[unisog] Safe remote access

Harry Hoffman hhoffman at ip-solutions.net
Wed Jul 27 01:03:41 GMT 2005


I spent a bit of time overseas and was always able to find a place that
would allow me to use my own laptop. Perhaps this may be an option?

Certainly the proliferation of wireless gear across the world makes this
easy for both Internet cafes and friendly neighbors who run captive
portals.

 --Harry

On Fri, 15 Jul 2005, Andrew Daviel wrote:

>
> Following an incident where we believe a user had a password captured at
> an Internet cafe in Bulgaria, I've been bouncing the question off a
> couple of lists as "Are Internet cafes safe?"
>
> To which the general consensus was "No!"
>
> But of course our researchers still need access to their data, and
> possibly hardware, while travelling. I wondered how this list's members
> approached the problem.
>
> tidbits that emerged from previous discussion:
> - you can buy a keystroke capture device, or keystroke-logging keyboard,
>   quite cheaply: http://www.keyghost.com/securekb.htm
> - at least one cafe monitors the VGA signal in the back room
> - one-time-passwords may work (OTP token or software on a PDA/cellphone)
>   to secure the initial login, as long as you don't shell in to anywhere
>   else from the initial session
> - MITM attacks against SSH actually work; SSH1 should be disabled:
>   http://www.itworld.com/nl/lnx_sec/04302002/pf_index.html
> - Booting off e.g. Knoppix CD may be safer than using the
>   operating system off the hard drive
> - SSH2 end-to-end from a clean laptop over open WiFi is better than
>   using an untrusted desktop
>
> (ssh port tunneling and Squid at the far end can protect non-SSL Web
> traffic)
>
> I've been concentrating on SSH  to Linux; I guess similar concerns
> arise using things like Remote Desktop/VNC/VPN to Windows.
>
> --
> Andrew Daviel, TRIUMF, Canada
> Tel. +1 (604) 222-7376  (Pacific Time)
> security at triumf.ca
> _______________________________________________
> unisog mailing list
> unisog at lists.sans.org
> http://www.dshield.org/mailman/listinfo/unisog
>


More information about the unisog mailing list