w.learning wrote:The concept of working through the home computer is interesting; however, I don't have mobile broadband service. My connection at school is via the wireless capability of the laptop, and the budget does not allow taking on another bill at this time.
Didn't elaborate before, not knowing how familiar you were with the VPN concept. No additional bills required, only that the school's connection and your home connection are reasonably fast. Dial-up would take forever. I'm hoping that from school, you can connect to the global Internet, not just to the school's site, right?
How it works: You install the VPN product of your choice on both machines. There are a lot out there; I just named one I knew (because I've used it). From the laptop, you connect, using the school's wireless router as usual, but without worries, as this is encrypted. What you connect to is your home computer, which in essence becomes a web site (server), but private only to you. Hence "virtual private network". No one else can connect to your home machine. Then, using remote administration tools, you can work the home machine however you like. Or it may serve as a relay or proxy, depending on the details of the individual solution. This solves your concerns about the weak WEP encryption, and about possible malice in the school's system, except where their own site has been hacked, as mentioned.
As for the security at school: The IT department uses a third party web site provider and says that the bulk of the security is handled by the provider.
Who doesn't know enough to tell the school to use WPA2? Scary.
When I questioned WEP versus WPA2, the IT department did not understand my concern.
Time to hire new IT people. ... Are you sure you weren't at the Italian department, or Intercity Transit... (sheesh) Security is not a part of CSci curricula, a long-standing pet peeve. Point them to the articles describing how WEP is irretrievably broken, and can be cracked in 60 seconds or less. Love to know whether that has any impact.
Fortunately the laptop has some good security features included in the OEM installation. I have port locker and biometric features active. I am hoping that proves to be adequate to secure the computer if someone happens to get their hands on it. Do you have any comments on this that you would like to share with me?
Full-disk-encryption keeps getting better and better, though it takes some know-how. You can also leave it unencrypted, and just encrypt whichever files are personally-sensitive, using freeware such as TrueCrypt (which also offers full-disk encryption; you have to authenticate before booting). But if someone does get their hands on it, I'd be concerned about using it again; hence, the previous advice about physical security.
Port Locker does this:
Simply lock your USB port, printer and internet access for total protection! Port Locker is a data protection software application that reduces the risk of data leakage and data theft by locking and blocking USB ports from unauthorized data access via pen drives, memory cards, flash drives. It also restricts unauthorized printing and data transfer through the network.
Certainly helpful against the creep who shoves a flash drive in the machine while you're looking the other way, but doesn't stop someone with full access from simply starting up the machine and reading everything on it.
Spy shows remind us that biometrics can be defeated. If it's a fingerprint scanner, your fingerprints are everywhere, That was demonstrated at a conference touting a new such device, when someone lifted the speaker's print off of his water glass, and used it to enter, IIRC. Or they cut off your finger, in the scarier movies. I'd rather lose the computer.
Another possibility is to store all those TrueCrypt encrypted files on a CD or DVD (or flash drive, but don't trust "encrypted flash drives". Some are good; some are poorly implemented.) Have backup copies in a safe place. (nearby bank safe deposit box?) If yours are stolen, they're of no use unless the thief can con or beat the password out of you. TC adds a "plausible deniability" feature in which you encrypt phony, but sensitive-looking data (fake love letters, e. g.), then put your genuine data on the volume, using a different encryption key (password). If coerced, you can "reluctantly" give up the pw to the fake data, and they can't prove that any more exists. Details at that site.
As for noscript, I'll install it to add one more layer of protection.
By all means. And consider RequestPolicy, and the possibility of "sandboxing' or "virtualizing" the browser, so that any malware that does get in would not make it to the hard drive, but would be dumped upon close. There are a lot of them out there, none perfect, but one more layer of defense. Just so you get the general idea, I'll mention Sandboxie, not because it's better than the rest, but because I'm familiar with it, using it for years, and the home page illustrates the concept pretty well.
Hope that book was helpful
Any other questions, fire away.