Resources
Laptop/Wireless Security
Lightweight portable computers and PDAs make mobile computing easier all the
time, especially with the increased availability of Wireless Internet access.
Security is not inherently strong with Wireless, but there are steps you can
take to make your connections more secure.
Secure your traffic
- Avoid sending data in the clear (i.e., unencrypted). Use WPA (Wi-Fi Protected Access) or WEP (Wired
Equivalency Privacy) whenever possible. Although WEP is relatively easy to
break, it provides some protection. Most wireless networks -- especially public
hotspots (e.g., Starbucks) don't use WEP so you need to use other
encryption methods to ensure privacy. Remember: wireless traffic can be
intercepted by anyone out of thin air - there is no wire that has to be
tapped.
- email - use secure protocols. Most email clients now support secure IMAP
(IMAP over SSL). Some support secure POP3, but we recommend IMAP. In the
Thunderbird client, this is selected via a checkbox on the Server Settings
configuration page.
- web mail - use secure (SSL) connections. Sites that offer mail access via browsers generally offer secure logons: for Yahoo, select Secure mode
instead of Standard; Hotmail automatically uses SSL for logon.
(Note: browsers indicate encrypted (SSL) connections with a locked padlock
in the lower right corner of the browser window. Unencrypted connections show
an unlocked padlock or no padlock at all.)
- ssh/sftp - avoid telnet and ftp since they send usernames, passwords, and
data without encryption. ssh and sftp use SSL, so they are secure.
- web browsing - normal browsing (i.e.,reading) is safe, but be aware that
unencrypted traffic can be "sniffed" so someone can know what sites you're
going to and what you're reading. You should avoid sending personal information
- usernames, passwords, account numbers, credit card numbers, social security
numbers, etc. If you must send personal data, be sure you're using SSL
connections -- look for URLs that begin with https instead of just http (and
the locked padlock icon in the lower right corner).
- VPN - UITS's VPN (Virtual Private Network) provides a security umbrella by
creating an encrypted link between your machine and the UofA network. You can
use this for access to any Internet service (not just UofA resources). The VPN is ideal for public
hotspots. See http://uits.arizona.edu/services/vpn
for more information.
Protect your computer and data
- Patches - keep operating system and applications current with critical
patches.
- Anti-Virus - install and keep anti-virus signature files current. Sophos is
free to UofA Faculty, Staff, and Students and can easily be kept up-to-date.
See Sophos Anti-Virus Software.
Public Hotspots
Public locations that provide wireless Internet access offer other security
risks. In these areas, you should:
- Turn off file sharing from your laptop. This prevents other wireless users
on the network from accessing local files on your laptop.
- Remove or disable your wireless card if you are working offline.
- Watch for over the shoulder viewing of your login, credit card, or
other personal information.
- Properly log out of web sites by clicking log out instead of just
closing your browser or typing in a new web address.
- Avoid using instant messaging (IM). Most instant messaging services
transmit clear (unencrypted) text, so it could be sniffed by other
wireless users.
General Practices
- Don't leave your computer unattended
- Don't loan your computer to someone unfamiliar to you
- Choose strong passwords (combination of letters, numbers, and special
characters)
- Keep passwords and account numbers secure - don't store them on your
computer or share them with anyone
- Change your passwords frequently
- Avoid file-sharing software (Kazaa, eDonkey, etc.). Distributions tend to
install spyware on your machine.
- Never open attachments you are not expecting or that are from people you
don't know.
For more information, google wireless security.
FAQ
Q. Is it safe to use pine?
A.Once you ssh to a CS machine, all traffic is encrypted so pine is
completely safe.
Q. I'm confused about setting SSL on in my Thunderbird mail
client.
A. UofA email should be set to use SSL/TLS for IMAP and SMTP. For other
mail servers, try SSL. If that doesn't work, try TLS options.
Q. What about HotMail or Yahoo! Mail?
A. When signing-in to Hotmail, SSL is used automatically to encrypt
your email address and password. When signing-in to Yahoo!, select Secure mode
instead of Standard to use SSL.
However, be aware that reading and writing emails does not use SSL. Your
password is protected, but the emails are downloaded and sent in the
open.
Q. I don't use Windows. Should I worry about patches?
A.Yes. Windows vulnerabilities are widely publicized and exploited,
but other operating systems (Mac, Linux) have their own security
issues.
For Macs, read about security at http://www.info.apple.com/usen/security/index.html
or http://www.securemac.com/.
See http://www.info.apple.com/ to download
updates.
For Linux, see the website for your particular flavor, e.g., for RedHat:
http://www.redhat.com/solutions/security/.
For general Linux security, see http://www.linuxsecurity.com/.
Q. What is spyware?
A.As defined on http://searchcio.com:
In general, spyware is any technology that aids in gathering information
about a person or organization without their knowledge. On the Internet,
spyware is programming that is put in someone's computer to secretly gather
information about the user and relay it to advertisers or other interested
parties. Spyware can get in a computer as a software virus or as the result of
installing a new program.
There are several tools available to find and eliminate spyware, including Sophos and Spybot.
Other Spyware Removal Tools: http://www.spyware-removal-tools.com/
Q. Is the UITS VPN all I need?
A.The VPN encrypts all your traffic so it can't be sniffed by
other wireless users. However, it's no panacea. It won't (by itself) protect
your machine from viruses or other OS/protocol exploits.
Q. Do I have to worry about security in CS or just in other places (like
public hotspots)?
A.Security is a concern everywhere. On CS department machines (labs/office desktop), we have facilities in place
to limit exposure to security threats. Any other access is outside of our control. You may have no idea what protections are in place
or what risks are present--so be conservative and follow the guidelines of this
document.
Q. Overall, what should I do for better security?
A.
- patch your operating system
- install and keep anti-virus signature files current (for now, Windows
only)
- use SSL for email
- use ssh/sftp
- use a spyware removal tool (for now, Windows only) and keep it current
- follow General Practices (above)
Q. Overall, what should I not do (or avoid) for better
security?
A. A lot of what to avoid is common sense (e.g., leaving your
laptop unattended). Follow the guidelines in this document. The biggest mistake
you can make is to ignore security and hope that you won't be affected. You
will--it's only a matter of time.
Last updated August 26, 2013
Send questions about this page to