Security of Hotel connections?

I know it's not completely related to site/server security but I thought I'd get the best answers here.

I travel a lot and often need to work on my websites logged from hotel wifi connections. Given that I have a relatively good Firewall (McAfee) how secure/unsecure is it to log into my FTP accounts, cPanels and WHM from hotel wifi connections? And how easy would it be for a hacker to install a program scanning the incoming/outgoing data of that hotel connection and then capture my Digitalpoint passwords for example. Not that I would mind that much about the Digitalpoint account but I connect to my own websites in similar way and was wondering how insecure it was...

Thanks!
Vincent

 

I travel...I use Norton 360......a firewall should do the trick.....

 

Not secure at all. If you don't know what security is on their WiFi connection (is it encrypted?) then you are taking a risk. Even if it is encrypted, it's only encrypted to the access point. Nothing stopping a hotel employee with access to their system or the access point sniffing packets upstream of this.

You laptop may be relatively secure, but when you connect via FTP your password and username are sent in plaint text. Your host may have sFTP available and you should check that out. Otherwise, make the connection at your own risk.

 

That's exactly what I'm affraid of ! I don't know how easy it would be for someone to do that... And I guess besides using secure protocols there's no more way to protect ourself against that... If you guys know other ways please let me know...

 

Very. If they can get physical access, they can do it. Let's face it, most hotels won't be that informed about security. Their various (or single) AP will probably cable back to an office that many people will have access to. Nothing stopping someone installing a sniffer, or a bored member of staff late at night having a nose around.

That's the only way to be totally safe unless you can create a VPN to another system that you know is secure and I don't give you high hopes of achieving that on a hotel's wireless network.

The fact is, upstream of the AP you have no idea what is happening. You need to protect yourself. That's generally true of all networks, and many people use unsecured connections to collect emails or FTP, but the big difference is that with your ISP and numerious routes your packets take to reach their ultimate destination, is that the sheer volume of traffic makes interception extremely difficult and anyone doing this will have bigger fish to fry than the average users FTP username and password. The same can't be said of a hotels wireless network.

 

Thanks RonBrown for you complete answer! I just switched my FTP client to sFTP but I agree that with emails and various other applications I'll have to be careful.

 

You are always taking a risk while using public networks, you might be better off using your own dongle when away from home.

I’m amazed at the number of insecure wireless networks, many home users fail to change default setting when installing routers.

If you own a wireless router you can make it secure, try securing wireless network guide.

Thanks Brian

 

This is what happened when your wireless security is not good enough
http://www.itscolumn.com/2011/04/5-tips-to-secure-your-home-wireless-network/

It is not recommended to do anything on public wifi. Even you are with any super antivirus because since the data transmitted out has nothing to do with your antivirus. You can protect yourself, but not the data you are sending out. Username, password, credit card information, or whatever sensitive information.

 

That's what SSL (the https protocol) is for. Everything over https is encrypted. If you cant access a website via https over an untrusted network, then don't visit the website until you get back home.

 

Use always SSL when browse the site but SSL can be crack so use a SSH Tunnel with RSA key at 4096 bit, it's easy to make and use.
Wireless are very vulnerable! WEP are too easy... i can crack in a second.. WPA are also easy. WPA2 are more difficult because it need more time to crack it but can be cracked anyway.
Use WPA2-Enterprise with RADIUS authentification, hide your BSSID and inside the wireless use a OpenVPN network.
Because you have too many high encription method and if you configure a IDS ( Intrusion Detection System) system will alert you that have an intrusion in one of this layer of security.
So yo can block it and fix the issue.

Of course you need also some others tips to make network and computers secure..
You can also crypt the files, the disk and the filesystem with keys.. but maybe will be too paranoic..

The important is you know what happen in your network so any monitoring software will be very usefull for you.

 

When you are traveling, it is best to just not use the hotels wifi just to be safe. however, i know that will most likely never happen.

I strongly suggest that you either rent a vpn (or bandwidth from a vpn provider) or setup your own vpn and then connect to it then browse to whatever of your sites. But a proxy wont do the trick. You basically need a VPN. OpenVPN you can install on your own server and you can go from there (but i would get an ssl cert for that too, just so even that is secure),

or you can buy some bandwidth from openvpn, i believe is it shieldexchange.com that you can buy some bandwidth from, download their program and install it, and it sits in your program tray and you can connect to it whenver you need to. I use it, and it works good. and the price seems good too. However, I will eventually setup my own VPN and go from there.