular recommendation on VPN software. I don’t bother. I always say the network is private, use the built-in Windows firewall, and am very careful about where I surf and what I do. Also, I regularly run malware scans after using any public network.

--Joe

Reply | Quote

Like Joe, I use public networks. There is very little in the way of attacks if you are vigilant.

cheers, Paul

Reply | Quote

My main concern is not virus, it’s having my WiFi signal intercepted – that can give them access to things like passwords. I would normally never visit something like a financial site using a public WiFi network, but it I’m away from home for any length of time it becomes impossible not to. AV and Firewall won’t deal with that.

Reply | Quote

Be sure to use HTTPS. And make sure you are using TLS not SSL.

--Joe

Reply | Quote

Be sure to use HTTPS. And make sure you are using TLS not SSL.

OK, I have to ask… If it’s that easy, why are there a bunch of different VPN apps making money?

Reply | Quote

Many VPN apps were developed before HTTPS became ubiquitous. Plus, I would suspect that the encryption used by the VPN app is more complex than HTTPS.

--Joe

Reply | Quote

Not every site uses https for login – this site is one example. A VPN guarantees encryption and for business purposes it makes sense.

cheers, Paul

Reply | Quote

The company I sub for part time has a VPN that I use when I am connected to them, but the rest of the time I’m depending on whatever is available. Perhaps this is just paranoia but what got me thinking about it is two things…

About 6 months ago, someone I know who is quite knowledgeable and responsible had their laptop hacked and the most likely (possibly the only) place it could have happened was at a ‘Bigbucks’ Coffee Shop they had stopped into on a trip.

The other is the recent addition of VPN to Opera. But I gather that it’s not a true VPN, just an anonymizer. That got me looking at the whole issue of security using a PC, iPad, Phone, etc to connect to things like banks and credit card companies – particularly when using a public WiFi.

There is, BTW, a whole different subject of anonymous browsing to help keep web sites from tracking you. But I’m not sure that’s not a losing battle.

Reply | Quote

To be hacked you either need to run something you shouldn’t, or you are really unlucky and get hit by a zero day exploit. Using public WiFi does leave you open to other users attempting to hack your machine – same network – but that’s what a firewall is for.

cheers, Paul

Reply | Quote

I, too, am going to be traveling and have the same question plus: if i use a VPN, do I have to leave my home set up (router, DSL modem (and desktop?) ) running while the house is empty?

Reply | Quote

A VPN is through a 3rd party and doesn’t connect to your home computer.

cheers, Paul

Reply | Quote

Thank you. I always wondered about this, and previous to joining the Lounge, I left everything on because I had no one to ask.

Reply | Quote

One of the big questions here is what a VPN actually provides that HTTPS, firewall, AV, etc don’t provide. It should encrypt all your online connections so that even if you are connecting to an unprotected source your communications are secure.

But what I see being offered are often products aimed at people who which to remain anonymous and/or present a connection that appears to be coming from a different location. That latter is helpful if you want to connect to websites that use redirectors to send you to a location specific website (e.g. use a French location to connect to a website that would normally redirect you to a US version).

Since that’s not what this is about, then the question becomes whether or not a VPN provides anything you might need over and above what has already been covered. To be honest, I’m not entirely sure how many things I do regularly that might expose things like user names and passwords.

For example, I’m pretty sure that my email client is connecting securely but I also use an email screener for a quick check and have no idea if it’s secure (it is now). A VPN should ensure that regardless of what I am doing I will be secure from spying, but it might not be necessary if I am careful.

BTW, it’s not just coffee shop WiFi that concern me, it’s the WiFi in hotels that makes me nervous because I’m more likely to be spending time on the computer. And what about UWP apps like NetFlix? I have no idea if they are secure or how to tell.

Reply | Quote

If you are connecting from your hotel, some hotels allow you to connect to their network by plugging in an Ethernet cable. This is more secure than wifi, especially since many hotels (the ones I’ve stayed at) offer NO security whatsoever on their wifi other than a password. (In other words, no encryption is utilized on their wifi connections.) I rarely connect via wifi at such places. However, the issue you are concerned about (your wifi signal getting intercepted) don’t exist when you connect to their network via an Ethernet cable.

Bring a long cable with you, in case they offer wired internet.

Group "L" (Linux Mint)
with Windows 10 running in a remote session on my file server

Reply | Quote

If you are connecting from your hotel, some hotels allow you to connect to their network by plugging in an Ethernet cable. This is more secure than wifi, especially since many hotels (the ones I’ve stayed at) offer NO security whatsoever on their wifi other than a password. (In other words, no encryption is utilized on their wifi connections.)

I have an Iogear GWFRSDU2 that I connect into a hotel’s wired connection point to create my own secure wireless hotspot. Its wifi sharing is easy and excellent without any drops. I’ve had 5 of us sharing a wifi connection on it (smartphones and tablets at the same time) for internet access and it coped fine.

It’s tiny in size so, apart from the risk of me leaving it at the hotel (I now use a bright pink CAT5e patch cable), it’s ideal to pack, just in case.

I’ve had it just over 2 years now. It’s OK at media sharing to tablets/phones but very finicky about what SD cards it will work with. I’ve learned not to use SD cards but use a USB stick instead (rather than a portable HD, which works but drains the battery within an hour). The great thing is that, because it’s battery-powered I can also keep the kids amused with videos and/or music in the back of the car, although media sharing to multiple users can sometimes lead to pauses/buffering.

Hope this helps…

Reply | Quote

Back when I did travel more, I had my own secure WiFi hotspot that I could connect to Ethernet. At that time, Ethernet connections were more common in hotels that catered to the business traveler. But it’s easier now to just setup WiFi repeaters and not have to deal with all the Ethernet cables and hubs so I expect you will see fewer hardwired connections. Plus, more people are traveling with wireless devices so the demand for Ethernet has gone down a lot.

Reply | Quote

During my last trip, which lasted several days, I had no need for my Ethernet cable (which remained safely stowed in my laptop bag).

Every place I stayed there was free wireless available. In one hotel in Atlanta my laptop showed over fifty-six Wi-Fi routers in the area, and eight of them were “open”. I connected to two of them just to see if they were actually free, but finally chose to use a router at my hotel instead.)

Image or Clone often! Backup, backup, backup, backup......
- - - - -
Home Built: Windows 10 Home 64-bit, AMD Athlon II X3 435 CPU, 16GB RAM, ASUSTeK M4A89GTD-PRO/USB3 (AM3) motherboard, 512GB SanDisk SSD, 3 TB WD HDD, 1024MB ATI AMD RADEON HD 6450 video, ASUS VE278 (1920x1080) display, ATAPI iHAS224 Optical Drive, integrated Realtek HD Audio

Reply | Quote

Like Rick’s solution, I use a small, battery powered router/repeater/bridge, though usually in repeater/bridge mode because the hotels I stay in don’t seem to have wired ethernet anymore.

I’ve had a HooToo Tripmate for about 2 years now. The device I used to carry before wasn’t battery powered, so needed to stay near a power outlet. The HooToo can be placed anywhere convenient, whether or not there’s a power outlet nearby … which is good, since it’s effective range is only about 25 feet or so. It’s small, easily fits in a pocket, easy to configure, and easy to reset (unlike my earlier device, which was a pain to reset when I changed hotels). I also use it in airports and coffee shops, where I can connect to the wifi and drop it in my pocket, then connect my phone or laptop to my pocket.

Best of all, the HooToo doubles as a smart phone charger. I also have one of those beefy, Anker external battery packs for recharging smart phones, but the HooToo is so much easier to take when I’m out on the town and probably won’t need to recharge my phone but nice to have the option just in case.

Reply | Quote

Like Rick’s solution, I use a small, battery powered router/repeater/bridge, though usually in repeater/bridge mode because the hotels I stay in don’t seem to have wired ethernet anymore.

Not sure how that helps. If there is no Ethernet then you still have an insecure connection.

Reply | Quote

Not sure how that helps. If there is no Ethernet then you still have an insecure connection.

The battery powered router/repeater/bridge picks up the hotel’s un-secured wifi then re-transmits it securely over it’s own secured wifi. You connect your device to the router/repeater/bridge’s wifi, not the hotel’s wifi.

Hope this helps…

Reply | Quote

HooToo Tripmate

Nice little unit. If was still being sent off to school I would by one.

:cheers:

Better than nothing but if I had to be secure I would add a VPN. My router should be able to be a VPN server with openVPN, I was hoping to do this today , just because ..

BTW I bought a MIFI Internet OnTheGo form Walmart which used a cellular connection. The time I bought was Supposed to be good for ever. I tested it, but a pain to re-setup but never got to use it before they changed their policy and my time evaporated on a monthly basis. Just a warning Buyer Beware!

Just because you don't know where you are going doesn't mean any road will get you there.

Reply | Quote

… and my time evaporated on a monthly basis. Just a warning Buyer Beware!

IIRC there have been a few of these where the data isn’t supposed to expire or is good for a year or some such. I’m not sure that any remain.

What baffles me is why cellphone providers wouldn’t be lining up to offer devices or tethering apps to their customers. The more different ways you give your customer to consume your product (data), the faster they will consume it and the more they will want. Charging extra seems counter productive.

Reply | Quote

Better than nothing but if I had to be secure I would add a VPN. My router should be able to be a VPN server with openVPN, I was hoping to do this today , just because ..

Agreed, the VPN solution is the easiest and most reliable; relying on cellphone providers is unnecessary unless you’re away from a wifi source.

Reply | Quote

Nope, that’s just unsecured wifi with a secure connection wasting electricity in the middle. That only works if you plug the portable device into the ethernet cable.

cheers, Paul

Reply | Quote

Nope, that’s just unsecured wifi with a secure connection wasting electricity in the middle. That only works if you plug the portable device into the ethernet cable.

Oops… I got that wrong then. (Have edited previous post about it being a good solution.)

Reply | Quote

Oops… I got that wrong then. (Have edited previous post about it being a good solution.)

Oops well me too.

Just because you don't know where you are going doesn't mean any road will get you there.

Reply | Quote

Welcome to the club.

Reply | Quote

It’s a very confusing situation. I noticed that this same topic was part of the latest Windows Secrets column. In there, Tracey mentioned something I had forgotten about – portable cellular WiFi hotspots.

I replied to that thread about that and a few more things. Rather than restating that here, I’ll just provide the link:
http://windowssecrets.com/forums/showthread//178642-Prepare-your-digital-devices-for-holiday-travel

Reply | Quote

Graham:

If you want to have good wifi security, and you don’t mind paying a monthly fee, then I would suggest checking with your cellular company about a portable wifi hotspot.

I have used Sprint and Verizon. Both hotspots were provided by my job, so that I could connect from offsite when I was on call. The Verizon hotspot provided a pretty fast connection where I was, probably because it was a 4G (as opposed to a 3G) connection. I believe that all of the big cellular companies (AT&T, Sprint, Verizon, T-Mobile) provide these devices.

You could also use your smartphone as a portable wifi hotspot. That would probably be as secure as the portable wifi hotspot, and you wouldn’t have to pay an additional fee to have it.

The reason I say “probably as secure” is that if your phone has been compromised in any way, it might compromise your phone’s wifi connection. Since most people seem to connect to anything and everything with their smart phones, there is the possibility that their phone has somehow been compromised. Having said that, I would trust most smart phones as a portable wifi hotspot if I felt that the available wifi wasn’t secure enough. (However, there are certain friends of mine whose phone wifi hotspots I wouldn’t trust!)

Jim

Group "L" (Linux Mint)
with Windows 10 running in a remote session on my file server

Reply | Quote

A long time ago, you could buy a cell phone and connect it to your PC to get dial up Internet access on the road. Then the providers decided that they would rather stick you for separate charges to connect your PC to the internet and put an end to the practice of tethering.

It is possible via apps to tether today, but it may not be easy. AT&T actively blocks (or used to block) apps that permit it on Android but will sell you a device (with a monthly service fee) to let you use your cell phone data to connect via WiFi. IOW, they don’t care how you burn up your data plan but they are going to gouge you as much as they can to do it.

Reply | Quote

I’m not speaking of tethering or of using an app to get around data limitations. I’m speaking of using your smart phone as a wifi hotspot. I have done this recently with an iPhone, and prior to that with a Blackberry. In this case, your phone is simply providing a basic wifi hotspot for any device which provides the correct login credentials (username and password).

You may have to pay data charges to do this, but if you don’t use this method very often, it shouldn’t cost very much.

I would trust that sort of wifi connection much more than I would an unsecure hotel or public wifi connection.

Group "L" (Linux Mint)
with Windows 10 running in a remote session on my file server

Reply | Quote

I suspect it’s a limitation of “data over the air” as mobiles tend to be slow in data terms. Voice is a low consumer of data but internet access is not.

cheers, Paul

Reply | Quote

I suspect it’s a limitation of “data over the air” as mobiles tend to be slow in data terms. Voice is a low consumer of data but internet access is not.

I can’t buy that – data is the biggest thing driving cellphone sales today. Voice and text are a drop in the bucket compared to that. And it’s data that has become the biggest cost component of cellphone bills. Voice and text are frequently unlimited in all but the cheapest plans while data is big money maker.

A low end cellphone plan may come with 2 GB and each additional GB adds to the monthly bill. The more they can get you using cellphone data, the more they can charge.

Reply | Quote

FWIW, I’ve used a mobile (i.e. cellphone) WiFi setup for about 7 years. Exclusively. Bandwidth might not be as much as cable connections, but it’s ample even for Skype in most cities – not so much in rural backwaters. My current setup uses my Android smartphone’s mobile hotspot facility.

Do be aware that doing this tends to drain the smartphone’s battery fairly quickly, so I leave the mobile hotspot facility switched off when not in use and, moreover, tend to connect the phone to my laptop via a USB cable to keep charged whenever the latter has mains power access.

Cheers,
Paul Edstein
[Fmr MS MVP - Word]

Reply | Quote

I’m a bit late getting in on this thread, but something *I* do is use the public version of the U.S. Air Force TENS (Trusted End-Node Security) which is available to anyone. I’m retired military, and used to work in the AF portion of NSA, so I figure if it’s good enough for the NSA, it’s good enough security for ME! Here’s a link to the Datasheet for TENS: https://www.spi.dod.mil/docs/TENS_DS.pdf. TENS is part of the DoD Software Protection Initiative (SPI) and is approved for DoD-wide use, FWIW. Since TENS runs entirely in memory, without any access to the HD (at least not without permission) it’s also a good system to use at home for on-line banking. If you download the Deluxe version, it also includes LibreOffice and Acrobat Reader, which makes it a handy road warrior system as well.

Cheers,
Phil Heberer

Reply | Quote

I’m a bit late getting in on this thread, but something *I* do is use the public version of the U.S. Air Force TENS (Trusted End-Node Security) which is available to anyone. I’m retired military, and used to work in the AF portion of NSA, so I figure if it’s good enough for the NSA, it’s good enough security for ME! Here’s a link to the Datasheet for TENS: https://www.spi.dod.mil/docs/TENS_DS.pdf. TENS is part of the DoD Software Protection Initiative (SPI) and is approved for DoD-wide use, FWIW. Since TENS runs entirely in memory, without any access to the HD (at least not without permission) it’s also a good system to use at home for on-line banking. If you download the Deluxe version, it also includes LibreOffice and Acrobat Reader, which makes it a handy road warrior system as well.

Cheers,
Phil Heberer

The link you posted comes up as an insecure connection.

Reply | Quote

It’s insecure because your browser doesn’t trust the root certificate. See here: http://windowssecrets.com/forums/showthread//177721-Unencrypted-wifi?p=1071758&viewfull=1#post1071758

cheers, Paul

Reply | Quote

I’ll start another thread on this in a while, but I thought I would mention that for me, this discussion has taken a big left turn. What was originally being considered has morphed from making a few trips by air & car to going by car only (and staying in hotels) to RV travel and staying where ever.

Since public WiFi may or may not be available all the time, I have to start looking into cellular access. This was mentioned but I set it aside as being unnecessary. Things just keeps getting more complicated .

Reply | Quote