docrice
join:2008-03-31
Fremont, CA
| reply to pete988
Re: SSL, WIFI and Google apps question
In my opinion, if you're using SSL / TLS when connecting to sites with sensitive information, your data is going to be ok *in general* (at least during transit from your machine to the server). However, you're still reliant on the fact that the provider (in your case, Google) could be in a position to publicize / sell your information, Google itself may be compromised, a rogue employee may steal your info, etc.. Of course, it seems unlikely Google would get cracked. There's no perfect security.
There's all kind of fear spread around about technological security measures / countermeasures. While it's true that surfing on insecure Wi-Fi networks has a certain amount of risk, so does working on a "secure" network. For example, can you trust the admins of the network? How about the software powering that network? Are you sure that the Cisco router acting as the gateway on the network isn't running an old version of IOS that has some huge holes in it? How about the operating system you're running or the applications that are installed on it - are you sure it's bug-free? I've seen reports on the Bugtraq mailing list about how a lot of security software itself has some remotely-exploitable issues.
In a nutshell, you can't expect absolute security. Like in the real world, there's never a super-secure state that's also simultaneously practical in general. Even if you live in a good / safe neighborhood, you can still get hit by a car. We folks in the computer security world are pessimists, but that's our job. We'll provide plenty of warnings because we want you to be aware that there are risks. It's up to you to determine what the risk / reward ratio is, and that's only possible through understanding the underlying layers of the moving parts that are involved.
Probably not the answer you're looking for, as I'm trying to be generalized in conveying network security concerns. |
.. that offers the most protection.