[Veltliner]

If your computer is part of an airport network, how can you make sure the administrator or other members do not have access to your computer and its data?

I have the firewall on - if that helps, including the extras like stealth mode.

[philm]

You would need to have sharing on, so if that is not done, you should be OK.

[Sherman Homan]

And of course you are connecting with WPA encryption, right?

[Cold Warrior]

Even with WPA and (assuming) a single password for all users on the LAN, shouldn't a sysadmin still have read access to non-encrypted packets (non-SFTP/HTTPS/SSH/SSL) ?

[Sherman Homan]

You are right Cold Warrior, the admin is the only one who could create WPA password so he or anyone with that password could sniff those packets. Still couldn't access the user's hard drive although in an Open Directory or Active Directory setup that would change.

[chabig]

But the bottom line, Veltliner, is that if you keep File Sharing off, nobody can access your data.

[Veltliner]

Thanks for your replies!

Now I can really turn off FileVault.

Checking if file sharing was off was one of the first things I checked on the new computer. But I didn't know this made it so safe. When you see all those Windows owners with their hunted expressions regading security you can hardly believe it's so simple on a Mac.


Regarding the outgoing packets, containing sometimes a credit card number or access to an internet banking account, is this protectable by switching on any kind of encryption in Safari? Or is this encryption on automatically? (isn't there some banking standard to be met by web browsers?).

And is WPA encryption pretection on the network side or on the user side?

[Sherman Homan]

WPA is in effect between your laptop and the wireless router. It is not in effect over cabled systems, certainly not out of your house/office. However, 128 bit encryption is established between your web browser and the https web site. So when you are doing your on-line banking your data is doubly encrypted from your wireless laptop to the router. Those encrypted packets are not going to be hacked by your admin... unless you are working for the NSA!

[ghporter]

The NSA is MUCH too busy to be interested in you and me! SSL encryption (which Sherman described as 128 bit encryption-it's REALLY robust and session-specific) is really more than you need even for such sensitive transactions as banking. You can read what Verisign says about SSL here. Normal surfing really doesn't need any protection, but when you're passing sensitive information, SSL (which has evolved from "Secure Sockets Layer" into "Tranport Layer Security" to denote where in the network system it works) is what you need.

[Veltliner]

Originally Posted by Sherman Homan 

You are right Cold Warrior, the admin is the only one who could create WPA password so he or anyone with that password could sniff those packets. Still couldn't access the user's hard drive although in an Open Directory or Active Directory setup that would change.

The following question is in reaction to Sherman Homan's post:

So, if you use a browser that does encrypt the sent information, even a network administrator with all the codewords couldn't access your connection with a bank?

[Cold Warrior]

Browsers use SSL and certificates. They're encrypted point-to-point, from browser to site, so you're ok there.

[Veltliner]

Thanks!

[ghporter]

Originally Posted by Veltliner 

The following question is in reaction to Sherman Homan's post:

So, if you use a browser that does encrypt the sent information, even a network administrator with all the codewords couldn't access your connection with a bank?

That is 100% absolutely correct. An SSL encrypted session uses keys that are only good for that session, and are never used again. It is computationally infeasible to break this particular form of encryption, and NOBODY, in particular your network administrator, has access to the keys because they are generated automatically and discarded as soon as the seesion ends. You're completely secure using this sort of security.