Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Network Security While Traveling?

kdawson posted more than 4 years ago | from the moving-duck dept.

Security 312

truesaer writes "I'll be spending all of next year backpacking through South America. In the past I've used Internet cafes while away, but this time I plan to bring a netbook and rely primarily on Wi-Fi hotspots. I'll be facing the same issues and risks that business travelers in hotels and airports face, as well as those encountered by millions of other backpackers, gap-year travelers, and students. Since my trip is so long I'll have no choice but to access my banking, credit card, and investment accounts on public networks. I will not have a system at home to connect through. Other than an effective firewall, a patched system, and the use of SSL, what else should I do to protect my information? Keep in mind that many places have very poor bandwidth and latency."

cancel ×

312 comments

Sorry! There are no comments related to the filter you selected.

OpenVPN (0, Offtopic)

Warped-Reality (125140) | more than 4 years ago | (#30263746)

Set up an OpenVPN system at home and remotely connect to it, giving you high quality (AES) over-the-air encryption, even on an open and unencrypted system.

Re:OpenVPN (3, Informative)

Anonymous Coward | more than 4 years ago | (#30263760)

> I will not have a system at home to connect through

Congratulation for not reading half of the summary.

Re:OpenVPN (3, Interesting)

Anonymous Coward | more than 4 years ago | (#30263796)

rent a $10/mo VPS and then tunnel?

Re:OpenVPN (0)

Anonymous Coward | more than 4 years ago | (#30264114)

or a $20/mo linode server.

Re:OpenVPN (1, Informative)

Anonymous Coward | more than 4 years ago | (#30263802)

Then he should set up a cheap Linux server. Is his security worth so little to him?

Re:OpenVPN (4, Informative)

Just Brew It! (636086) | more than 4 years ago | (#30263932)

Agreed. If he doesn't want to host it at home for whatever reason (I imagine being gone for a year he may be having his Internet service turned off), he should find a friend or relative who is willing to host the box for him. Provided he uses a modern CPU with decent power management features (or a low-power CPU like Atom), idle power usage should not be a concern.

Once you've got an always-on *NIX server you can connect to, it is a simple matter to use SSH's built-in SOCKS capability to securely tunnel your TCP traffic. This is precisely what I do when I travel.

Re:OpenVPN (1, Insightful)

Anonymous Coward | more than 4 years ago | (#30263804)

I'm sure that the GP read the summary - what he's really saying is "you don't have a system at home to connect through, so time to get one".

ASSumptions ... (0)

Anonymous Coward | more than 4 years ago | (#30264272)

You people telling him to set up a VPN at "home" are idiots, because you seem to ASSume that he'll have a home while he's gone.

Obviously you can't read .

And the assumptions continue! (3, Insightful)

Tsar (536185) | more than 4 years ago | (#30264466)

When you're backpacking through South America, "at home" can mean anywhere in your country of origin or current residence. That covers anything from a $100/month blade server at a hosting company to a $30 dd-wrt router in a friend's basement. Either way, please keep the ad hominem attacks out of it, okay? We're all just trying to help here.

Re:ASSumptions ... (0)

Anonymous Coward | more than 4 years ago | (#30264476)

earlier AC here...

"home" in the previous comment implied "home country". Are you saying that he doesn't have any friends in that home country? Sure, it's an "ass"umption, but not too far-fetched a one, surely?

Re:OpenVPN (4, Insightful)

Anonymous Coward | more than 4 years ago | (#30263826)

Most Ask Slashdot problems are solved by throwing out the most ridiculous requirement. Usually this is because the poster has logic-ed themselves into a blind spot. The classic where-are-my-glasses-I've-searched-everywhere-oh-here-they-are-in-my-hand kind of a thing.

In this case, the "no system at home" requirement is the offender. Just set up an old linux box with a friend, and like the GP said, VPN to it. You do have friends, don't you? Family? Non-tech savvy coworkers who won't question that computer case with the post-it note that says DO NOT DISCONNECT?

Re:OpenVPN (0)

Anonymous Coward | more than 4 years ago | (#30264360)

Most Ask Slashdot problems are solved by throwing out the most ridiculous requirement. Usually this is because the poster has logic-ed themselves into a blind spot. The classic where-are-my-glasses-I've-searched-everywhere-oh-here-they-are-in-my-hand kind of a thing.

In this case, the "no system at home" requirement is the offender. Just set up an old linux box with a friend, and like the GP said, VPN to it. You do have friends, don't you? Family? Non-tech savvy coworkers who won't question that computer case with the post-it note that says DO NOT DISCONNECT?

Or he could have a very valid reason for not having a "home system". Maybe his relatives are luddites or want him to pay rent, electricity, internet connection fees, etc. Regardless, this is part of the requirements to solve his problem so just tossing it out turns it from a possibly difficult situation requiring ingenuity to fix into a vanilla problem that any troll can say "darrrr, just VPN to yur homez" and sound like they know what they're talking about.

Having said that, there are two solutions that immediately come to mind that fully fit within his requirements.
1. Use TOR.
2. Set up a hosted domain/server for your VPN. It shouldn't be too tough to find a hosting company that will sell you some domain and server hosting, which you can use to setup your VPN tunnel. VPN's can sometimes end up being pretty touchy especially over high latency connections so I'd recommend you check into TOR before you start spending money on one.

Personally I do both, since there are occasions that TOR might not work well or in some countries get you into trouble, or at least cause a hassle with local authorities.

3. Get yourself a dialup, cell phone, or satellite plan. Could be very pricey or unreliable depending on where you are, and is outside the requirements posted, but thought I'd mention it as a possible alternative since you wouldn't really need to do anything extra for security.

And as always, make sure you don't store/remember ANY passwords or logins on your laptop. I'd personally recommend using a clean system and booting of a dvd/cd-rom image of a Linux distro, and any data you need to store locally keep locked down on some type of encrypted media. Assume that at some point all your gear will get stolen or lost and you'll be well prepared.

Re:OpenVPN (1)

Lord Byron II (671689) | more than 4 years ago | (#30264032)

dd-wrt allows VPN connections. When a $30 router is too much, why bother?

And it doesn't even have to be at his house. A friend's house, or at work.

Re:OpenVPN (5, Informative)

Cylix (55374) | more than 4 years ago | (#30263860)

So it needs to be said regardless, but I feel VPN probably should have sufficed.

There are two solutions to this issue:

a) Do it Yourself!

In this scenario, the individual purchases a term contract with a hosting provider and proceeds to install a VPN solution. This is the most flexible plan available and can be achieved for roughly 10$ or less per month (plus domain costs). The down side to such a solution is that if there is maintenance that must be performed there is really only one mechanic. (unless the mechanic has very good friends or if he is a heartless bastard with no relations to the external world then perhaps a fellow slashdoter will land the man a vpn solution. Never mind he is a freeloader... roaming from country side to country side... possibly infecting your server... and you were just trying to be a nice guy. shame on you)

b) Rent a VPN!

There are countless VPN solutions available for seemingly random values. I have little doubt that an equally cost effective solution can be found. This has the obvious advantage of not having to maintain the VPN solution. The obvious con when compared to solution "A" is that there is certainly no flexibility in this offering. You get what you get. With the economy falling into the virtual comode it is quite likely that any business you place your trust in will either lose all of your information or sale it on the black market. By the time you return you will likely be spammed, identity thieved and otherwise placed with the very best experiences the awful inky darkness that is the bad side of the humanity offers.

Invariably there will be suffering no matter what option you choose.

Regardless, ensure your netbook is protected and if you may wish to utilize a solution I myself rather enjoy. In rather horrible untrusted networks I rely on a lovely Fedora live distribution over usb flash. It doesn't offer much in the way of persistent storage, but for one time transactions it's quite useful.

Re:OpenVPN (1)

Antique Geekmeister (740220) | more than 4 years ago | (#30264194)

Please allow me to disagree, somewhat, sir. Regular software updates and anti-virus tools are also critical. Too many holes are active in the wild for far too long, with cross-site scripting bugs and malware downloaded and installed via otherwise innocuous websites, to leave a machine unprotected. Take advantage of the occasional connections with higher bandwidth for these downloads, of course, or they will interfere with normal use.

For live CD's, I myself prefer a Knoppix CD, which also includes NTFS drivers and is generally friendlier on laptops of odd vintage. And backup, backup, backup! A nice laptop is easy to have stolen, easy to loose, and easy to break. USB keys are cheap, and can be easily stored encrypted to protect yourself from casual hardware theft or hotel room spies who image hard drives. (That's an old industrial espionage problem: I've seen reports on visitors to China having this problem a lot.)

Re:OpenVPN (1)

RichardJenkins (1362463) | more than 4 years ago | (#30263958)

Well he said he couldn't do that. I'd say your best bet is to:

  * Make sure you have disk level encryption on your laptop (Truecrypt works well for Windows)
  * Create a small set of secure sites/services ahead of time you know you can trust, and need to use. Only go to these sites.
  * Don't forget email is typically sent plaintext - account for that if you need to
  * Put a firewall in place to block outgoing connections to port 80 and 25 in case you forget you're only visiting secure sites
  * Set up a VM for general browsing if you think you'll need it.
  * Keep a disc image handy so you can reset your laptop to a good state in case anything happens.
  * Remember that the whole Internet is public. You should assume that all the data you're going to send can be intercepted and manipulated all the time. Once you're working off that assumption, travelling and using a laptop doesn't seem to daunting.
  * Don't blame me when you're stranded somewhere with all your accounts cleaned out.

I have to say it: (0)

Anonymous Coward | more than 4 years ago | (#30263752)

make sure to use Linux.

hello world! (0)

Anonymous Coward | more than 4 years ago | (#30263778)

I am just replying because I am the first one too see this post.
Use VNC? :)

Re:hello world! (2, Insightful)

harmonise (1484057) | more than 4 years ago | (#30263810)

Use VNC?

To where? As he said in the summary, "I will not have a system at home to connect through."

Re:hello world! (2, Informative)

tokul (682258) | more than 4 years ago | (#30263842)

Use VNC? :)

From summary - "Keep in mind that many places have very poor bandwidth and latency."
VNC and SSH are out of question.

SSH & SOCKS Proxy (5, Informative)

chazchaz101 (871891) | more than 4 years ago | (#30263786)

I would recommend purchasing a shell account from a reputable host that will allow you to tunnel your internet traffic over an SSH tunnel/SOCKS proxy. It's really easy to set up using Putty or OpenSSH.

Re:SSH & SOCKS Proxy (0, Redundant)

buchner.johannes (1139593) | more than 4 years ago | (#30263920)

Please mod parent up.

Usually I'd say you're fine by using https, as it provides end-to-end encryption. Sadly the last word is that that is not true anymore. Throw a ssh tunnel towards the middle of the internet, preferably 'close' to your mail/banking website in terms of few nodes in between.

For example, you can route your (ssl) traffic through shell.sf.net.

Re:SSH & SOCKS Proxy (0)

Anonymous Coward | more than 4 years ago | (#30264164)

Alternatively, Hamachi VPN on one of your clients/servers at home.

Re:SSH & SOCKS Proxy (5, Informative)

emj (15659) | more than 4 years ago | (#30264200)

Remember to tunnel the DNS requests over the SSH connection as well, in firefox after setting up Socks5 proxy goto about:config. Change this to true: network.proxy.socks_remote_dns

Re:SSH & SOCKS Proxy (1, Troll)

Krneki (1192201) | more than 4 years ago | (#30264270)

This.

Or get a classic WRT54GL router with tomato. So you can connect to your home SSH server (SSH service running on tomato).
Also keep an eye on your firewall and remove all the exception you don't know what they are for, if you are running Windows. If you are on Linux you are safe of course.

If you use public Internet caffe, get Firefox portable on USB stick and configure it to use your SSH tunnel. You don't need any Admin privileges to make it work. Also very effective to bypass any firewall that might be setup (China).

dm-crypt (5, Insightful)

tetromino (807969) | more than 4 years ago | (#30263792)

All network security is for naught when someone can just steal your netbook and read all the passwords and form data that firefox helpfully remembers for you. You have to make sure that your firefox profile directory (as well as all other confidential data, like passwords and bank statement pdfs) is stored on an encrypted block device. On Linux, a loopback device encrypted with dm-crypt works well.

Re:dm-crypt (5, Informative)

tuffy (10202) | more than 4 years ago | (#30263848)

Enabling Firefox's master password causes it to encrypt one's saved passwords and form data.

Re:dm-crypt (4, Insightful)

iron-kurton (891451) | more than 4 years ago | (#30263888)

Banking passwords should be memorized and never, ever, EVER written down or saved (and that includes firefox too). So when (not if) someone steals his netbook, he won't have to worry about them having his passwords (even if encrypted).

Re:dm-crypt (2)

JWSmythe (446288) | more than 4 years ago | (#30264146)

    Ahh, good security. There was a "what's the best way to store my passwords" thread a few weeks ago, and I said the same thing. It doesn't really matter, I give this guy a week before his laptop, phone, and wallet are stolen, and his body is tossed out in god forsaken nowhere. They'll have free reign on his accounts for weeks before anyone realizes that he hasn't checked in, and even longer before his next of kin convince the banks to lock down his accounts.

Re:dm-crypt (2, Informative)

grouchyDude (322842) | more than 4 years ago | (#30264180)

Great idea if you don't do much. If you have multiple banks or other equivalently-important accounts then it's very tricky. If you use long secure non-algorithmic passwords and won't be able to visit the bank to re-init them, the keeping them recorded in encrypted form would be my choice. That way if you can't recall them all, or briefly forget one, you can recover them so long as you remember at least the master password.

Re:dm-crypt (1)

AnomalyConcept (656699) | more than 4 years ago | (#30263910)

On Windows, TrueCrypt system partition encryption works as well.

Clean install WITHOUT encryption (2, Informative)

Anonymous Coward | more than 4 years ago | (#30264162)

Whenever I travel, I wipe my harddrive and put a clean install of Windows. This protects both against border protection and thieves. It's not that I have something highly confidential or illegal on there, I just don't want my data stolen by anyone. While encryption will protect you against thieves, you're likely to be in more trouble if border protection finds it and you're never going to be able to prove you have no hidden encrypted partitions on there. To make sure no sensitive usage data is left on the device, run everything in a sandbox and wipe the sandbox contents afterwards.

Whenever I use a network, I use a trusted VPN service.

Re:dm-crypt (0)

Anonymous Coward | more than 4 years ago | (#30264356)

Well if you're stupid enough to allow Firefox to "remember" your passwords you deserve to have your information stolen. Cripes people, use your brains.

Good starting point (0, Flamebait)

MrKaos (858439) | more than 4 years ago | (#30263808)

Use Linux.

Don't waste your time (-1, Troll)

Anonymous Coward | more than 4 years ago | (#30263890)

I am going traveling, to experience new cultures, people and ideas

Put down the computer; the world won't end if you can't access slashdot and your email for a few months.

And it certainly WON'T worth it to spend my precious travel time on something that requires a steep learning curve, when there are equally superior alternative options which provides better security.

Think: Setup your own VPN tunnel at home using Windows 2008 Enterprise before you leave. Setup dynamic DNS.

LAMP is out. WISD (Windows, IIS, SQL Server, .NET) FTW!

Re:Good starting point (0)

Anonymous Coward | more than 4 years ago | (#30263924)

Well that probably makes sense given that it is a low powered netbook and probably doesn't have a TPM.

For an even slightly more robust machine, use Windows 7 Ultimate with BitLocker and a strong password for your logon. Disable sleep and use hibernate instead to fend off those "cold memory attacks" that can be done on any OS. Disable any firewire ports to prevent any peer-to-peer memory attacks. Don't allow boot without a BitLocker PIN.

You then don't care about any of those "Firefox stored my password" stuff that others have mentioned workarounds for. Theft becomes just the inconvenience and money lost in having to replace your machine - the risk of any data disclosure is negligible if your PIN / password combo are solid. Leave the Windows 7 firewall in the default mode - it blocks all inbound. Keep firefox (and the rest of the system) as up to date as possible with the spotty connections you'll be able to get. Consider a firefox update as more important than some youtube video or whatever.

Why will you not have a system at home? (3, Interesting)

jazzkat (901547) | more than 4 years ago | (#30263814)

I've been stuck in the ICU's of local hospitals for the past month in a similar circumstance. I've been doing bills and banking from my system at home via FreeNX.

Re:Why will you not have a system at home? (2, Informative)

phantomcircuit (938963) | more than 4 years ago | (#30264376)

Possibly because he won't have a 'home' during his travels? I mean why pay rent when you're not there?

are you sure you're asking the right question? (1, Insightful)

inzy (1095415) | more than 4 years ago | (#30263820)

you're going travelling, to experience new cultures, people and ideas

put down the computer; the world won't end if you can't access slashdot and your email for a few months

i'm sure there are many ways to get around not having internet access - use phone banking, get your bank to automatically pay off your c card, use internet cafes for email (if you really must), or use a phone to call people.

why on earth you feel a need to access your investment account from the depths of south america, i'm not sure.

Re:are you sure you're asking the right question? (2, Funny)

ub3r n3u7r4l1st (1388939) | more than 4 years ago | (#30263840)

"why on earth you feel a need to access your investment account from the depths of south america, i'm not sure."

Wait until you figure out you lost half of your portfolio in 24 hours then you know why.

Re:are you sure you're asking the right question? (2, Funny)

iron-kurton (891451) | more than 4 years ago | (#30263934)

Wait until you figure out you lost half of your portfolio in 24 hours then you know why.

Well, if he doesn't access his investment account while he's there, he won't know. Problem solved.

Re:are you sure you're asking the right question? (0)

Anonymous Coward | more than 4 years ago | (#30263992)

Oh, is that how it works? Somehow, your stocks just disappear? And by looking at it in some foreign country, you can stop the stock stealing gremlins?

His portfolio will be fine, it might go up, it might go down, but it'll still be there and any sudden drops won't be mitigated by checking on it, or else he'd be a billionaire for his prophetic powers.

He's just a nerd who wants to feel important in some starbucks in south america, because he just has to be online to "check his stuff." How lame.

Re:are you sure you're asking the right question? (1)

pz (113803) | more than 4 years ago | (#30264042)

"why on earth you feel a need to access your investment account from the depths of south america, i'm not sure."

Wait until you figure out you lost half of your portfolio in 24 hours then you know why.

The parent post is 100% spot on, but the grandparent post has an inadvertent truth as well -- if you're away from your normal life, then you're not day trading. If you're not day trading, every now-and-then phone access to your broker service combined with some well-considered limit/stop orders should suffice if you have sporadic newspaper or web-based stock quotes. Network-based access to your investment portfolio is a convenience (and even e*trade has phone service) that might well be considered an unnecessary luxury while on a long trip to remote parts of the world.

Re:are you sure you're asking the right question? (0)

Anonymous Coward | more than 4 years ago | (#30264184)

I find it amusing how most of you seem to have the image that South America is one big jungle, with no cities, no technology whatsoever and where people use treetops as shelters. I doubt he'll spend more than 10% of his total journey in the actual jungles.

Sell your portfolio... (2, Funny)

HockeyPuck (141947) | more than 4 years ago | (#30264092)

If you have a portfolio in which your risk/exposure is such that you could lose half during your trip, you shouldn't be taking a trip away from your portfolio.

Two choices.

1) Sell your entire portfolio. Cash doesn't go up or down.
2) Invest the entire portfolio in some equity that doesn't move (like CDs).

Just leave your laptop at home. Enjoy your trip to the jungle and avoid having to bring your laptop around with you, through the rain, and having it potentially stolen while you sit at some cafe drinking your rainforest destroying frappacino'.

Re:are you sure you're asking the right question? (1)

buchner.johannes (1139593) | more than 4 years ago | (#30263872)

put down the computer; the world won't end if you can't access slashdot and your email for a few months

Maybe, but why take the risk? Just remember the docu 2012

Re:are you sure you're asking the right question? (4, Interesting)

kjart (941720) | more than 4 years ago | (#30263912)

the world won't end if you can't access slashdot and your email for a few months

Check the time mentioned in the summary. I would normally agree with you, and don't typically even use internet cafes while gone for a few weeks. However, I can't imagine being totally unconnected to email for a whole year. Yes, I could do without Slashdot, but just checking the news back home and following up with friends and family would be mandatory.

Really (2, Informative)

copponex (13876) | more than 4 years ago | (#30263936)

He should buy some decent fraud/identity theft insurance and just use a reasonably secured distro. All the anguish spent on perfect security is for naught anyway - if someone wants to rob you down there, they're more likely to beat you over the head or hold you hostage than hack into your computer.

Oblig. XKCD: 538 [xkcd.com]

Re:are you sure you're asking the right question? (4, Informative)

Hadlock (143607) | more than 4 years ago | (#30263964)

Going traveling for 5 weeks in south america as well. Just bought a netbook. Every single person I've talked to says "blog about it! we want to see your pictures!" -- the truth of the matter is that a netbook is pretty damn tiny and takes up little space (2800 cu in pack) and definitely qualifies as "personal gear". Might as well take it along. Makes backing up my digital pics easier, and makes it easier to check the news (you never know what's going to happen next in venezuela) and communicate with couch surfers. You don't NEED one, but it damn well makes things easier in a pinch.

This "eithier/or" advice is pretty silly (2, Informative)

IANAAC (692242) | more than 4 years ago | (#30263968)

Much like the rest of life, it's not simply a "do this, don't do that" thing.

I see nothing wrong with traveling with a netbook - they weigh next to nothing - or even better, something like a Nokia N800/N810. There are plenty of down times where I can see wanting to check email, get in touch with family, whatever.

Having a piece of technology with you while traveling certainly doesn't prevent you from experiencing different cultures and peoples.

Re:are you sure you're asking the right question? (2, Insightful)

cain (14472) | more than 4 years ago | (#30264118)

you're going travelling, to experience new cultures, people and ideas
put down the computer; the world won't end if you can't access slashdot and your email for a few months

why on earth you feel a need to access your investment account from the depths of south america, i'm not sure.

Why on Earth you feel the need to tell a perfect stranger how to travel, I'm not sure. Why not just trust the guy and answer the question instead of responding in a smug condescending manner?

I'd suggest booting a security-oriented "live" linux distro from a CD/DVD/thumb drive when accessing untrusted networks. This means caches are gone when the power is turned off - no passwords/account numbers/etc floating around on the hard drive. If the distro boots with sane firewall settings, has ssh installed, etc, the poster should be fine.

Re:are you sure you're asking the right question? (4, Insightful)

agnosticnixie (1481609) | more than 4 years ago | (#30264130)

Backpacking through south america doesn't mean OP is spending 5 months in the middle of the Amazon. Besides, how does internet access limit it? Oh, right, it doesn't. And phones aren't technology? Is this slashdot or some sort of faux-luddite assembly.

Re:are you sure you're asking the right question? (1)

vlm (69642) | more than 4 years ago | (#30264208)

you're going travelling, to experience new cultures, people and ideas

How would I do that without inet access? Seriously? I guess in the more 3rd world areas they still print out flyers and newspapers, and use paper maps, and don't use social networking sites, but in the more developed areas they'll think you're a visiting Amish. Restaurant reviews, hotel reviews, tourist trap reviews, train/bus/plane schedules... And remember to bookmark webmd.com or whatever for Montezumas Revenge.

Re:are you sure you're asking the right question? (0)

Anonymous Coward | more than 4 years ago | (#30264266)

why on earth you feel a need to access your investment account from the depths of south america, i'm not sure.

You must be american.
-Anonymous Coward

Re:are you sure you're asking the right question? (0)

Anonymous Coward | more than 4 years ago | (#30264344)

In some cultures it's customary to relieve the rich foreigner of their valuables. Greet the opportunity to become a part of their culture with open arms and let go your western notion of possession. Give them the laptop before they have to ask for it.

openvpn service (4, Informative)

Anonymous Coward | more than 4 years ago | (#30263822)

You might want to use a service like
http://alwaysvpn.com
or
strongvpn

Re:openvpn service (1)

keeperofdakeys (1596273) | more than 4 years ago | (#30263950)

these options seem like the best option and fulfil all the requirements
the rate is quite decent too

Tunnel the traffic (4, Informative)

gertin (1063236) | more than 4 years ago | (#30263824)

Set up a server at home or rent one where you can run OpenVPN and/or SSH and tunnel your traffic through it. OpenVPN supports LZO compression aswell, which might help a bit when you're low on bandwidth. I would also suggest that you encrypt the drive on your netbook with TrueCrypt or similar software in case you loose it.

Re:Tunnel the traffic (0)

Anonymous Coward | more than 4 years ago | (#30264126)

There is one side benefit about tunneling via SSH, and that is if someone attempts a MITM attack, you will know, because the host key will be different from the one you normally use (assuming you set up and test your connection before going abroad.) No need to worry about a key infrastructure as with SSL.

Re:Tunnel the traffic (0)

Anonymous Coward | more than 4 years ago | (#30264264)

Of course - if you *loose* your drive, you will have to spend many painful hours glueing all the bits back into the drive!

Encrypt your netbook, park data in the cloud (2, Interesting)

iturbide (39881) | more than 4 years ago | (#30263846)

Assume you will lose your netbook at some point: encrypt the entire thing using truecrypt or similar, and make sure you can access vital data from somewhere else: either use dropbox, or use google docs, or whatever.

Re:Encrypt your netbook, park data in the cloud (1)

grouchyDude (322842) | more than 4 years ago | (#30264204)

If you are really hard core, as a backup in case of theft you can mail yourself an encrypted USB key at a hotel/hostel/post office you are willing to put on your itinerary, but getting the timing right will be tricky unless you have somebody stateside to send it.

Phone banking? (1, Interesting)

Anonymous Coward | more than 4 years ago | (#30263850)

My credit union still has a system for doing much of my banking over a phone line. I'd rather take my bets on the security through the phone lines than the interwebs.

Beware that TLS (SSL) has been hacked (1)

wakim1618 (579135) | more than 4 years ago | (#30263856)

This was covered in a recent episode of the Security Now podcast http://www.grc.com/securitynow.htm [grc.com] . See episode 80 from Nov 19 "A security vulnerability in SSL". The transcript is also available http://www.grc.com/sn/sn-223.pdf [grc.com] .

Re:Beware that TLS (SSL) has been hacked (1)

Craig Davison (37723) | more than 4 years ago | (#30264258)

That was pretty hard to follow, what with the unrelated chatter about ARP and the origin of CRLF in HTTP headers.

Here's a better document: http://extendedsubset.com/Renegotiating_TLS.pdf [extendedsubset.com] with helpful diagram: http://extendedsubset.com/Renegotiating_TLS_pd.pdf [extendedsubset.com]

buy a shell (1)

CAIMLAS (41445) | more than 4 years ago | (#30263858)

Buy/rent a shell or a virtual host from a reputable reseller and use the account/host to set up an SSH tunnel (socks5) through which you should tunnel everything of importance, so the data is not as easily retrieved (ie 2-level encryption - browser and TCP).

Why? (1, Insightful)

Curmudgeonlyoldbloke (850482) | more than 4 years ago | (#30263868)

Since my trip is so long I'll have no choice but to access my banking, credit card, and investment accounts on public networks.

If you're stuck in the middle of Machu Picchu do you really want to be looking for a Wifi network so that you can poke around with your "investment accounts"?

When you're at the lodge after a hard day's sightseeing, don't be the one at the back of the room with a laptop. Be at the bar talking to people.

You've only had the option to stay connected in this way for the last few years or so - why not think back to how people used to manage 10 years or more ago? The answer then was to set stuff up before you set off and relied on that.

Re:Why? (0, Informative)

Anonymous Coward | more than 4 years ago | (#30264034)

Posting Anonymously to not break my mods... I just had to say something about these posts... f-ing recockulous. Yeah "don't be the one at the back of the room with a laptop. Be at the bar talking to people." Dude if you managed to even read the summary, the guy is going away for a year. One year. 365 days. I'm sure he's going to see more of the great outdoors then one would see in 5 years working 9-5...and not too mention that I am a very heavy partier who likes to get down with the get down but even I am not going to drink every night for a year straight. Who are you to tell him that he shouldn't have access to whateverthefuck he wants technology wise and he should drop off the grid? This is a valid question and concern when planning to travel. Don't dumb it down with hypocritical quazi-luddite responses.

Maybe you should take your own advice and get back to us on 11/29/10. Let us know how your non-connected ass is doing. His question was a security model for traveling, but as I see it, you are probably a hell of a lot less secure right this second then he will be in eastbumfuck if he follows some of the good advice posted here. So do us all a favour, put the laptop down and go to a bar.

~cez

Re:Why? (1)

agnosticnixie (1481609) | more than 4 years ago | (#30264138)

I did a two months road trip this summer, the laptop isn't a problem. Only people who don't know how to use one think it is: hint, it's not a glorified office desktop.

Re:Why? (1)

GrumpySteen (1250194) | more than 4 years ago | (#30264214)

The OP said he was going to be backpacking for a year. He's only got three choices. Bring a computer, use internet cafes where other people can see him or give up porn for a year.

Nothing (2, Interesting)

tokul (682258) | more than 4 years ago | (#30263870)

Other than an effective firewall, a patched system, and the use of SSL, what else should I do to protect my information?

There is nothing you can do. Keep strangers away from your machine. If you use SSL, check certificates or maybe even remember signatures of most important certs.

Re:Nothing (1)

mlts (1038732) | more than 4 years ago | (#30264262)

I'd add using a good VM program. Virtual machines are a solid and aggressive defense. Of course, there are attacks to jump out from the VM, but patching an attack surface of a hypervisor versus an entire OS is a lot easier.

If you have the disk space, have a VM dedicated to banking and nothing else should provide enough security. (This is assuming you use a VM for browsing so the host OS doesn't get compromised, as if it gets rooted, the game is over.) Having separate VMs for differing projects can be done too. If the VM program (such as VMWare Workstation) support copy on write snapshots, the separate VMs won't take up that much space.

Another advantage of having your sensitive stuff in a VM is that you can stash the VM's disk image files in a TrueCrypt volume. This way, if the laptop gets stolen while it is on, the thieves might get access to the OS, but assuming the owner unmounts the sensitive VM once they are done, the information at risk is limited.

Of course, there are drawbacks to doing your work in VMs. It sometimes gets clunky to fire up a VM to do a task as opposed to just kicking off a Web browser in the host OS. There is also a performance penalty, which for some applications can be important. Of course, some VM programs are not able to do 3D graphics, so playing games in a VM won't be doable. Finally, there are OS licensing/activating issues that should be verified before heading abroad. However, if you max the RAM out (8GB is nice, 4GB should be the standard), you can allocate a decent chunk of RAM to a VM so the contents can run with a low performance penalty.

Privacy has some monetary cost, just like travel! (4, Insightful)

gilgongo (57446) | more than 4 years ago | (#30263942)

"I will not have a system at home to connect through."

Then get one if you're concerned about your privacy. Really, are your bank details not worth ten or twelve bucks a month for a virtual server somewhere?

Buy VPN account (1)

Bender Unit 22 (216955) | more than 4 years ago | (#30263976)

I use one on my notebook and iPhone when using hotspots(specially the unencrypted ones). They are not that expensive. Then of course there is the question, do you trust your VPN provider. :D

Not a lot (4, Interesting)

ledow (319597) | more than 4 years ago | (#30263978)

There's not much you can do, this is why SSL saves millions of people's asses everyday - just be ultra-suspicious of any warnings that you don't normally get. This is why everyone has a "trusted" network piped into their house by their ISP, and why they get so uppity when that trust is abused (DNS redirection, deep packet inspection, traffic analysis, advertisement insertion etc).

Have a software firewall at *ALL* times that distrusts everything... on Windows I use Zonealarm with everything set to "Internet" and all the high-security settings for that (only exception is an OpenVPN interface which can *obviously* only be my remote access into my trusted networks at home - I let OpenVPN - the program - connect to the Internet and I let the OpenVPN interface do whatever the hell it wants ["trusted"], and obviously have all the checks enabled for certificate-authentication to get onto my home network). On Linux, that's just bog-standard iptables doing its job the same as ever.

I don't expect anything non-SSL to be secure by default. I treat it as if I was using Tor in that respect. Make sure you have Gmail or whatever set to "always use https". If you want anything better than that (i.e. email, IM, http, etc. traffic), or better assurance overall, you have to have a VPN to be safe.

My OpenVPN automatically deletes other routes except for the essential ones and adds a default route through my VPN interface so when connected to home I *know* everything has to be using the VPN to communicate in that instance (hate the idea that if OpenVPN dies, there might be "another" route lurking which sends things out on another interface - I've seen it happen with some "automatic" configurations on Windows).

I often game over an OpenVPN instance, even when playing locally, so don't take heed of the rubbish about it being too costly in latency terms - of course, if you are in a foreign country and relaying to another, it will lag, but the actual overhead is not much worse than just ordinary IP routing to your destination.

Basically - SSL in some form or another, whether that's direct or over a VPN... otherwise you cannot trust things. Of course, millions of people trust ordinary wifi points all over the world, all day, every day. If you decide to follow their lead, that's up to you.

Re:Not a lot (-1)

Anonymous Coward | more than 4 years ago | (#30264400)

Any services you recommend?

Brian (0)

Anonymous Coward | more than 4 years ago | (#30263990)

Use a service that provides VPN. One such service is strongVPN.com . No hardware to set up, and you won't be dependent on some box you set up and left running, hoping that it would remain reachable and functional for the year you are gone.

Run screaming away from Windows (-1, Flamebait)

steveha (103154) | more than 4 years ago | (#30264014)

Install Linux on your netbook. Do not trust Windows.

That's my top tip for you right there.

I also use NoScript because I don't trust Javascript. The problem with Noscript is that so many web pages require Javascript to be enabled, so you need to use the Noscript control to permit Javascript. The usual sequence is: Why is this page acting funny? Why is the search feature broken? Oh yeah, it probably requires Javascript; enable it, then wait for the page to reload. So, Noscript is really a bit of a pain. But I use it anyway because I don't trust Javascript.

On my netbook (an Acer Aspire One with a 10.1" screen, 512MB of RAM, 160GB hard drive) I'm using Ubuntu 9.10 and it works great. The only issue I have noted is that if it goes into sleep mode it doesn't wake up; I need to power it down and then up. One of the cool features of Ubuntu 9.10 is that you can have an encrypted home directory; that would be nice for your credit card numbers and other personal data. I installed with this option and I have not noticed any slowdown in using the computer.

To install Linux, get a (cheap!) 1GB USB flash drive, and use Unetbootin [sourceforge.net] to make a bootable installer for your chosen Linux distro. Ideally, you should use a flash drive with a physical write-protect switch; these are not common but do exist. Then, after you have set up the netbook, pack that flash drive in your luggage; if you ever need to you can re-install Linux from scratch. Or if your laptop is lost, stolen, or destroyed, you can get a new one and set it up again with Linux. But you will know the Linux installer on that USB key is a trustable Linux, especially if you have it write-protected.

By the way, when you set up Linux, be sure to put your data files one a separate partition from everything else. In other words, have two partitions: "/" (for everything but your data files) and "/home" (for your data files). If you ever do need to re-install your whole OS (due to horrible crash, or somehow getting 0wned) it is really fast to just say "go ahead and wipe the whole / partition, but don't format /home". You can completely re-install Linux in this way, losing no data, faster than you can run the Windows installer in "recovery" mode to try to fix a broken/0wned Windows install.

As others have suggested, you might want to keep your data "in the cloud", such as by using a webmail client. The major advantage is that if your laptop is lost or stolen, your data is all still where you left it; you just need a new netbook/laptop.

I'm sure you will bring a digital camera. A 160 GB hard disk can store a whole bunch of photos, and when you are in an area with good WiFi, you can backup your photos to the cloud somewhere. In future years you will treasure those photos. Looking over your photos you will say "Oh wow, I forgot all about that day; but this photo just reminded me!" Unless you tirelessly record everything in a diary, the photos will be crucial to reminding you of your trip. (And the netbook can record your diary, either by you typing it, or by you talking to the microphone. A netbook is handy no matter how you look at it.)

If you ever use a computer in a cyber cafe, just assume that a keylogger is recording your password, credit card numbers, etc. (It doesn't even need to be a software keylogger, it could be hardware!) Bringing your own computer is a good move. Using Linux to avoid your computer being 0wned is also good move.

steveha

Ten tips (1)

mlts (1038732) | more than 4 years ago | (#30264018)

A few things that come to mind:

1: Bring an external drive, install media, and images of your machine with the OS, drivers, and apps installed, so if you get a spyware infection, you can boot an OS CD or a CD with a recovery program, save off your documents, and roll back to that.

2: Use Mozy, Carbonite, or some cloud backup program to have your critical documents stored safely, even on a spotty network connection. Bonus points if you use a keyfile, and store the keyfile somewhere secure (perhaps as an attachment in a few email accounts). This way, an intruder would need to have the keyfile as well as your username/password to restore from those services.

3: Department of redundancy department. Bring extra batteries, chargers, external hard disks, multiple copies of your OS on DVDS, an external DVD drive in case your primary one fails, and if budget permits, perhaps even a netbook just in case your main laptop fails. Weight in carrying this stuff around may be a consideration, but if you can leave some stuff at the hotel, it would be good to do, as a dead charger with no way to replace it will put a crimp on your Internet-readiness.

4: Backup nightly to a local drive. I'd consider a copy of Acronis TrueImage or a similar product.

5: Antivirus software doesn't catch everything. My recommendation? Do *all* your Web browsing in a virtual machine. This way, if you get your VM infected, you can save files you desire to keep, then roll back to a previous uninfected state. With Windows 7 Professional, Enterprise, and Ultimate, you can download XP Mode at no cost which can do this. Alternatives are VirtualBox and VMWare Workstation.

6: Encrypt your data. If using Windows, TrueCrypt is licensed at no charge and can encrypt your system volume. If you have a more advanced laptop with a TPM, Windows 7 Enterprise/Ultimate and BitLocker. Most Linux distros support filesystem encryption as well. And in OS X, FileVault is only a few mouse clicks away.

7: Have multiple user accounts. The account you use to show your laptop is OK at an airport is not the one you should use for your main stuff.

8: Consider insurance that covers your equipment while abroad.

9: Consider mailing your backup drives back to your place separately. This way, if by some chance your laptop gets stolen or seized, you still have backups of your stuff on those drives, as well as Mozy.

10: Consider a VPN service like StrongVPN, Anonymizer, Relakks, SwissVPN, or another reliable host. This is not for downloading your warez via P2P, but making sure that your traffic stays private.

Of these tips, I consider using virtual machines the most important. A VM infected can be easily cured by a snapshot rollback. It is a lot harder to clean up a host OS. Since you will be far from where you can find recovery media, having your host OS essentially be a hypervisor is a good bet.

Any VPN provider will do (3, Insightful)

fluch (126140) | more than 4 years ago | (#30264028)

I've tried SwissVPN (http://www.swissvpn.net/) and had good experiences (about 6$/month on a prepaid basis, no limits).

Cash and a machete (1)

zogger (617870) | more than 4 years ago | (#30264038)

That's what I would carry..of course I am primeval hard core...

How about boot from a usb stick when you need to do banking, and keep that thing really buried in your pocket, so even if the notebook gets stolen, your important stuff is still on you.

How about banking from a cellphone instead, just using voice? Is that possible with your bank?

don't bother (0, Offtopic)

spongman (182339) | more than 4 years ago | (#30264066)

take your credit card, the phone number of someone who can wire you money in an emergency. set stop orders on your investment accounts. leave the rest at home.

Some Advice (4, Informative)

Jahava (946858) | more than 4 years ago | (#30264068)

Really, security is best done in layers. The tightest system will be burdensome to operate, so don't take every suggestion you see. Instead, evaluate some basic thoughts, such as:
  • Where will my sensitive data be stored?

    Ideally, you want this to be a remote machine, either cloud or at home, with your Notebook acting as a gateway.

  • What am I exposing to attackers?

    Be aware of potential vectors of attack (mostly wireless / network based, but don't forget physical access) and have a defense against them.

  • How am I protecting my data?

    Ideally, everything (and, more practically, everything sensitive) will pass through some pipe that uses the strongest available encryption.

Here is a general set of guidelines that I use:

  1. Are you sure you can't have a computer at home? A cheap decade-old server with a constant internet connection? How about trusted family or friends?

    As others here have mentioned, having pre-exchanged SSH keys and doing all of your sensitive browsing / business over an SSH-tunneled Proxy to a machine back home will do wonders to help with any inherent wi-fi (or untrustworthy ISP) issues.

  2. Protect In Advance

    Get your system hardened before you start your journey. Make sure you're running the latest operating system versions with the latest security patches. Make sure you've configured your firewall and updated your antivirus software. Pick a secure software suite to use for your important actions. For any OS, shut down daemons and services that you're not going to need, as each is a potential point of attack.

  3. If you are worried about viruses on your machine, only let Virtual Machine snapshots connect to a network

    Buy a USB-based wireless device (they're only $20 or so). Disable the wireless device on your Notebook's OS. Before you leave, build a Virtual Machine [virtualbox.org] running an OS of your choice (Linux works nicely). Install the OS from scratch, boot it, update it, and then open up a browser instance. Configure it so that the USB wireless device is forwarded directly to the VM, and install its drivers in the VM. Snapshot the Virtual Machine's state. When you're travelling, turn off your Notebook's wireless signal the entire time. If you want to use the Internet, plug in the USB wireless device, start your VM, and use the Internet through it. When you're done, shut down the VM and revert its state to the saved snapshot state that you made before you started your trip. This should help ensure that any viruses you are hit with only survive the duration of that single VM session.

  4. Encrypt your Hard Drive

    The options vary based on your OS. Any standard encryption scheme will do - complete drive encryption, partition encryption, filesystem-based encryption, etc. The real goal here is to make sure that neither your private files nor your runtime-generated files (Internet history, cookies, etc.) are accessible.

  5. Store your Keys Externally

    Buy some cheap USB stick to store your SSH and/or Hard Drive encryption keys separately, and carry it with you at all times. If you're truly paranoid, you can even encrypt its filesystem with a password-based key for extra protection.

  6. Don't Suspend / Hibernate your Machine

    Fully power down your Notebook when you're not using it. If you Suspend / Hibernate, not only will memory-resident viruses etc. still be running when you resume, but decrypted information is accessible in-memory, should it be seized in this state.

  7. Don't Do Anything Stupid / Illegal

    There are a lot of threats you can face in another country, but it's wisest to stay away from the government-level threats. Don't give them a reason to seize your laptop and you'll have mitigated many truly serious issues.

Uhh... travel in remote areas? (0)

Anonymous Coward | more than 4 years ago | (#30264074)

So ditch the netbook, PDA, cellphone, etc.
There is thing called an airmail letter.. on thin blue paper. gets there eventually (typically within a week).

Or, if you are SO addicted to the crackberry.. Buy a 2 1/2ton truck outfitted with a satellite earth station and diesel generator (diesel is easier to come by in remote areas), rent some single channel per carrier (SCPC) time on a geo transponder and maintain your connectivity in the style to which you are accustomed.

Part of the adventure of travel (as opposed to business travel) is being disconnected or randomly connected.

Evil is behind every corner (5, Funny)

MasterPatricko (1414887) | more than 4 years ago | (#30264094)

If someone is truly smart enough to crack your system and steal your bank account info - when you are a fairly intelligent tech-savvy guy who uses SSL and won't just click the first open wifi network that pops up like 90% of the population would - what the heck are they doing in the jungles of South America where maybe 5 students with negative bank balances pass through every year? "The same issues and risks that business travelers in hotels and airports face, as well as those encountered by millions of other backpackers, gap-year travelers, and students". Do you honestly think 99% of them have a clue? And yet 99% of them make it home perfectly fine. As someone with an above-average IT security knowledge, you will be fine. Seriously, while I don't advocate writing your bank details in 10-foot high letters of fire on Macchu Picchu, the chances of anything happening are infinitesmal. By the way, South America is awesome to backpack through. And not being tethered to the Interwebs is a good thing.

Keep it simple (5, Informative)

teadrop (1151099) | more than 4 years ago | (#30264106)

I just returned from my backpacking trip. So here are my tips... If you are using your own laptop, an effective firewall, a patched system, and the use of SSL is all you need. Since you are posting on Slashdot, I assume you are capable of keeping your own laptop clean and secured. In reality the risk of someone stealing your laptop is much higher than the risk of anyone breaking into your laptop, so... 1) Some sort of chains/locks on your backpack is much more important than a VPN. 2) Do not store any password, sensitive documents on your laptop. In case it will be stolen later.. 3) Keep backup of important documents (e.g. scan copy of your travel insurance) in a gmail account... 4) Do not keep all your vacation photos in one laptop, copy it to CD/DVD/cheap USB devices and send it home every few months. 5) Bring a USB drive and backup everything on your harddrive (including your vacation photos), store the USB drive in a different location (e.g. inside your main backpack) If you are really desperate and have to access your bank in an internet cafe, here's what you can do... 1) To make it harder for key loggers to steal your password, scramble your url/password using your mouse. e.g. if your password is ILovePizza, you can type IHatePizza, highlight the word "Hate" with your mouse, click delete and type "Love" instead. It's not 100% secured, but it's better than nothing. 2) As soon as you reach a safe location, change your password.

Anonymous Coward (0)

Anonymous Coward | more than 4 years ago | (#30264108)

Use cash, it's South America.

Slashdotters never leave home (0)

Anonymous Coward | more than 4 years ago | (#30264110)

"Since my trip is so long I'll have no choice but to access my banking, credit card, and investment accounts on public networks."

All the comments about not needing a computer to access financial information are ignorant. You can't use a credit card without paying the balance. At least at my bank, they don't offer automatic ways of transferring from savings to credit accounts. If they did, they would not be able to collect as many fees for overdraft protection. (Banks in the USA collected $38 billion last year in these kind of charges, not exactly chump change.)

Given the current unstable nature of the world economic system, is it a sane move to ignore your investments for a year? Only if you have you money in a piggy bank and live in your parents basement.

Like I said, lots of Slashdot readers never do any real travel, so they have no concept of actual adult responsibilities.

How important are you, really? (1)

mblase (200735) | more than 4 years ago | (#30264132)

Unless you're being targetted specifically, basic security procedures are probably enough. Change your financial passwords regularly, maintain a secure wireless connection, and don't let your computer be handled by anybody else. Casual intercepts are going to meet the needs of most internet hackers, and if your data and passwords are going to take any amount of effort, they'll move on to someone else.

That said, I think that in much of South America you're more likely to have your hardware stolen or confiscated by corrupt officials because of its cash value than for the value of the passwords they might hold. Make sure you can access anything you NEED to access using public terminals if your netbook is useless. Make sure you know how to access them by phone, too.

However, if there's someone in your family you can trust to keep half an eye on that financial information back home, I would do so. Redirect all postal communication to them and tell them to open anything from this or that bank just in case there's an alert. Your bank can probably authorize said family member to make certain changes on your behalf, if you tell that bank ahead of time to do so.

Get a cheap shell account to use as a SSH tunnel. (0)

Anonymous Coward | more than 4 years ago | (#30264142)

Spend $10 a month and get yourself a shell account that you can proxy traffic SSH through. Any reputable SSH client can do SOCKS5 or port forwarding through that shell account. I've used this method of accessing private bank accounts in some pretty crappy 3rd world countries such as Mexico, Philippines, etc.

It's not the network, it's the keystrokes! (1)

grouchyDude (322842) | more than 4 years ago | (#30264240)

I think SLL encryption as used by most serious places will be sufficient. The Royal Bank of Canada had a bad certificate for their main investment site for a while, but barring such foolishness the SSL and attention to warnings will probably be fine in terms of the actual network traffic. I think the biggest risk, however, is that there could be a key logger at a public site and these are easy to find and install, and a pain to circumvent unless you have control of some key parts of the process.

Advice (0)

Anonymous Coward | more than 4 years ago | (#30264244)

1) DON'T, DON'T, DON'T use Windows! These access points, anyone else connected to them is basically on the LAN with you, anything they have your Windows box could catch. Let alone anything else you'd get via the browser etc. Do you really want the hassle of getting viruses and spyware while you're on vacation? A lot of people will worry about hardening the connection between them and the bank then run this swiss cheese of an OS. I think key loggers and data-stealing trojans are FAR more of a problem than someone sniffing your connection. I recommend Ubuntu but I guess you could use a Mac too.

          2) SSL, obviously. Quite a few sites that are http by default do support https. Pay attention to any odd warnings -- man-in-the-middle attacks are IMHO unlikely, but they will make firefox throw warnings.

          3) I do like the recommendation of tunneling via VPN. But, *shrug*, if it's not possible then don't.

          4) Perhaps costly, but does one of the international data plans cover you? VZW for instance has a crackberry data plan that has unlimited roaming in a bunch of countries. Then you would not even have to look for wifi, and GSM or UMTS (or CDMA and EVDO) sniffing is much more likely than someone sniffing an unencrypted wifi link.

Physical security is a bigger problem. (1)

beegle (9689) | more than 4 years ago | (#30264310)

First, don't forget physical security. Assume that someone WILL attempt to steal your netbook. Keep it in sight or locked up. Encrypt as much as you can (whole hard drive if at all possible). Make backups, even if that's just "webmail and flickr/picasa", to keep data loss to a minimum.

That said, I'd keep it simple. Get everything for your online banking set up before you go. Take a look at the certificates. Don't worry too much, but just know whether your bank's certificate has the name of your bank or the name of some parent company. Really, you want to know if something changes later.

Seriously consider two browsers: one for "safe" targeted work (checking bank balance, for example) and one for "browsing". Personally, I'd use Firefox for the safe stuff and Opera for everything else. The Opera Turbo http://www.opera.com/browser/turbo/ [opera.com] feature is really nice for slow or flaky connections.

For homebanking, etc.. (2, Informative)

nunoloureiro (1162373) | more than 4 years ago | (#30264342)

For homebanking and similar sites, in order to prevent man-in-the-middle attacks, make sure you bookmark the HTTPS URL, so the first hit on the bank's httpd is HTTPS and not HTTP. Also, add the address of your homebanking to /etc/hosts, so you don't really rely on DNS for that.

Rely primarily on Wi-Fi hotspots? (0)

Anonymous Coward | more than 4 years ago | (#30264382)

You actually think there's wi-fi hotspots everywhere on the planet? /lol

What exactly are you doing? (0)

Anonymous Coward | more than 4 years ago | (#30264394)

...to warrant the opinion that you think your life is simultaneously important enough that you require internet whenever/wherever you want it, and that you want to be as far away from everyone for an entire year as possible?

You can have one or the other, not both.

This goal that you have is quite farfetched! Do you think you will actually have a cheap netbook and "rough it" for 52 weeks and not have it stolen, break or sold for room and board? You have no business doing whatever the hell you are planning to do in South America.

I'm guessing you're American, white and come from an upper-middle class upbringing. You must obviously know Spanish and/or Portugese, which will come in handy after you get kidnapped and brought into the jungles of Columbia for ransom.

If you really must blog or check your day-trader stock options, go get a satphone and some sort of data package.

Live Linux CD/DVD (1)

frovingslosh (582462) | more than 4 years ago | (#30264402)

For many uses, consider using a Live CD or DVD such as the recent Knoppix 6.2 release. It will let you have web access, and greatly reduce any chance that you might pick up an infection on an untrusted network. Of course, you should still use more secure https connections when accessing an e-mail or banking site.

I would also remove anything that you don't feel that you need or will use on the trip from the laptop, and put any information that you really need to keep private on a small flash drive that you can connect only when you desire to, so as not to expose it during all connections.

If you are really feeling paranoid, you could also carry a Live CD or DVD that gives you an Onion router connection.

assume compromise & set up separate accounts (1)

ffflala (793437) | more than 4 years ago | (#30264412)

Start with the assumption that any account you access while traveling will be compromised at some point -- anything that requiring a username/password or any other form of online authorization. Structure your accounts to minimize the loss suffered from any compromise.

Set up a separate email & IM accounts. Get a credit card designed for travel. I'm not going to suggest brands, however certain cards have security policies that lend themselves well to the risks of travel and compromise.

For your online banking and investments, set up separate travel accounts. For banking, have a periodic automatic deposit from another non-travel account in an amount sufficient to cover your expenses for the period between transfers. If your account is compromised you will lose only the funds from that period. Structure your investment accounts similarly.

Do not access your non-travel accounts while traveling. To manage your non-travel accounts while you're away, set up limited access so that a trusted family member or accountant can make transactions on your behalf & at your request if necessary. Develop some sort code/confirmation to include in any such communication to allow for the possibility that even this might be compromised -- for example a message isn't legit if you don't complain about/praise the food or the weather, or if you don't link to/attach a picture of you wearing something unique/making a certain gesture/face.

wrong question (4, Informative)

bcrowell (177657) | more than 4 years ago | (#30264494)

I've spent a month in Ecuador, and in my experience, the OP is focusing on the wrong problem. Backpacking in South America means being around a lot of people who make less money in a year than you make in a week. On this trip, I had a pair of prescription sunglasses and a pair of nice gore-tex hiking boots, and they constantly made me the focus of attention from people who wanted to know how much they cost, etc. One time coming down a trail in the Andes, I passed a kid who looked like he was about 12, chopping bananas with a machete. He said, "Dime los lentos," meaning "Give me the glasses." I just increased my hiking speed, and it turned out that he didn't hack me to death. So carrying a netbook in this social environment does bring up a whole bunch of issues about being victimized, but they aren't issues with having your PayPal password stolen, they're issues with getting mugged by someone who wants your computer, which is worth more than they make make in several months. My advice is not to bring the netbook. If you're worried about keyloggers in internet cafes, bring a bootable CD.

Sleep with your netbook! (1)

ElectricHaggis (1149087) | more than 4 years ago | (#30264516)

Honestly, this isn't some weird geek porn fetish. If you're travelling in Hostels or even Hotels, sleep with your passport, cards & your netbook. I've heard of people waking up to strangers in their room feeling under the pillow they're sleeping on, so it's best of tucked in with you. An added advantage if travelling alone and you get lonely, you could call it Mary and ...
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>