Much is talking about Firesheep, the latest hype that has jumped to the forefront information showing something that has been talked about more specific forums for some time (the insecurity of many web services do not implement SSL correctly.)
As many people have been interested in the subject and in particular by protecting yourself, we will respond in a concise form as possible to the question of how to defend against and generally Firesheep attacks involving 'sniffing' the network:
Solutions that mitigate attacks as part of Firesheep:
Tools generating 'noise';
- ->> Benefits: This application injects bogus traffic on
the network to Firesheep confuse and hinder its work.
->> Disadvantages: If you use the analogy of the story of the wolf and the three little pigs, this would be the house of straw, easily avoidable, only useful as part of the defensive strategy, not as a final solution
[*] FireShepherd
Browser extensions to 'force' the use of SSL:
- ->> Benefits: You can force the connections to servers
using SSL
->> Disadvantages: Not all services are supported, you can get SSL sessions to Facebook or Twitter, but not for other services such as Tuenti.
[*] HTTPS Everywhere (Firefox)
[*] Force-TLS (Firefox)
[*] SSL KB Enforcer (Chrome)
Extensions for browsers that encrypt all the navigation:
- ->> Benefits: You can encrypt all traffic navigation, protects the traffic between you -> server TOR
->> Disadvantages: Poor reliability in the management of the end (TOR service) depends on the goodwill of those who run the server TOR
[*] Torbutton (Firefox)
Solutions that provide comprehensive protection:
VPN based SSH:
- ->> Benefits: Complete protection of navigation, allows for 'bypass' proxies
->> Cons: Cumbersome to implement, requires "putting your hands in flour '
VPN Support:
- ->> Benefits: Complete protection of navigation, VPN
services with guaranteed service
->> Disadvantages: it has an associated cost
[*] WiTopia
[*] TuVPN
Free VPN:
- ->> Benefits: Complete protection of navigation
->> Cons: The service is offered without warranty and limitations on use, ideal for private use, not professional profiles
[*] ProXPN
[*] ItsHidden
0 Comments:
Post a Comment