Author Topic: Question for IT pros (Read 17892 times)

Stachey · « **on:** March 08, 2019, 11:27:31 AM »

I have a question re: banking online.

Someone recently said that the safest way to bank online is with your phone and only using your data plan (not using wi-fi). They said that data transmissions are encrypted making them safer than wi-fi.

Is this true?

RWD · « **Reply #1 on:** March 08, 2019, 11:39:01 AM »

If you set it up correctly your Wi-Fi should be encrypted.
https://en.wikipedia.org/wiki/Wi-Fi_Protected_Access

The banking site you are connecting to should be encrypted too.
https://en.wikipedia.org/wiki/HTTPS

I don't see any reason why using your data plan would be more secure.

ketchup · « **Reply #2 on:** March 08, 2019, 12:23:29 PM »

What RWD said.

But also, this could have meant instead of open wifi or instead of McDonald's wifi. Those are definitely less secure than your LTE data or wifi you control and have properly configured.

brute · « **Reply #3 on:** March 08, 2019, 12:27:51 PM »

+1 for setting up your wifi correctly with a strong passphrase and changing it frequently. Also, don't get on the internet with an admin account.

After that, it just depends on how much tinfoil you want to wear.

Tinker · « **Reply #4 on:** March 08, 2019, 12:34:32 PM »

https is great and alleviates a lot of potential issues.
Still, you should avoid using public wifi for interactions with accounts you care about. it's easy to fake access points, and once your phone has latched onto a malicious "Subway" network, they can do all kinds of shenanigans with your requests, ranging from plain old phishing to man-in-the-middle attacks with spoofed certificates (your browser will likely alert you to them being invalid, but how often have you clicked such warnings away in the past? Lots of websites used to have such warnings for using self-signed certificates not issued by an "authority")

I'd say personal network > mobile > public, but the more you work in IT the more you want to just turn off all electronics and pick up carpentry instead.

Daley · « **Reply #5 on:** March 08, 2019, 12:43:28 PM »

Quote from: Tinker on March 08, 2019, 12:34:32 PM

I'd say personal network > mobile > public, but the more you work in IT the more you want to just turn off all electronics and pick up carpentry instead.

QFT.

robartsd · « **Reply #6 on:** March 08, 2019, 01:29:44 PM »

Quote from: Tinker on March 08, 2019, 12:34:32 PM

(your browser will likely alert you to them being invalid, but how often have you clicked such warnings away in the past? Lots of websites used to have such warnings for using self-signed certificates not issued by an "authority")

The certificate could also be issued by an authority that your browser doesn't have in it's collection of certificate signing authorities; however, banks don't use fringe signing authorities. Learn that whenever you click away such warnings, you can't be sure the connection is secure - do not use such sites for sensitive information.

I don't worry about using any of my devices to do online banking over any network (school, public library, neighbor's open wifi, etc.). Certainly someone could attempt a man-in-the-middle attack on a public network, but your browser should detect and warn you because they won't have a proper certificate saying that they are your bank's secure website. They might catch dumb people who ignore the security warning (or have turned them off), but once you're communicating over SSL with the owner of the site's certificate, your risks are pretty low (at least the weakest link in security is probably now your device, not the network connection).

I'd be much more inclined to take advice to avoid public networks for online banking if they first advised you to not use your regular user account for online banking. Create a user profile on your device that you only use for online banking. Every app that runs in your user account is potential spyware - this is orders of magnitude more likely to be a threat than someone establishing a man-in-the-middle attack with a spoofed certificate that your don't get warned about (still pretty small if you don't download software from shady sources). Sure, if you're going through the trouble to log out of your regular user account and into your financials only account because you're worried about security, go ahead and also avoid using public wifi for the internet connection.

Stachey · « **Reply #7 on:** March 09, 2019, 11:11:20 AM »

Thank you so much IT people! (I knew you'd know)

So does a VPN make your wi-fi invisible to everyone?
Does the Opera VPN work well?

KeeKat · « **Reply #8 on:** March 10, 2019, 01:31:54 PM »

Piggybacking off of this topic...

I work for a small company that doesn't have an office. A lot of our meetings take place in Panera/McDonald's/Starbucks on the free open WIFI. They have not provided us with any kind of VPN system. Like Stachey's saying, would a VPN be a good idea for added security in these situations? We're always logged into work email and sometimes logged into client's social media/webpages that would be very bad if they got hacked.

Thanks in advance for the help!!

bacchi · « **Reply #9 on:** March 10, 2019, 02:24:04 PM »

Quote from: KeeKat on March 10, 2019, 01:31:54 PM

Piggybacking off of this topic...

I work for a small company that doesn't have an office. A lot of our meetings take place in Panera/McDonald's/Starbucks on the free open WIFI. They have not provided us with any kind of VPN system. Like Stachey's saying, would a VPN be a good idea for added security in these situations? We're always logged into work email and sometimes logged into client's social media/webpages that would be very bad if they got hacked.

Thanks in advance for the help!!

Yes, you're just asking for trouble. The company needs a VPN.

@Stachey It doesn't make you invisible but anyone sniffing would only see that you're sending and receiving from the VPN host and not your bank or brokerage. Your traffic quantity is still visible.

Tinker · « **Reply #10 on:** March 10, 2019, 02:29:38 PM »

agreeing with bacchi.
Logging into your *clients* pages? Hopefully they're tech-literate and know how to set up secure authentication.

Stachey · « **Reply #11 on:** March 11, 2019, 11:52:45 AM »

Quote from: bacchi on March 10, 2019, 02:24:04 PM

@Stachey It doesn't make you invisible but anyone sniffing would only see that you're sending and receiving from the VPN host and not your bank or brokerage. Your traffic quantity is still visible.

Thanks @bacchi! I'm not sure what "Your traffic quantity is still visible" means. Sorry, I'm not up on all the IT terminology. I'm trying to learn more about it, hence all these questions.

Does anyone have a VPN they prefer/recommend?

Thanks everyone for your input.

brute · « **Reply #12 on:** March 11, 2019, 11:55:17 AM »

Quote from: Stachey on March 11, 2019, 11:52:45 AM

Quote from: bacchi on March 10, 2019, 02:24:04 PM
@Stachey It doesn't make you invisible but anyone sniffing would only see that you're sending and receiving from the VPN host and not your bank or brokerage. Your traffic quantity is still visible.

Thanks @bacchi! I'm not sure what "Your traffic quantity is still visible" means. Sorry, I'm not up on all the IT terminology. I'm trying to learn more about it, hence all these questions.

Does anyone have a VPN they prefer/recommend?

Thanks everyone for your input.

Just popping in for the traffic quantity part. Essentially, people can still see that you are transmitting and receiving data, and how much data you are transferring. They just can't see what the data is. So you aren't invisible, but your data is unreadable to 3rd parties.

Daley · « **Reply #13 on:** March 11, 2019, 11:57:28 AM »

Quote from: Stachey on March 11, 2019, 11:52:45 AM

Does anyone have a VPN they prefer/recommend?

Rolling your own is the most secure... assuming you know what you're doing. That way, you don't have to trust a third party with your data. That said, this is well outside your scope of ability, so...

Windscribe and NordVPN are the short list for me these days.

robartsd · « **Reply #14 on:** March 11, 2019, 05:08:29 PM »

Quote from: KeeKat on March 10, 2019, 01:31:54 PM

Piggybacking off of this topic...

I work for a small company that doesn't have an office. A lot of our meetings take place in Panera/McDonald's/Starbucks on the free open WIFI. They have not provided us with any kind of VPN system. Like Stachey's saying, would a VPN be a good idea for added security in these situations? We're always logged into work email and sometimes logged into client's social media/webpages that would be very bad if they got hacked.

Thanks in advance for the help!!

In this type of situation I'd probably prefer a VPN even if all the websites are secure. If you're logging in to a client's website and social media accounts and the sites are secure, someone sniffing the network can still see that your working with these sites a potentially figure out that your client is working on a social media campaign - which your client might not want to be public information. A connection to a secure website hides the information you transfer to the website - tunneling through a VPN hides which websites you're visiting (as far as the local wifi is concerned).

News:

Author Topic: Question for IT pros (Read 17892 times)

Stachey

Question for IT pros

RWD

Re: Question for IT pros

ketchup

Re: Question for IT pros

brute

Re: Question for IT pros

Tinker

Re: Question for IT pros

Daley

Re: Question for IT pros

robartsd

Re: Question for IT pros

Stachey

Re: Question for IT pros

KeeKat

Re: Question for IT pros

bacchi

Re: Question for IT pros

Tinker

Re: Question for IT pros

Stachey

Re: Question for IT pros

brute

Re: Question for IT pros

Daley

Re: Question for IT pros

robartsd

Re: Question for IT pros