Ethernet security

Question

I have a simple question that many people probably have and yet there does not seem to be a topic on this.

I am visiting a company for a meeting and I have my laptop with me. This company is our competitor and I have some private data in my laptop. Normally I just get an Ethernet cable from my hosts and plug in my laptop for internet connection.

My question is really very simple: what information they can see and what information they cannot see? More specifically:

1. What information from my internet activity can the network administrators see?
2. If I use https, can they see my emails, chats, searches, etc? is gmail completely safe?
3. Can they somehow get into my laptop through Ethernet port, read my files, emails, saved passwords, etc?
4. How can I increase my security in this scenario? Encryption is the only thing I could think of, but seriously, most people do not have GnuPG installed to decrypt my emails; and would you go over the pain of entering a password for Truecrypt everytime you open a directory?!

Thanks

Answer 1

1. They can see the DNS servers you contact and the IP addresses you visit. DNS doesn't go over HTTPS, so they will see every domain name your machine tries to access. They will also be able to tell how much traffic you send, and probably can guess what types of activities you are performing. The ports you use at the TCP level will give away what services you are using (ie, SSH, HTTP(S), POP3, etc) if you are using the standard ones. (They will likely be able to scan your machine and guess what sort of operating system you are running, but that's probably not concerning.)

2. HTTPS encrypts the entire HTTP session. If your application/website is working purely over HTTP then it should be fully encrypted. The catch is that not all sites load all their resources over HTTPS and do some mix-and-matching with plain HTTP and HTTPS. This can lead to security issues such as injected malicious content and HTTPS downgrading. But whatever connections are actually established purely over HTTPS are completely opaque to the network sniffers (except for the destination IP). A secure web-based e-mail client should load completely over HTTPS and do all of it's e-mail/chat over HTTPS. I can't speak as to GMail's practices in specific, though.

3. This is pretty complicated. In short, maybe. It depends on the security of your specific system. The will have the ability to address your operating system's network-facing functionality just like anyone else, so they can scan for and exploit services you have running and use that to get in. What's more, being on the same network as you, they will in a position to reroute any of your traffic that they want to. (HTTPS should protect against connecting to a fraudulent site, hopefully, assuming you don't click-through SSL warning prompts.) It's probably possible to properly prepare a machine that will be safe, but this is the very crux of computer security: How can you ever be completely certain there isn't some clever way to break in? No one knows for certain. The devil will really be in the details here.

4. Putting all your network activity through a VPN is probably the safest way to use their network. All your network communication will be encrypted, regardless of the sites/services you use, and the destination of all your traffic will, from their perspective, be the same place. That's about the best you can hope for. As far as securing your actual laptop, all I can advise with this level of information is to follow best practices: Encrypt (or leave at home) the data you don't need exposed while there, disable all unnecessary services, update all security patches for your OS and software, and get a decent firewall. Again, the devil is in the details.

Answer 2

There are a few factors here - the biggest being how actively is the 'competitor' trying to access your data?

Real World - 99% of the time, people aren't going to try and hack into your computer and possibly won't even be monitoring what you are doing. That doesn't mean you shouldn't take common sense precautions or rightfully ask about what's possible as you have done so. All I'm saying is these measures will only be needed in the minority of cases.

The other 1% of the time, they may be monitoring your traffic trying to see what you are doing, or casually probing your computer. This means they can view any information you send over any site that begins with http (logins, etc), ftp, see what sites you're visiting, etc. In other words treat anything that begins with http as insecure and assume they can see it. If it begins with https you're typically (within reason) safe, as this encrypts the information from your computer to the sever, so any information you send (emails etc) they can monitor - but they will only get scrambled garbage. Another thing to be careful of is poorly configured file sharing, it may be the case you've set up the ability for others to look at the files on your computer and possibly read / write to it. Be careful of this.

The 0.001% of the time, I'm talking you work for the US DoD and you're having a conference in China, you may be subjected to direct attacks. In this case pretty much all bets are off and depending on what you have running you could be completely safe - or they could gain complete control of your computer.

So given these levels, what can you do?

• Assume nothing sent over http is safe, chances are it is, but assume it's not.
• Use a VPN, this encrypts all information leaving your computer to an external server. Think of it as https for everything.
• If you're getting into 0.001% territory, and you have something that's actually valuable on your computer the best option is just to not plug it in. Get a mobile modem or use some other method. Much less convenient, much more safe.

As with all security, there is no right answer. There is simply convenience on one side and security on the other. You have to slide along the scale to suit your needs.