Last week on the freeware review, I wrote about the simplicity of packet sniffing and analyzing with Ethereal. I revealed how easy it was for anyone to tap sensitive data like login information, credit card numbers, social security number, and mission-critical emails traveling on the network. As promised, I will reveal how to actually prevent packet-sniffing software from reading your sensitive data.

As I previously explained, packet analysis passively listens into a network and then extracts the important data, which is usually in plaintext. The key to hampering packet analysis is encrypting that data sent on the network so that it is not read in plain text. The encrypted data that packet analyzers gather is pretty useless without an encryption key. While it is possible for crackers to obtain the key, encryption makes the process a lot longer (and sometimes nearly impossible). There are a couple common ways to do this.

Manual File or Email Encryption

While this is the simplest way to avoid data theft, in the long run, it can also be the most tedious. Basically, every email message and every attachment sent is encrypted with PGP (Pretty Good Privacy) algorithms.

Pros

• Not Really Any

Cons

• Both the sender and the receiver need to agree on the same encryption key and have the same special software to unlock the data.
• This only works with data chunks like email and files. Regular web browsing and login information is still done in plaintext.

SSL (HTTPS)

On some websites like Yahoo! and eBay, there is a function that allows you to “securely” login. In the URL address bar, if you see “https” instead of “http,” you’re in good shape. But most of the time, this is only available in financial sites.

Pros

• Streamlined so that you don’t even notice it is working
• All modern browsers support it.

Cons

• This usually only applies to the HTTP (port 80) protocol. This will not work with any other protocol like FTP, Instant Messaging, and Email.

Remote Computing

Usually, remote computing incorporates a layer of encryption. Remote computing includes programs that utilize the VNC (Virtual Network Computing) Protocol or the RDP (Remote Desktop Protocol).

Pros

• You keep the actual files on a server. You never send the complete data over the public network.

Cons

• This can become very slow
• Requires a computer at home to be always on

VPN

Virtual Private Networking is my favorite and recommended method of obfuscating data theft. Basically, it creates an encrypted virtual network connection from your computer to your server. Pretend you connect to your VPN from a public network. All information that you access on the Internet is encrypted as it is sent to your home network first. There, the server decrypts that data then sends it across the Internet. Therefore, nobody in the public network can see what you are doing since it is all encrypted. VPN works sort of like a seamless proxy server.

Pros

• Seamless integration with all programs
• If coupled with any of the methods above, you achieve at least double encryption.

Cons

• Your network download speed is capped by the upload speed of your home network gateway.
• Requires a computer at home to be always on
• Requires a bit of configuration

Windows XP PPTP VPN Setup

I regularly use the public networks at the library, school, hotels, and Starbucks. I’ve found that in the long run, the most convenient and secure method of packet sniffing circumvention is virtual private networking. It is really easy to set it up in Windows as well!

VPN Server

1. Go to “Network Connections” in the “Control Panel.”
2. “Create a new connection” with the “Network Connection Wizard.”
3. “Set up an advanced connection.”
4. ‘”Accept Incoming Connections.”
5. Skip “Devices for Incoming Connections.”
6. “Allow virtual private connections.”
7. Then, select which accounts will be able to remotely connect to the VPN. On this step, I just create a specific account just for VPN with no privileges.
8. For “Networking Software,” make sure that “Internet Protocol (TCP/IP)” is selected. I would also include “File and Printer Sharing for Microsoft Networks” but that’s just me.
9. If the server is behind a firewall and/or router, port mapping/forwarding and port opening must be enabled. The Windows XP VPN software uses point-to-point-tunneling protocol. PPTP requires port 1723 and PPTP pass-through routing.

VPN Client

1. Go to “Network Connections” in the “Control Panel.”
2. “Create a new connection” with the “Network Connection Wizard.”
3. Select “Connect to my network at my workplace.”
4. Select “Virtual Private Network connection.”
5. “Do not dial the initial connection.”
6. Input the IP address or host name of the server computer.
7. “Do not use my smart card.”
8. After you finish the wizard, double-click the new VPN connection.
9. Enter your username and password and connect.

Other Resources

If these directions don’t work out for you, check out these three more comprehensive resources. Imagine, one of them is actually from Microsoft!

• Windows XP VPN Server
• How To Install and Configure a Virtual Private Network Server
• Configure a VPN Connection Using Windows XP

Feel free you leave any comments or suggestions below!