Or we have all read about hackers intercepting WiFi data at coffee shops, stealing credit card numbers, social security numbers, etc.
CALEA support (all HauteSpot routers support CALEA). This is a way to capture everything that passes through the router to a file that can later be read. Typically this is done with a warrant if you are the government, but sometimes without. Hackers can do the same thing.
As surveillance moves to VSaaS (video surveillance as a service), using appropriate measures to protect your communications is essential. Not only do you prevent a lot of headaches, but you may keep yourself from being sued for not taking adequate steps to safeguard your customers data and networks.
For what it is worth, here are a couple of suggestions that I have to implement good security practices while using the Web.
First a couple of definitions:
In the pre-shared key model, two users basically create a long random key or pass phrase. This key or pass phrase is then sent to the other person. Then every message sent or connection made from that point forward requires the key to be exchanged and verified to what is already known. It is more complex than this, but in general this is how pre-shared keys work. The problem with this is that you have to know the person or machine first in order to get the key from them to start with. You can't know everyone.
The other method of Authentication is through a trusted third party. There are many commercial companies that provide these services which are known as certificate authorities (CA), but the biggies are VeriSign, GlobalSign, GeoTrust, and many others. These companies are well known and make it their business to verify the identity of many companies. The certificate authority will issue a CA Certificate, which is a complex key and identification data that can be stored on your computer. This certificate is used for you to verify the identity of the CA.
The certificate authority will also issue certificates to users. Basically the user creates a long key or certificate request on the server computer that he wants to authenticate. This is sent to the CA along with a whole bunch of verifying information like bank account information, business license data, D&B data etc. The CA then issues a certificate which is installed on the server computer by the user. Now every time someone wants to connect to that server computer, the client gets the certificate from the server, verifies the certificate from the CA, and then connects to the server knowing that is it really the server he wanted.
You can think of this as asking for an introduction from the CA to the server that you want to connect to. If you trust the CA, then you can trust the introduction. In a perfect world you would verify the identity of every server (link) that you connect to on the web. We are not there yet.
The level of complexity of encryption is generally measured in key length. A long key of 2048 bits is hard. A short key of 64 bits is not so hard. A key of 128 bits is enough for most generally needs. More is better. If encryption is available and relatively fast, why wouldn't you use it for everything?
Firefox as your browser - Firefox is an open source browser that is not tied to any corporation, and therefore less likely to be used for sniffing of your personal data. You have to weigh this against performance and the potential risk that an open product represents. But Firefox has a very good track record. Also, it has lots of security plug ins available and an anonymous browsing mode.
Microsoft IE and Chrome are great browsers, but they were developed by companies who have a vested interest in intruding in your privacy. Can they be trusted? Not a great track record, in my opinion.
Suggestion 2 - Use SSL as much as possible in your web browser. SSL (Secure Sockets Layer) is a network communication protocol developed by Netscape for authentication and encryption of web traffic. SSL authenticates a servers identity using a certificate and then encrypts all of the data exchanged with that server.
By using SSL you assure that you know that the server that you are communicating with is whom you think it is. And you also encrypt your communications to that server so that hackers and others cannot see what you are sending.
If you use Firefox, then the Electronic Freedom Foundation offers a tool that makes your browser first check to see if SSL is available before reverting to unsecure mode. HTTPS Everywhere makes it easy to at least try to secure your connections. This is a zero effort step to improve your safety.
Suggestion 3 - Enable SSL in your email client to connect to your mail server. This is a complex topic and I won't provide details on configuring your client. But if you use Outlook, Thunderbird, or other similar clients, you should make sure that your SMTP server and your IMAP or POP3 server connections use SSL. Many ISPs still use unencrypted connections for email. Definitely not good.
Suggestion 4 - Use certificates in your email. This step sometimes can create problems. Not everyone has a mail client that can read encrypted and authenticated mail. Some mail servers will bounce your mail. But in general, it works pretty well. You can get a free certificate to install in your mail client from a number of sources: Comodo, StartCom, Secorio, TCTrustCenter and others.
If you are going to be surfing the Internet with no particular destination in mind private browsing is a good idea. Then when you go to your bank or check your stocks, flip back to normal mode. You will lose all of your cookies at the end of session along with form data, etc, so if you planning on going back to a site later, maybe you want to use normal mode with SSL.
Suggestion 6 - Use a VPN. A virtual private network encrypts your network connection from end to end. There are lots of VPN solutions out in the market. I would suggest either setting up your own gateway at your office using something like a HauteSpot WRAPNXi router. Then you can run PPTP, L2TP or OpenVPN to dial in. There are also many different service providers that give you a cloud to VPN over. This is a more complex topic, but basically a VPN will secure your connections when connecting to remote sites or from your laptop or PDA to your office.
Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. Tor provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy.
Some attackers spy on multiple parts of the Internet and use sophisticated statistical techniques to track the communications patterns of many different organizations and individuals. Encryption does not help against these attackers, since it only hides the content of Internet traffic, not the headers.
Tor helps to reduce the risks of both simple and sophisticated traffic analysis by distributing your transactions over several places on the Internet, so no single point can link you to your destination. The idea is similar to using a twisty, hard-to-follow route in order to throw off somebody who is tailing you — and then periodically erasing your footprints.
Tor makes it very difficult to sniff your data over the network.
Suggestion 8 - Use an external password vault. Up until recently I used the saved password feature of my web browser to save my web site passwords. I should know better. I am sure that soon, if not already, someone will have figured out how to hack this. So I started using LastPass, which is a secure password vault. You have to make the leap of faith that LastPass can be trusted, but the reviews seem pretty good.
LastPass moves all of your passwords off site. You create an account and then secure it with a really good, long password. A plug in for your browser then grabs passwords from your vault when you visit sites.
Why do this? Well with a password vault you can then type in really long, random passwords that are difficult to break for all of your web sites. Save these really hard passwords in your vault. Then rely on your one password to protect all the others. Also, the passwords are available on other systems like your smartphone. Again, takes a leap of faith, but I think it is better than the alternatives of short, easy passwords stored in your web browser.
Suggestion 9 - Do the obvious. Have a good virus scanner, use a firewall, don't visit hacker sites and don't install pirate software.
Hope this helps protect you and your customers.