Traveling with a router

[Mark F]

I've got confidential stuff on my laptop and want to hook up a router between my laptop and the hotel / motel wi-fi. Is it as simple as just plugging the router in to the hook up with an ethernet cable? Has anyone been doing this?

Thanks.

[DarkPenguin]

It should be as simple as you describe.  But I'm not sure what the benefit would be over a software firewall like Comodo, Zone Alarm, PC Tools or Outpost.

Are your confidential files on an encrypted file system?

[francois]

I've got confidential stuff on my laptop and want to hook up a router between my laptop and the hotel / motel wi-fi. Is it as simple as just plugging the router in to the hook up with an ethernet cable? Has anyone been doing this?

Thanks.

Sometimes, I take a Apple Airport Express with me. It's compact and does all the basic stuff I need. It also allows me to charge my iPhone/iPod etc...

http://www.apple.com/airportexpress/

[David Sutton]

Or forget wi-fi and get a cheap wireless modem and sim card.

[keithrsmith]

If it's confidential it should be encrypted - hacking the pc is the least problem - theft much more likely.

A router probably won't work.  Your PC wil get a DHCP address for the network, A router won't be using DHCP to get it's upside address.

Put your confidential stuff on an external hard drive - with an encryted file system.  Disconnect the drive when on the net.

an air gap is a pretty good firewall

keith

[Jonathan Wienke]

I've got confidential stuff on my laptop and want to hook up a router between my laptop and the hotel / motel wi-fi. Is it as simple as just plugging the router in to the hook up with an ethernet cable? Has anyone been doing this?

My experience is that most hotels don't have ethernet jacks in each room; they expect people to use a wireless connection to their network. If they do have an ethernet jack, you can simply configure your router's WAN port to use DCHP autoconfiguration and plug the WAN port into their ethernet jack. But if all they have is wireless connectivity, that won't work without extra hardware.

You'll need to have a wireless access point (not a router) like a Linksys WAP54G configured to be a wireless client instead of an access point, and program it with the SSID and encryption key for the hotel network. Then connect the WAN port on the router to the ethernet port on the access point (you may need a crossover cable) and make sure that the router wireless is set to a different channel than the hotel wireless network. Then you can connect to your router either wirelessly or via a cable and internet traffic will be routed through the WAN port to the access point and on to the hotel network. It's more hassle than simply installing a firewall on your laptop, but definitely more secure. You can also use the router to make a private network for your devices without them being visible to or accessible from the hotel network.

[Pete_G]

I'd forget trying to hack the comms systems in hotels. Encrypt your files. Have a look at Truecrypt. It's free and works very well.

[DiaAzul]

If all you want to do is connect to the internet to browse the web and send/receive e-mails then all you need to do is use either an ethernet connection from your laptop or built in WiFi to access the hotels network. The hotel will usually give/sell a password so that you can access the system much like any hotspot network. You will need to ensure that you have a software firewall on your laptop (or at least make sure that you have locked down open ports and service - e.g. shared folders, music sharing, etc...) so that you are not broadcasting your information to other users on the network. If you are using Windows then selecting that you are on a public network is sufficient to lock down the machine (I don't know about Apple, but I am assuming that it has a software firewall capability and settings to choose different profiles to protect the machine when you are on different networks).

If you don't want to use the hotel network the you may wish to consider getting a mobile data dongle. In Europe these are now very cheap and allow ubiquitous access to the internet wherever you happen to be. Speeds and coverage have improved dramatically in the last couple of months as operators have upgraded their infrastructure to cope with the explosion of data on their networks (iPhone, dongles, etc...) and data rates are rising rapidly (up to 50Mbps if you are in Stockholm, though generally 7.2 - 21Mbps).

[Jonathan Wienke]

I'd forget trying to hack the comms systems in hotels. Encrypt your files. Have a look at Truecrypt. It's free and works very well.

Truecrypt is great and I recommend it, but it won't stop a malicious hotel guest from hacking your machine if you don't have a good software or hardware firewall between you and the hacker. Encryption offers zero protection if a hacker is able to install a keylogger on your machine and capture your encryption password/key. What TrueCrypt is designed to do is prevent unauthorized data access in the event your computer or external storage devices fall into unauthorized hands. If your laptop is stolen, Truecrypt can prevent the thief from accessing the data on your hard drive, but it won't prevent a hacker from compromising your machine with a keylogger or other malware and accessing the data after you've entered the decryption keyphrase.

[Mark F]

I will have confidential files on my HD and also will be using the web for confidential stuff. While the files and site access are keyword protected, I am afraid of keylogging software and have always read that hardware is better protection by far than firewall software. That's why I plan to take a router.

I can put the confidential files on an external drive or dongle but that does not solve the internet keylogging issue. But it sounds like that only has a chance of working in those rooms that have an actual ethernet port and if I manage to configure my router with DHCP auto-configuration.

Well, I have no choice except to give it a try. Thanks to all.

[Bob Peterson]

I've got confidential stuff on my laptop and want to hook up a router between my laptop and the hotel / motel wi-fi. Is it as simple as just plugging the router in to the hook up with an ethernet cable? Has anyone been doing this?

Thanks.

Most wireless routers cannot act as a WiFi client, i.e., they cannot connect to the Internet via a WiFI network.  They're designed to connect wireless clients to a wired network.

Take a look at a "travel router" that operates in three modes: as an access point, a WiFi client, or as a router.  The Trendnet 300Mbps Wireless N Travel Router and the D-Link DWL-G730AP are examples.  As a WiFi access point/router, the device will sit between a hotel's wired network provide your laptop a wireless connection. As a WiFi client the travel router connects to the hotel's WiFi network and provides your laptop an RJ-45.  In client mode the D-Link also translates the IP addresses, providing a bit of additional security.

Bob

[Justan]

I think the OP has a misunderstanding of how router encryption works. Most routers only encrypt data between the client and the router. After data reaches the router its usually decrypted and sent to the next hop. If your goal is to protect the data from snooping, your idea will, at best, only partially do this. Most so-called software firewalls are the same in this regard.

OTOH, some programs (such as MS office) do a great job of encryption along with password protection

Cisco, amongst others makes some routers which encrypt the data at the router, and then the router creates an encrypted connection with another, similar router and the other router does the decryption. If you don’t have this setup, your idea will only add complexity for you but not gain much of anything by way of added security.

If you don’t want others to have access the data, encrypt the data itself.

[Mark F]

Justan, I am not sure I am following you.  Are you saying that  the data leaving my router does not go directly to the internet provider, and can still be intercepted?  A router would still give protection against a hacker reaching the files on my HD though?

I think the OP has a misunderstanding of how router encryption works. Most routers only encrypt data between the client and the router. After data reaches the router its usually decrypted and sent to the next hop. If your goal is to protect the data from snooping, your idea will, at best, only partially do this. Most so-called software firewalls are the same in this regard.

OTOH, some programs (such as MS office) do a great job of encryption along with password protection

Cisco, amongst others makes some routers which encrypt the data at the router, and then the router creates an encrypted connection with another, similar router and the other router does the decryption. If you don't have this setup, your idea will only add complexity for you but not gain much of anything by way of added security.

If you don't want others to have access the data, encrypt the data itself.

[Jonathan Wienke]

Cisco, amongst others makes some routers which encrypt the data at the router, and then the router creates an encrypted connection with another, similar router and the other router does the decryption. If you don’t have this setup, your idea will only add complexity for you but not gain much of anything by way of added security.

This functionality is called VPN, or virtual private network. AFAIK no wireless access point/router can act as an access point and a wireless client (like a laptop, iPod, etc) at the same time. Some access points, such as the WAP54G can be configured either way, as either an access point that other devices connect to, or a client that connects to a separate wireless access point. When in client mode, the WAP54G can be configured with the SSID and encryption passkey (if there is one) of the hotel's wireless network. You can use that to connect your normal wireless router/firewall to the hotel network. In this way you can access the hotel wireless internet even in the absence of an ethernet jack, and still keep all your devices behind a firewall to keep malicious hotel guests from hacking your laptop.

The only way to ensure the security of data leaving your private network behind your router is encryption. If the site you are communicating with has SSL capabilities (as is common with most banks and other sites that involve financial transactions), then when you connect to the site via HTTPS your data is automatically encrypted. If this is not available, you will need to encrypt the data yourself. GPG4Win is a good tool for encrypting individual files; conveniently, it has an Outlook plug-in that adds encryption functionality for emails and their attachments within Outlook.

Basically you need 3 things for security:

• Whole hard drive encryption such as TrueCrypt to protect the data on your hard drives and other storage devices to prevent access to the data in the event they are lost or stolen.
• EMail/file encryption to protect emails and files being sent via the internet so they cannot be read by anyone monitoring the connection between you and the recipient of the file or data.
• A good (preferably hardware) firewall between your computers and storage devices to prevent malicious users sharing the same internet connection from accessing your devices and installing keyloggers and other malware. I'd recommend using software and hardware firewalls, plus good anti-virus software. A layered defense will make it harder to be hacked.

[Pete_G]

There's a useful guide to easy keylogger protection at:

http://www.lazybit.com/index.php/2007/03/0...otection?blog=2

Also, using Truecrypt, you don't have to encypt your entire HD, you can just create a "TrueCrypt Volume" that is a single file that can contain only your sensitive data. This volume can
also be hidden from anyone browsing your computer, google "plausible deniability" or check the TrueCrypt site.

Ultimately, I suppose, any system can be cracked. it's up to the individual to decide to what lengths one needs to go to be safe. Sometimes it seems one could spend one's whole life working
on security leaving no time for anything else.

[Mark F]

Wow! Getting an education here, thanks very much guys and especially Jonathan for taking the time to give detailed answers. Encryption seems like a good idea in any case. I have been relying on passwords on the boot and to get into the sensitive software.

Jonathan, when I looked at the WAP54G on Amazon it is described as having WEP protection only. There is another model for just a few dollars more, WRT54G2 that has WPA protection and otherwise seems to do the same thing. Am I right?

[Jonathan Wienke]

I'd go for the newer revision. WEP can be cracked in a few minutes by commonly-available freeware programs. WPA is also crackable, but it takes much longer. AFAIK, only WPA-2 is really secure.

The caveat to all this is that wireless encryption only protects the wireless link between your device and the access point it connects to. Once the data leaves that access point and goes out on to the internet, it can be monitored by anyone with a packet sniffer anywhere on the internet between you and the destination site. The most important wireless link to encrypt is the one behind your firewall/router. Encrypting the wireless link on the Internet side of the router is kind of like wearing a condom that is only 1 inch long--it might be helpful in some situations, but should not be the only protection you relying on. If you're sending sensitive data over the internet, it should only go through an SSL-encrypted link (web traffic) or in encrypted form using GPG4Win or something similar.

The main reason to go with the newer version is for the ability to connect to WPA-encrypted wireless networks.

[Justan]

> Are you saying that the data leaving my router does not go directly to the internet provider, and can still be intercepted?

I can’t give you one answer for every conceivable situation, but in brief, your data can be monitored by the establishment you’re at and at every junction point upstream from them.

Here is how connectivity to the web works for a hotel or similar infrastructure. I’ll illustrate an easy to follow model:

Say your hotel room has wireless access. You use it. You are connecting to the hotel’s wireless network. The hotel has to connect to the web somehow and they probably use a different router then they have you use. What this means is that all web destined traffic is going to eventually pass through that other router.

If your room has wired access, the same principal applies.

Anyone with access to the hotel’s network, can, in theory, monitor everything you do over the network. The ISP that they use can monitor everything. The trunk to which the ISP connects can monitor everything. The NSA is said to also monitors everything. And in fact at every router point or “hop” between you and your data’s destination, the data can be monitored.

> A router would still give protection against a hacker reaching the files on my HD though?

It would provide some protection. But unless your computer is very locked down – meaning no inbound ports are open - someone who wanted to get at your computer may be able to do so.  And if someone stole your HD they’d have access to everything.

That’s why it’s smart to encrypt data. You ultimately streamline your headache by doing so. Some of the latest notebooks and external hard drives use finger print encryption or passwords. Easier than than lugging a router and having to mess with it for different networks.

If you want to protect your communications from most all but the destination take a look at Cisco’s offerings or better yet give them a call and they’ll be happy to talk you through the details. They are remarkably good at communicating in English rather than technobabble, but some technobabble is unavoidable. Here's a link to their overview of VPNs

http://www.cisco.com/en/US/products/ps5743...YWORD=cisco+vpn

[John.Murray]

After reading and rereading all of the above, Jonathan is the most substantially correct.  What gets confusing is how the various items get bundled into various product options:

A Router is simply a device that sends information from one subnet to another.

A wireless access point is technically a Bridge.  A bridge is not capable of communicating across networks, only within a single sub-net.  All traffic on a sub-net appears on the bridge, in network terms, it's promiscuous.  As Jonathan mentioned, wireless encryption is only effective on the wireless segment, not the subnet the access point is on.

A firewall is software that inspects and filters TCP-IP traffice, typically by port.  Web browsing typically is over port 80, email traffic is over port 25, Windows file sharing over port 139.  A firewall that blocks port 139 will prevent hosts from detecting and access Windows File Shares.....  Some firewalls are even more sophisticated, offering statefull packet inspection - in other words, able to determine whether packets are part of an established TCP session or not....

Most "wireless routers" combine these 3 items.

Some routers offer VPN capabilties, but that really only muddies the discussion here.  A VPN is simply an encrypted TCP session between two hosts and/or two networks.

Again looking at your original question, I agree that filebased encryption is the best approach.  If you happen to be running Windows, take a look at the NTFS encrypted filesystem option - it's very good.

[titan]

I'd say forget the router altogether. A simpler solution would be to install a firewall, other than Windows Firewall, on your computer and set up an SSH proxy for your browser to use. Such a solution will alleviate any complications that may come up from conflicting networks, and ensures that all data that goes to and from your laptop is encrypted regardless of the encryption method that hotel or motel employs, if at all.

Comodo Firewall, for example, will allow you to define different profiles to use at your discretion.

And have a look at this article that guides you through the steps to setting up an SSH proxy:
http://kimmo.suominen.com/docs/proxy-through-ssh/

Setting up the servers to do such things isn't very difficult either, but given this late hour and my having to wake up early, I'll have to get back to you on this.