[lug] wireless security back home when in foreign countries

Davide Del Vento davide.del.vento at gmail.com
Sat Nov 28 15:29:10 MST 2009


Hi.

> i know non https logins to web accounts over the wireless are vulnerable.

I think non https logins to web accounts are vulnerable on the wire too.


> 2) any recommendations on a no brainer open source vpn compatible with centos 5.

Unfortunately no. I can only say that I had a very hard time with my
laptop (full fledged, not netbook), with RH. Ubuntu worked out of the
box. This was two years ago with a Dell.

> 3) anybody use / configure one time passwords?  easy to configure?  what did you use?

I use yubikey, but don't control the server, so I don't know that
part. The key themselves are damn cheap (compared to other OTP
solutions), and very convenient (nothing/very little to type,
incredible small and lightweight)

Client-side, they are like an USB keyboard, so your hw must support an
external USB kb (no iPhone, sorry, but no problem at all with any
modern linux).
In the default setting, the key has the whole password, which can be a
security problem if you lose it (I'd be more worried about the car,
whose key is attached to the same keychain: the thiefs must
understanding what it is, how to use it, what is the exposed url where
they can login, and what they can steal once they'll logged - very
unlikely scenario). But they can configured in a way in which the
beginning of the password does not change and is not stored on the
key, so you type a few characters (always the same, so you can
memorize them), then press the yubi button and get the other long-long
ones which change every time. If you lose the key, they'll have to
figure out ALSO the "static" part to type, besides what I wrote above.

Not all the answers you need, but hope this helps.
Bye,
;Dav



More information about the LUG mailing list