Campground Internet Security

[VJRC]

We keep a Wifi extender with us...and instead on directly connecting to the park with our electronics...we create our own network off theirs with our own log in info... I've been any many parks and people that I end up being friendly with show them how I can get into their stuff and see eveeything their have viewed on the net (of course with them sitting in front of me and permission) ... I you do go the route I do.. DO NOT leave the extenders administration as default stuff.. One quick search on the web and that can easily looked up... Most being 192.168.1.1 and "admin" and password left blank as a log in... Lol

[VJRC]

Ah.. I hate when I Swype to fast and don't read what I write before sending.. Oh well.. Ya get my point....

[smiller]

Quote:

Originally Posted by VJRC

We keep a Wifi extender with us...and instead on directly connecting to the park with our electronics...we create our own network off theirs with our own log in info... I've been any many parks and people that I end up being friendly with show them how I can get into their stuff and see eveeything their have viewed on the net (of course with them sitting in front of me and permission) ... I you do go the route I do.. DO NOT leave the extenders administration as default stuff.. One quick search on the web and that can easily looked up... Most being 192.168.1.1 and "admin" and password left blank as a log in... Lol

That's a good point, we have been discussing security of outbound connections but it is a also good idea to keep your local LAN on a segregated (non-bridged) network as you describe.

[spinroch]

Dale and Mark:
You are absolutely right. 100%. I don't know anything. Happy surfing

Spinroch: Low information scaremonger

[hohokam]

Quote:

Originally Posted by smiller

People frequently confuse the theoretical possibility of an attack and the likelihood of it actually happening, which are two very different things.....

Thanks for the well reasoned argument. I am not all that concerned where I camp but it seems some of the exclusive resorts in FL would be prime targets for attack.

[nothermark]

Security is like a lot of things - not worth worrying about until you get hit. That said I agree that setting up in some places is probably not worth the effort. OTOH setting up a MiM in others would not be all that hard on one hand and would potentially be worth the effort on the other. Done right the victim would not even know where he was hit.

[rarebear.nm]

Computer security is only as strong as the weakest link. In most cases that is you, the user. All creditable web sites doing business on the Internet must pass approval by PSA and a small piece is using endpoint to endpoint encryption. You will see this as HTTPS// in the URL line. That means the session is encrypted from their server to your computing device. This is true regardless of the connection method, public WiFi, hone cable ISP, cell phone hot spot, etc. The encryption is setup prior to any exchange of IDs or passwords.

The largest issue you really have is the security of your own computing device. Unless you've taken serious steps to protect your device, it can be infected with various malware that will monitor what you do prior to or after encryption on your local device. All of that activity is still in clear text. More web sites are starting to use a three factor authentication authentication system. Usually an ID, a password and something else, like a text message to your phone number that is on file with them when you setup your account. You would need to respond with the code they supply you. This stops a hacker from using a stolen ID and password in the future. Another good measure is to use a soft keyboard when entering important data, ID, passwords, account numbers, etc. A soft keyboard is displayed on your screen and you use the pointer to select the keys instead of typing on the physical keyboard. This stops password stealing malware from doing its appointed task.

I'll use public WiFi, but I keep my computer secured with good security products and proper updates and a hefty measure of caution. Using a cell phone hot spot is a cautious thing you can do, but is of no benefit if your device is already hacked and is in monitor mode. The stolen data is just going to go out though the cell connection. Same issue for any type of ISP connection. Its your own computer usage that largely determines security of your computer. Many hacks happen while web surfing, not only those "IFY" sites, but what should be clean sites web sites as well. Malware will arrive in emails, that USB thumb drive that has been used in various computers, etc.

I've seen brand new computers hacked in under 60 seconds, 7 seconds is the record I've seen, when it was attached to the Internet without proper security in-place prior to attaching it to the network. We were running a network sniffer to watch what would happen in some test setups. Today with most software being downloaded from the Internet this becomes much harder for the average person. Setup your computer and then run your anti-malware programs before you use it for any business activities.

Bottom line to me is to: use top quality security products, anti-malware and a good two-way firewall. Apply important updates to all of your software in timely fashion and develop safe computer usage habits.

Happy computer usage and safe travels.

[Daytonaman]

My computer got unknowingly get infected with keylogger malware which logs all your keystrokes; PW; UID, etc. These are not viruses as such and are difficult to detect and in some cases impossible to remove as they reside in root code.
I used Kaspersky Root Killer to get rid of it.
The only other solution was re-install Windows.
Macs run a subset of Unix, which is less prone to this type of malware.
Macs require a password before any non-approved software can be installed.
Just sayin'...

[smiller]

Always use dual-factor authentication for any critical accounts if it is available. Even that isn't absolutely foolproof, but will make access much more difficult if someone should capture a password. It's especially important to protect your email account since most sites will send password reset instructions there. For instance if you use Gmail turn two-factor authentication on now.

[docj]

Quote:

Originally Posted by rarebear.nm

Bottom line to me is to: use top quality security products, anti-malware and a good two-way firewall.

Good advice!

For those who are following this thread and don't know what is being suggested, I offer some examples. My pc's all run Kaspersky Internet Security, Malwarebytes Anti-Malware Premium (with real time protection) and Malwarebytes Anti-Ransomware (Beta). I have no stake in these companies and list their products only as examples.

More than once these programs have done things such as detecting dangerous emails and attachments and/or preventing me from entering dangerous websites. Sure, there are free products that offer roughly the same level of protection, but IMO these provide a bit more.

[rarebear.nm]

Docj, above, provides names of some of the best anti-malware products on the market. Bitdefender is also very good, it along with Kaspersky and Malwarebytes are my top three products. They're as good as it gets. Another good product is Superantispyware, it does a good job of removing unwanted spyware frequently acquired from web surfing. There are free and paid versions of these products, get the paid version if you want FULL TiME protection.

No product will ever be 100% effective since in the last couple years we see nearly 1 million (yes 1,000,000) new malware products per day. Many of these are slight variations of other existing malware, but the invading army has an endless supply of new attackers. From a security point of view, we as users have to try to defend against something like 600,000,000 malware forms, while the attacker only needs to find one weak link in your system to possibly gain access and do their thing.

A very common pitfall of users is to assume that I'm just Joe User (or small business owner Susan) and who would want to attack me? Its has nothing to do about who or what you are, if you have an Internet presence,an IP address) you likely some under frequent attack, known or unknown to you. I watch this at client sites by setting up intrusion detection systems to monitor attempted attacks and how many of those attacks make it through the security devices.

Hey, I'm not trying to paint a bleak picture, but to inform folks that it can be a dangerous world out there. An informed user is potentially a safer user.

[detjimp]

Quote:

Originally Posted by partskenn

This question has probably been asked before, but I have tried to search for it and failed.
We have been on the road for about a month and a half, and have been using a combination of CG WiFI , and my cellphone hotspot for internet access. Are either of these options secure enough to access our bank accounts, investment accounts, etc.
Some of the sites have the little padlock symbol, some don't. I can't figure out how to require a password to access my mobile hotspot (Verizon, Android phone).
What are my options?

We used CG Wi-Fi a couple of years ago. Someone accessed my wife's laptop and put a file on it that was not visible. After getting home I had a problem with my home Wi-Fi system and a Microsoft tech said there were 16 computers using my home system to send out spam. He deleted the file and since them we only use our cellphone data.

[bro61021]

Quote:

Originally Posted by spinroch

Please disregard spinroch's advice. He obviously doesn't know what he is talking about and should not have tried to help. He must think after 38 years in the IT industry he knows something.

Can hackers steel your user name or password when logging onto a secure website.

[mckinley]

There are several different issues with both public WiFi and cell phone data.

First, with a public wifi, unless the wifi isolates the connections between devices, and it seems likely that most don't, then your computer or phone is exposed to whatever other devices are on the same wifi network - they can "see" and communicate with each other even if you don't realize it. As detjimp commented, some malware looks for other devices on the network and uses security flaws it can use to inject malware. It will propagate itself across a network without your knowing it is happening. Alas, Microsoft is IMHO very poor about security, and many people do not have good antivirus software on their PC's, so one infected PC on the network can infect everyoneone else that joins the network. A number of years ago I had a laptop running Windows XP that I had put on an internet connection without a firewall. Within 30 minutes it was infected with the MSBlaster virus, and that was with the Windows firewall turned on! You can see why I don't put much faith in Microsoft security. Fortunately I noticed the rogue process and took care of the issue promptly.

Secondly, it is my understanding that it is possible to crack "secure" connections if the connection is observed as it is starting. So, "https" may not be good enough.

One way to prevent other devices on a public wifi from getting unfettered access into your PC's would be to use your own wifi router as a repeater - basically you have your own wifi router that connects to the CG wifi, but then creates your own private wifi network in your own RV. The router acts as a firewall, so you can connect out, but other devices on the CG wifi can't "see" your devices. I have a dedicated MOFI router in my Bounder and could set it up as a repeater/router, although I generally have it set to use my cell phone for the internet connection instead.

I also have a travel router (see https://www.amazon.com/gp/product/B0...?ie=UTF8&psc=1) that could serve as a repeater. I happen to use mine as a wifi-to-hardwire adapter for my old HP laser printer but it's amazingly flexible for a matchbox-sized device.

Using your own repeater/router solves the issue of unfettered access to your devices, but it doesn't solve the issue of someone on the CG network "sniffing" and gathering data from your connections.

A VPN service could be a good solution provided it uses pre-shared keys so that the secured connection doesn't need to be negotiated at the beginning of the connection. It's the initial connection negotiation that is the security risk for SSL/https. If the attacker can "see" the initial "secret handshake" then they can spoof that connection. The VPN solution also assumes that the VPN provider is secure, after all, once your connection gets to the VPN provider, the connection gets decrypted and continues in-the-clear on the internet to the final destination.

On using the cell phone connection: the question I don't have an answer to is whether that connection is firewalled or not by the cell data provider. In other words, does the cell phone provider provide any form of firewalling and/or isolation from other cell phones running off the same tower for instance. I don't know the answer to that, but it becomes a similar question to connect to a public WiFi. If the provider doesn't provide any form of isolation, ala you can initiate an outbound connection, but other devices can't initiate an inbound connection, then any device connected via your phone would be exposed. Once again the solution would be to use some form of router to isolate from other devices, and combine with the 3rd party VPN to service to assure the secure connection off the local network.