[lug] wireless security back home when in foreign countries

[karl horlen]

actually, my question equally applies to domestic wireless.

i'm normally neither a laptop or wireless guy.  i like wired connections and desktops. :-)  however, i'm entertaining buying a small laptop or netbook for some upcoming foreign travel.  normally, i've used internet cafes in the past for freemail and left the electronics home except for a dig camera which i would periodically pay to offload images and burn to a CD for safekeeping until i got home.  so things were safe and cheap.  if someone steals my throwaway mail account so what?

since i have my own servers, i'm thinking i can scp, rsync over ssh, ssh, maybe vpn, to my hearts content from a personal netbook with wireless access provided by the ubiquitous wireless internet cafes worldwide.  i can backup my images to a server home as i go.  tunnel to check bank accounts.  and because it's my own keyboard and system, hw and sw keylogging shouldn't be an issue.  so i'm feeling pretty good about it.

i also want to do this as a test to see how well a remote working situation could be with minimal investment in a netbook.  and i write a lot when i travel, so i like the idea of ditching the hardcopy journal for vim and possibly keeping a local blog on the netbook.

the only thing i'm concerned about is the wifi access itself.  if i have my lappy locked down with firewall and always use ssh, ssh tunnels or vpn connections i should be good to go right?  i know non https logins to web accounts over the wireless are vulnerable.  but anything ssh and vpn should be good to go right?.  obviously this all assumes that the access point hasn't blocked any of those ports.  i use non std ssh port anyway so i think i'm good to go.  i could always tunnel port 80 as a fallback.

1) are my thoughts in line?  any thing i'm missing on teh security front that i should be aware of?  if i stick to ssh, ssh tunnels, vpn encryption for sensitive stuff, the fact my laptop is an isolated piece of hw gives me what i want right?

2) any recommendations on a no brainer open source vpn compatible with centos 5.  by no brainer i mean one that has been tested, just works, is easy to configure without having to search all over the internet for an implementation and secure? ;-)

3) anybody use / configure one time passwords?  easy to configure?  what did you use?  i've got my own server so this might be a way to leave the netbook home and just login from untrusted cafes when i want to access a basic server account to winscp for example.  

note: some will recommend bringing a bootable linux distro on a stick or portable apps on a stick and leave the netbook home.  ain't gonna work though.  portable apps on a non bootable stick are too vulnerable because the whole stick is visible once it's plugged in.  i also imagine most internet cafes have disabled booting from usb stick.  so although that's a good method, probably not going to be reliable.

thanks