Jump to content
Cruise Critic Community

Internet security on cruise ship

Kmcspoon

By Kmcspoon,
in Royal Caribbean International

 Share

Recommended Posts

serialcruiser48

serialcruiser48

Posted
Posted
Thank you for all the helpful replies. We do have our bank set up to pay bills while we are gone, but we would like the flexibility to monitor the accounts while traveling.

 

I see the value of a VPN, but the initial research makes my head spin on which to chose.

 

If anyone has a VPN that they love, please let me know!

 

Banking over an open network is ill advised. Always use a VPN service for any sensitive transaction.

I use Witopia and its $50 a year. You can find a free service, but you need to trust the service so choose wisely.

Link to comment
Share on other sites
markeb Great Review Rare

markeb

Posted
Posted
Banking over an open network is ill advised. Always use a VPN service for any sensitive transaction.

I use Witopia and its $50 a year. You can find a free service, but you need to trust the service so choose wisely.

 

The VPN connects you to a home or office network. It makes it appear you're on that network, but I'm not understanding how it creates a more secure connection to your bank? Maybe it does, but I don't understand how.

Link to comment
Share on other sites
serialcruiser48

serialcruiser48

Posted
Posted
At my home I have a VPN server running on a Linux based Raspberry Pi. I initially set it up with PPTP but found that PPTP doesn't necessarily negotiate through all NAT implementations. The NAT implementation must support the CallID field. I don't know what NAT implementation the cruise ships use.

 

I switched the the SSL based OpenVPN which can be configured to use any port. To get around firewall blocks and NAT issues, many people will set it to either port 80 or 443.

 

I have not tried any of the IKEV1, IKEV2, or L2TP.

 

I am not sure which system Cisco AnyConnect uses.

 

I just purchased a Rasberry Pi SBC, but not so sure about its reliability. Do you have a static IP or do you use noip or similar service?

Link to comment
Share on other sites
Clarea

Clarea

Posted
Posted
The VPN connects you to a home or office network. It makes it appear you're on that network, but I'm not understanding how it creates a more secure connection to your bank? Maybe it does, but I don't understand how.

I'm also trying to understand what advantage the VPN has over an SSL connection.:confused:

Link to comment
Share on other sites
serialcruiser48

serialcruiser48

Posted
Posted
I'm also trying to understand what advantage the VPN has over an SSL connection.:confused:

 

SSL negotiation begins over the ships open network. Establishing a VPN tunnel before starting an SSL session gives you an added level of security.

These days, you can't have too much security when doing business over the Internet.

Link to comment
Share on other sites
Clarea

Clarea

Posted
Posted
SSL negotiation begins over the ships open network. Establishing a VPN tunnel before starting an SSL session gives you an added level of security.

These days, you can't have too much security when doing business over the Internet.

I understand what you said, but aren't you just substituting VPN negotiation for SSL negotiation? In other words, there's still negotiation going on over the the open network.

Link to comment
Share on other sites
cb at sea

cb at sea

Posted
Posted

There is NO security anywhere....just so you know! Hopefully, no one is searching for your password or whatever when you're online. I don't do ANY banking or payments or anything like that when I'm not at home. Too risky. If someone wants to watch me delete e-mails or see where I'm surfing on FB..so be it.

Link to comment
Share on other sites
blackshirt

blackshirt

Posted
Posted
The VPN connects you to a home or office network. It makes it appear you're on that network, but I'm not understanding how it creates a more secure connection to your bank? Maybe it does, but I don't understand how.

 

Unless the vpn is on the bank's internal network, it doesn't.

Link to comment
Share on other sites
markeb Great Review Rare

markeb

Posted
Posted
There is NO security anywhere....just so you know! Hopefully, no one is searching for your password or whatever when you're online. I don't do ANY banking or payments or anything like that when I'm not at home. Too risky. If someone wants to watch me delete e-mails or see where I'm surfing on FB..so be it.

 

Thank you. The NSA has your home address. The black helos just departed Quantico. Just disconnect from the world.

 

SSL is secure. Yes, it can be defeated, I'm sure, but not readily. I'd be far more concerned about a keystroke tracker on public computers than connecting on my own device over an SSL connection.

Link to comment
Share on other sites
William234

William234

Posted
Posted (edited)
I just purchased a Rasberry Pi SBC, but not so sure about its reliability. Do you have a static IP or do you use noip or similar service?

 

I use a dynamic DNS service. I've been running my RPi Model B2 for almost a year non-stop as a VPN server.

Edited by William234
Link to comment
Share on other sites
William234

William234

Posted
Posted
Thank you. The NSA has your home address. The black helos just departed Quantico. Just disconnect from the world.

 

SSL is secure. Yes, it can be defeated, I'm sure, but not readily. I'd be far more concerned about a keystroke tracker on public computers than connecting on my own device over an SSL connection.

 

The people that control the network can use tools like wireshark to sniff the traffic so anything that isn't encrypted is visable. (Email tends to be plaintext, most web browsing is.)

 

They can use router rules to forward your traffic through a web proxy which can, if properly configured, strip away SSL. Usually, this will throw an untrusted certificate error up but its not hard to get a signed certificate, just expensive.

 

An over simplified explanation for non techies, for VPNs, you keep a self created certificate locally on your machine, and that certificate pairs with one on the VPN server. If someone tries to play games in the middle, the VPN client won't be able to verify the remote ends certificate.

Link to comment
Share on other sites
markeb Great Review Rare

markeb

Posted
Posted
The people that control the network can use tools like wireshark to sniff the traffic so anything that isn't encrypted is visable. (Email tends to be plaintext, most web browsing is.)

 

They can use router rules to forward your traffic through a web proxy which can, if properly configured, strip away SSL. Usually, this will throw an untrusted certificate error up but its not hard to get a signed certificate, just expensive.

 

An over simplified explanation for non techies, for VPNs, you keep a self created certificate locally on your machine, and that certificate pairs with one on the VPN server. If someone tries to play games in the middle, the VPN client won't be able to verify the remote ends certificate.

 

Thanks.

 

That's why I'd be really reluctant to use a public network in say China, for instance. The VPN would give you a secure tunnel to your home domain (say XFinity, for instance) so you'd theoretically be as secure as at home? I'm probably more trusting in RCCL (which could be totally misplaced). I'm definitely cautious at internet cafes overseas, for instance. Most of the cases I've read of situations like you describe require the operator to be actively involved in the activity to break security.

 

And, yes, I use VPN for all connections with my office domain. And, they provide the software, hardware, and absolutely wouldn't let me use either on a cruise ship network!

Link to comment
Share on other sites
SPacificbound

SPacificbound

Posted
Posted
Thank you for all the helpful replies. We do have our bank set up to pay bills while we are gone, but we would like the flexibility to monitor the accounts while traveling.

 

I see the value of a VPN, but the initial research makes my head spin on which to chose.

 

If anyone has a VPN that they love, please let me know!

 

Avast Premier.

 

https://www.avast.com/en-us/secureline-vpn#pc

Link to comment
Share on other sites
William234

William234

Posted
Posted
Thanks.

 

That's why I'd be really reluctant to use a public network in say China, for instance. The VPN would give you a secure tunnel to your home domain (say XFinity, for instance) so you'd theoretically be as secure as at home? I'm probably more trusting in RCCL (which could be totally misplaced). I'm definitely cautious at internet cafes overseas, for instance. Most of the cases I've read of situations like you describe require the operator to be actively involved in the activity to break security.

 

And, yes, I use VPN for all connections with my office domain. And, they provide the software, hardware, and absolutely wouldn't let me use either on a cruise ship network!

 

If memory serves, the ships wifi is an unencrypted wifi network with a captive portal. You don't need to be the network admin to run apps like wireshark to sniff that.

Link to comment
Share on other sites
serialcruiser48

serialcruiser48

Posted
Posted
I understand what you said, but aren't you just substituting VPN negotiation for SSL negotiation? In other words, there's still negotiation going on over the the open network.

 

Think of VPN as a pipe between you and the POP, say Miami for example. So between you and Miami you can pass cookies inside the pipe and the cookie monsters looking at the pipe have no idea cookies are flowing inside the pipe. SSL at your house is just as secure as VPN and SSL on the ship provided you establish VPN prior to using SSL.

Link to comment
Share on other sites
Clarea

Clarea

Posted
Posted
Think of VPN as a pipe between you and the POP, say Miami for example. So between you and Miami you can pass cookies inside the pipe and the cookie monsters looking at the pipe have no idea cookies are flowing inside the pipe. SSL at your house is just as secure as VPN and SSL on the ship provided you establish VPN prior to using SSL.

I understand the concept of VPN, but still don't understand why VPN negotiation over an open WiFi is any better than SSL negotiation over open WiFi.

Link to comment
Share on other sites
Cigar King

Cigar King

Posted
Posted
The VPN connects you to a home or office network. It makes it appear you're on that network, but I'm not understanding how it creates a more secure connection to your bank? Maybe it does, but I don't understand how.

 

The VPN also typically encrypts your traffic.

Link to comment
Share on other sites
Cigar King

Cigar King

Posted
Posted
I'm also trying to understand what advantage the VPN has over an SSL connection.:confused:

 

I think the real advantage is SSL typically applies to your web traffic. A traditional VPN applies to all your traffic. So, lets say you read your mail via an application and not by just going to a web site. Wouldn't you want that connection encrypted as well?

 

BTW - mail is an easy example to understand, but the truth is it's probably encrypted already with TLS. Lot's of apps have encryption built in to them, and more every day.

Link to comment
Share on other sites
William234

William234

Posted
Posted
I think the real advantage is SSL typically applies to your web traffic. A traditional VPN applies to all your traffic. So, lets say you read your mail via an application and not by just going to a web site. Wouldn't you want that connection encrypted as well?

 

BTW - mail is an easy example to understand, but the truth is it's probably encrypted already with TLS. Lot's of apps have encryption built in to them, and more every day.

 

More and more IMAP (mail) servers are supporting SSL/TLS for email. But that won't stop a nefarious hot spot operator from performing a man in the middle attack.

Link to comment
Share on other sites
Clarea

Clarea

Posted
Posted
I think the real advantage is SSL typically applies to your web traffic. A traditional VPN applies to all your traffic. So, lets say you read your mail via an application and not by just going to a web site. Wouldn't you want that connection encrypted as well?

 

BTW - mail is an easy example to understand, but the truth is it's probably encrypted already with TLS. Lot's of apps have encryption built in to them, and more every day.

Sure, I agree, the VPN encrypts all traffic. However, in the example of someone needing to do some banking from the ship, I can't see a difference.

Link to comment
Share on other sites
ewenix

ewenix

Posted
Posted
I understand the concept of VPN, but still don't understand why VPN negotiation over an open WiFi is any better than SSL negotiation over open WiFi.

 

The negotiation process of SSL vs random VPN connection is subject to the same dangers. (Man in the middle attacks, DNS spoofing/cache poisoning, etc.)

 

Sure, the ship wifi is open. If it was encrypted (say WPA2) with a passphrase, they'd have to give everyone the passphrase which eliminates any real security you derive from it. In addition that traffic is only WPA2 encrypted from your device to wifi router/switch, not out on the internet.

(One of my duties at work is managing our wifi, which uses certificate based encryption.)

 

You would be hard pressed to find any US banking institution that doesn't force online banking tasks over an SSL'd HTTPS connection. (If they did they wouldn't pass a security audit and be out of regulatory compliance.)

 

One of those 'vpn' solutions mentioned in the thread has a FAQ which states that an HTTPS connection is a VPN. I'd argue that point somewhat, but even by their own definition online banking is over a VPN.

 

One of the downsides to a personal VPN solution like these is that they create the tunnel from your device to their network, then dump the traffic out to the internet. That causes problems if you're trying to use some services which use your IP address to determine geographic location. A common issue with this is people steaming TV or sporting events.

Secondly, since that VPN encryption only exists between you and the provider, once your request exits the providers network it is unencrypted unless you're in an HTTPS session.

Link to comment
Share on other sites
TubbyMrT

TubbyMrT

Posted
Posted

 

This is just not true. You will scan for available access points. If one is known to you and you have it set to connect automatically, you will connect. You do not broadcast a list of the SSIDs you are looking for.

 

As a networking expert, I can assure you that your computer is broadcasting and seeking out the entire list of SSID's that you have set up for auto connect. WiFi Pinapple is an inexpensive device you can purchase to monitor all WiFi traffic and then pose as an access point for which some computer is searching. These devices are becoming more popular.

Link to comment
Share on other sites
ewenix

ewenix

Posted
Posted
BTW - mail is an easy example to understand, but the truth is it's probably encrypted already with TLS. Lot's of apps have encryption built in to them, and more every day.

 

Most SMTP traffic is TLS encrypted, but not all and end users never know. I tell people that since you don't know you should expect email to have the same level of privacy as a message on postcard sent through the post office.

Link to comment
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share
Go to topic listing
  • Forum Jump
    • Categories
      • Welcome to Cruise Critic
      • ANNOUNCEMENT: Set Sail on Sun Princess®
      • Hurricane Zone 2024
      • Cruise Insurance Q&A w/ Steve Dasseos of Tripinsurancestore.com June 2024
      • New Cruisers
      • Cruise Lines “A – O”
      • Cruise Lines “P – Z”
      • River Cruising
      • ROLL CALLS
      • Cruise Critic News & Features
      • Digital Photography & Cruise Technology
      • Special Interest Cruising
      • Cruise Discussion Topics
      • UK Cruising
      • Australia & New Zealand Cruisers
      • Canadian Cruisers
      • North American Homeports
      • Ports of Call
      • Cruise Conversations
×
×
  • Create New...