DEF CON was this past weekend, and in usual fashion, the staff of the convention had projected onto a screen the “Wall of Sheep”: a list of usernames and obfuscated passwords that were transmitted in the clear on the convention’s wireless network. As DEF CON has doubtlessly the most hostile wireless network ever seen, ensuring that all transmissions are conducted in a secure fashion is paramount at this particular convention.
With the proliferation of publicly accessible wireless networks, one must be certain to use caution when checking things such as email. Some email providers have SSL enabled, so that solves that problem, but what about unencrypted web page logins, like forums? How does one secure these?
My solution to secure all traffic uses OpenVPN, a freely available VPN solution that works on pretty much any operating system. I won’t go into excessive detail in this post, but it is actually fairly easy to set up. My first brush with it was when I ran IPCop on my router machine. The OpenVPN add-on for IPCop, ZERINA, generates configuration bundle zip files that make connecting simple. Setting up one from scratch isn’t much more difficult, but it can be time-consuming to set up properly.
OpenVPN works great for a temporary tunnel, but for something more permanent, IPsec is a better choice as it requires less CPU overhead. The configuration of IPsec is beyond the scope of this post, however.
I’ll write a follow-up to this in the next few days explaining my setup, but for now know that if you’re going to be using an open, unencrypted wireless network, be aware that passing cleartext passwords can be a very perilous mistake.