Internet security on cruise ship

[Clarea]

As a networking expert, I can assure you that your computer is broadcasting and seeking out the entire list of SSID's that you have set up for auto connect. WiFi Pinapple is an inexpensive device you can purchase to monitor all WiFi traffic and then pose as an access point for which some computer is searching. These devices are becoming more popular.

Yes, I've heard about these. They are a fairly simple way of getting the SSID password. I've been transitioning private wireless networks to other authentication methods because of it.

[Cigar King]

Sure, I agree, the VPN encrypts all traffic. However, in the example of someone needing to do some banking from the ship, I can't see a difference.

 

I'd suggest that for all practical purposes the VPN and SSL solutions are the same.

 

Sure there are differences, but, for the typical person they're not worth discussing.

[William234]

VPN's and SSL solve two different problems.

 

VPN's (if properly set up and configured) solve the problem of being unable to trust the network infrastructure. The VPN I run from my home has a certificate pair. One is on the VPN server, one is on the VPN client. If an attacker were to run a man in the middle attack, or set up a rogue access point, the certificate key pairs wouldn't align and the VPN would reject the connection.

 

SSL creates a secure connection between you and the remote host over a semi trusted network. SSL assumes that no one in the middle is going to try to much with the traffic. It is fairly safe to assume that I won't muck with the traffic on my own network. It is fairly safe to assume that my ISP won't. It is fairly safe to assume that the backbone provider won't. It is also fairly safe to assume that the bank won't. SSL tries to prevent anyone on that path from mucking wth the traffic by signing the certificates and keeping those verification certificates on your local machine.

 

If you buy service from a company like Private Internet Access or CyberGhost, you are trusting that they won't be doing any kind of mucking around with the traffic. For reputable companies, thats a safe assumption. For free VPN providers, thats not a safe assumption.

 

On the ship, if you know for sure you are connected to RCCL's WiFi, your threat is someone running a traffic monitoring app. For the most part, SSL will prevent that from being a problem. That doesn't prevent someone from mimicking RCCL's WiFi network and tricking you into connecting to it.

 

In port, you don't know what network you are connecting to and there probably is a financial incentive for criminals to trick tourists into connecting.

 

The other threat from any WiFi is people port scanning your device, and finding vulnerable services running. They could infect your machine with a virus or transfer as many files off your machine as they want. Make sure you run a good firewall. Most modern operating systems have firewalls on by default.

[Cigar King]

Most SMTP traffic is TLS encrypted, but not all and end users never know. I tell people that since you don't know you should expect email to have the same level of privacy as a message on postcard sent through the post office.

 

I was trying to find the Google stats...it was something like 40% encrypted, and they were going to start flagging messages that they received that were not. I did find some stats for Gmail.

 

https://www.google.com/transparencyreport/saferemail/

[lovesthebeach2]

As long as your bank is using an SSL connection between your browser and their website, you have end to end encryption, so it does not matter that Royal's WiFi is not encrypted.

 

Bob, how do I know if my bank is using an SSL connection? I do all my banking on my iPad if that makes a difference. Thanks.

[Cigar King]

Look at the URL...does it start with HTTP or HTTPS? Some browsers also display a lock.

 

I'd be surprised if there were a major bank that was not using HTTPS.

[abo]

Bob, how do I know if my bank is using an SSL connection? I do all my banking on my iPad if that makes a difference. Thanks.

 

Look for https in your address bar. the 's' tells you it's a secure connection. But really, every bank in the US, Canada, Europe, Aus and pretty much everywhere in the world just does this stuff.

 

The connection and traffic to your bank really isn't the area of risk here, it's that your laptop, tablet, etc. has been hacked or you are 'tricked' into connecting to someone imitating your bank. Good firewalls, antivirus and common sense (not opening links/docs from emails) are your best protection for that.

[serialcruiser48]

I personally feel using VPN and SSL while cruising in the middle of the ocean is a pretty safe bet and is the only time I conduct business. The perp would have to very close to you or work for the network provider for your data to be at risk, all the ships data is beamed directly to the satellite and cannot be intercepted except by ET.

Don't use wifi, including the ships while at any port for sensitive transactions and you will probably be OK.

[AdoraBelle]

Systems Admin by trade, nerd by nature. Wow, this thread is shocking, in a good way. I haven't lurked on CC much in 6-8 months, and even that recently, people were still screaming at other people for even daring to bring their electronic devices on board. Made it difficult to research things like stateroom TV HDMI port access.

 

Randomly: I noticed when using NCL's wifi that if I put up my (private/consumer) VPN, traffic that otherwise *would not* get through their network would suddenly work, such as iMessages containing images. (Just an admin in the "building/deploying/managing servers" sense, not a network engineer, but I guess they had some interesting filtering to control internet usage..)

Edited April 29, 2016 by AdoraBelle

[Kmcspoon]

Wow. I've been researching VPN's and now I'm even more paranoid. How do I trust a VPN provider? Just because they "say" this or that on their website, how do I know? A false sense of security is a weak point in a secure system.

 

I'm tempted to pinch together a tinfoil hat at this point. :p

 

I'll probably get something to try to avoid man in the middle attacks, but may just not use anything while traveling.

 

Thanks to all who contributed. You are all much smarter than I am, and I appreciate everyone's comments.