I use a wireless internet connection (secured WPA-personal) and no one other
than me knows the password for it. Can anybody/ISP see what I am doing on the
internet? I use Skype and Yahoo Messenger to talk to my family overseas. Can
others hear and see what I do on the Skype & Yahoo video? If the answer is
yes, can you please tell me how can I secure it?
There are a couple of important potential misunderstandings of just how
wireless security works, how far it works, and what you can do – if anything –
beyond the reach of that security.
Let’s look at exactly what kind of security wireless connections give
you.
]]>
<
This is a simple and common scenario: your laptop is connected via WiFi to a wireless access point, which is in turn connected to (or part of) your broadband router. That router is then connected to your ISP over your broadband connection. Your ISP is connected to the internet, and at the far end the internet is connected to whatever service or web site you happen to be using.
Without any additional security like WPA or https or a VPN, the entire conversation that happens over that wire is “in the clear”, meaning that anyone who can connect to any of the points along the way can listen in to your conversation.
This is particularly important for wireless connections because anyone within range – usually around 300 feet – can in fact connect to and listen in.
•
Wireless Security
That ease with which people can listen in to the wireless conversation is why security people so often and so strongly recommend that wireless connections be secured with encryption, and specifically WPA.
But what does that add to the picture?
I’ll put it this way: wireless security only secures the wireless portion of the connection.
Wireless security only encrypts the data traveling between your laptop and the wireless access point. The access point then decrypts it, and sends it on its way. The rest of the connection to the remote site is unaffected by wireless security.
Now, you might be asking “what’s the point, then?” The point is simple: the wireless connection is by far the most vulnerable. Anyone within range can listen in. To gain access to the rest of the connection that someone else must actually gain physical access to the connection somehow – while not impossible, is a much more difficult task. Even by securing only the wireless portion of the conversation, you’ve eliminated perhaps the single riskiest part of the entire scenario.
But, yes, to continue your question: everything past that point is still visible to your ISP and anyone who cares to listen in along the way. For that we need more.
•
HTTPS and SSL
SSL, (or more properly in many situations “TLS” for Transport Layer Security) is technology that encrypts the entire connection end-to-end. It’s the ideal solution for sensitive data, and is what banks and other services use when you connect via “https”.
In this case, regardless of your wireless security – or any other security along the way – the entire conversation between your laptop and the remote site is encrypted; no one in between can listen in.
But there’s a catch: the remote site needs to support it, and not all do.
To use your example: does Skype use it? I don’t know, but I’d expect not. Does your instant messaging program use it? I’d bet not. And if they don’t there’s no way to force them to. You can only encrypt the entire connection if the remote service supports encryption. There’s just no way around that.
The only way to be sure is to check with that service and find out what your options are. A great example is email – more and more email providers are now making secure connections available. Whereas in the past, the email you downloaded was “in the clear” and visible to anyone listening in; using a secure connection prevents that by using encryption.
•
VPNs – a partial solution
You can use a VPN, or Virtual Private Network, to encrypt part of the conversation. You can encrypt more than you would with wireless, but it still won’t be end to end.
At the consumer level a VPN for this purpose would be something like http://www.hotspotvpn.com/ (not a recommendation, per se, just an example of this class of service).
HotSpotVPN provides a server on the internet to which you connect to securely.
As you can see, everything that travels between your laptop and the VPN service is encrypted. No one else on your network can listen in, and neither can your ISP.
However…
-
Once past the VPN service, the information is no longer encrypted.
-
The VPN service itself must be trustworthy, since they’re decrypting the data before sending it on.
Remember, there’s no way to get end-to-end encryption without the support of both ends. A VPN gets you further – bypassing your ISP for example – but ultimately, if what you’re connecting to does not support encryption itself, even a VPN cannot help secure that last leg of the connection.
“does Skype use it? I don’t know, but I’d expect not”
Actually Skype has been encrypting everything for years, if not from the very beginning:
http://www.skype.com/security/security/
The independent security evaluation linked-to on the page above is an interesting read.
This is a nice article. Another solution is SSH. Setup a linux box with SSH enabled on it. Leave it on at your home connected to your internet. Take your windows laptop or home computer, get putty on it, download xming for xforwarding and ssh into the linux box and wa lah, everything end to end is encrypted under SSH protocol. Is it slow? A little bit but not to frustrating for internet use.