banner
Wind_Mask

Wind_Mask

Wind_Mask,technically me.
github
email

Reflections on Secret (3): Connection

Topic#

Security of Network Connections: The Issue of a Line. In this article, we will not discuss the issues of web services, but rather focus on the process of connection and the potential risks within the link.

Physical Connection#

Private Lines#

Home connection lines are within one's control, but there are significant differences depending on the specific situation of the Internet Service Provider (ISP). Generally, it is best to assume low trust and design security strategies accordingly. This means that even in private connections, plaintext transmission should be avoided.

Public Connections#

A commonly used connection is a VPN, which is bound by certain physical conditions and is similar to accessing an internal network. Obviously, they are not suitable for your secrets (although they may be used for certain secrets, such as company confidentiality). They certainly require authentication and are often used for specific purposes. Perhaps attackers will focus on how to bypass the risks brought by authentication, but this is not our concern for the purpose of protection. For ordinary people, the advice is not to use the company's network for your private connections (unless you have other intentions) (of course, there are also campus networks... which are essentially the same. We should ultimately consider security at a higher level, similar to connecting to public networks, or even more difficult).

Cellular Networks#

Cellular networks are generally reliable, but in the context of this article, they are not the most trustworthy. The issues involve the local ISP and your SIM card service. When unwilling to introduce complex elements, it may be advisable to avoid wireless connections.

There are also reports indicating that 2G and 3G networks have some exploitable attack surfaces. In short, to reduce complexity, wireless connections should maintain the independent security of the upper-layer applications.

Public Wi-Fi12#

This is not something to be considered normally, and it is also a contradiction in terms of secret issues: means of improving security at a certain level can be more dangerous at a higher level, and vice versa.

TL-WN722N-01

One idea is to use an antenna (as shown in the image) to connect to public Wi-Fi from a distance. This is indeed not a normal practice, and from a logical perspective, the better choice is not to use public Wi-Fi to expose information. However, in a certain sense, this has certain special effects compared to cellular networks...

Wireless connections are not meaningless, but they involve not the secrets themselves, but you.

Connection Devices#

There is evidence that MAC addresses pose tracking risks. Many operating systems now provide designs for randomizing MAC addresses, but please don't forget to check this. In addition, devices such as routers may also create similar risks (in fact, overly intelligent routers themselves are unsettling), and routers may also record relevant information3.

Smartphones have never been considered a secure choice4, and in fact, they are not suitable for complex activities. Not all work can be compatible with smartphones (this is a fact). However, there is indeed a need for investigation. In this regard, the best practices are provided by travelers, who have told us to use disposable devices and temporary keys.

If we take a step back, is the iPhone more secure than Android? There is no definitive conclusion. It depends on the evaluation criteria, but taking a few more steps back, the iPhone does indeed guarantee the security of commonly used secrets5. However, for special situations, Android's customization provides some means, and the reliability of these means still needs further research.

Desktops are considered the standard consideration, and their configuration has been mentioned in (2). Depending on your threat model, adopt appropriate designs. In addition, the information left by connections may also pose threats. For example, records of connected Ethernet and Wi-Fi networks6.

Reverse Connections#

Yes, reverse connections7.

So the question to ask ourselves is: "where is an acceptable place to communicate securely with another party."

The best answer I think is: in person.

Footnotes#

  1. Finding safe places with decent public Wi-Fi for better privacy - Privacy Guides

  2. Using long-range Antenna to connect to Public Wi-Fis from a safe distance - Privacy Guides

  3. You can be tracked via your Wi-Fi or Ethernet MAC address - Privacy Guides

  4. Warning about smartphones and smart devices - Privacy Guides

  5. Apple's iMessage Service and Privacy - Privacy Guides

  6. wifiPass

  7. Acceptable Places to Communicate Securely with Another Party - Privacy Guides

Loading...
Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.