How secure is the internet on board?

I've always been leery of logging into any of my financial websites (bank, etc) while on board.

Am I paranoid? or am I correct in being concerned about the security of internet access?

Thanks!

I've always been leery of logging into any of my financial websites (bank, etc) while on board.

 

Am I paranoid? or am I correct in being concerned about the security of internet access?

 

Thanks!

I doubt that being on board is as risky as being in a large land-based location (airport, hotel, etc.) with people coming and going all the time (and not needing to pay for the privilege of being there).

However, for serious things like financial accounts, have you considered installing a VPN (virtual private network)?

This encrypts everything that leaves your computer until it reaches the VPN provider.

There are services that are *not* expensive on an annual basis, and there are some services that can be purchased for very little for use on a monthly basis.

Then you'd be "covered" at the airport, too, etc.

VPN will be pretty slow better option would be to install teamviewer on home pc set up username/password keep the service running and remote into your home PC will work better than vpn and just as secure all cookies and actual traffic go to your home PC teamviewer is free for personal use.

You could also use realvnc for the same result.

I agree with GeezerCouple. There is little reason to be concerned.

One of the reasons public wi-fi spots are dangerous is that attackers set up "rouge" hot spots which are named such that people believe they are the legitimate network, e.g.; "MIA-FreeWifi" or "Starbucks-Wifi" -- or they will duplicate the name of popular networks which your devices may automatically connect to. Once unsuspecting users are connected to these networks, the attacker becomes a man-in-the-middle and can intercept unencrypted communications over the network, all while passing regular internet traffic. As you can imagine, an excellent location to do this is a public place with lots of people around who have idle time on their hands.

Another vulnerability is wi-fi packet sniffing, where an attacker simply "listens" to the various wi-fi signals and attempts to dig out any useful data or personal information.

As GC points out, a VPN will encrypt all traffic end to end. So whether you were connected to an attackers network as above or to a legitimate network, your traffic would be safe and encrypted.

Most folks on cruise ships aren't really there to set up rouge networks and hack people. However, nothing is impossible. But if you really are concerned, a VPN is the way to go. There is little overhead (extra data being transmitted) in a VPN connection. Being connected to a VPN will not significantly decrease throughput. A screen-sharing service like those described by fredflint above would not be desirable or reliable.

You can set up a VPN account for as little as $10 per month, cancel any time.

I would recommend StrongVPN. You can learn more here.

http://strongvpn.com

Simply put, you would activate an account and install the VPN client (or configure the built-in Windows client) at home. Then once onboard, connect to the ship's wi-fi, then connect to your VPN and enjoy an encrypted, secure connection.

As a Banker I would recommend not using any public wifi for your accounts. By the time you know there is a problem your money is gone.

Sent from my iPad using Forums

I've always been leery of logging into any of my financial websites (bank, etc) while on board. Am I paranoid? or am I correct in being concerned about the security of internet access? Thanks!

It's a public wifi. You're in an environment filled with foreign nationals (and US) who "know" that people have let the guard down,,,, and may be looking to take advantage of that fact. An abundance of caution is always wise.

Treat it like a Starbucks or any other public WiFi.

Using your own computer - properly secured and only going to https sites (SSL/TLS) - will be far more secure than using the onboard computers. If you are set up properly to do things like DNS pinning, cert validation, limited number of trusted root certs and so on, you can be reasonably safe. However, many people don't take these simple steps :)

At the very least, for any sites you log into while on board, change the password when you get off the ship. Also, use two-factor authentication where possible - there are solutions that use codes generated on your phone (or printed on a sheet of paper), so an SMS or call isn't necessary.

I agree with GeezerCouple. There is little reason to be concerned.

 

 

 

 

Being connected to a VPN will not significantly decrease throughput. A screen-sharing service like those described by fredflint above would not be desirable or reliable.

 

You can set up a VPN account for as little as $10 per month, cancel any time.

I would recommend StrongVPN. You can learn more here.

 

http://strongvpn.com

 

Simply put, you would activate an account and install the VPN client (or configure the built-in Windows client) at home. Then once onboard, connect to the ship's wi-fi, then connect to your VPN and enjoy an encrypted, secure connection.

Sorry not sure how much experience with screen sharing apps but that is how many companies do tech support. I use it for all of my family. With VPN you are going to be creating an encrypted tunnel over a connection that is using compression which does not work out all that well. With the Screen sharing you are not actually sending out very much traffic as the actual data is not going to your computer and if the connection drops you can connect back to your PC and still be where you left off.

Both a free VPN and Teamviewer would be easy to try at home and see which works better.

Here is a current review and list

http://www.pcmag.com/article2/0,2817,2403388,00.asp

There is also an option to use Chrome remote desktop which could also work and be easy.

https://chrome.google.com/webstore/detail/chrome-remote-desktop/gbchcmhmhahfdphkhkmpfmihenigjmpp?hl=en

Any Https site will encrypt traffic from the browser back to the web site.

Never use any public site for anything you don't want someone to see or take (banking information), you can't guarantee who is watching.

Do your banking BEFORE you go on vacation! Wait until you're HOME to continue!!!

One of the reasons public wi-fi spots are dangerous is that attackers set up "rouge" hot spots which are named such that people believe they are the legitimate network, e.g.; "MIA-FreeWifi" or "Starbucks-Wifi" -- or they will duplicate the name of popular networks which your devices may automatically connect to. . . .

 

Most folks on cruise ships aren't really there to set up rouge networks

 

Thanks for the VPN info.

It's quite colorful, though, to contemplate those rouge networks. :)

Never use any public site for anything you don't want someone to see or take (banking information), you can't guarantee who is watching.

Any banking website/app will be encrypted so it doesn't matter if someone is "watching". The traffic from your computer/phone to the bank's servers will be secure.

Sent from my iPhone using Tapatalk

Any banking website/app will be encrypted so it doesn't matter if someone is "watching". The traffic from your computer/phone to the bank's servers will be secure.

Erm, no, though I appreciate your faith in the financial sector. Encryption is only as good as the maintenance performed on the equipment involved and the lack of bad actors in the path of the communication (look up "Man in the Middle" attacks or OpenSSL in Wikipedia to get an easy case of insomnia).

Lemme put it this way... Banks invest a TON of money in physical security, and yet a dude just casually walked off with a 5 gallon pail of gold flakes from an armored truck the other day. The same thing happens in the virtual world; drop your guard for a moment and hacks happen like Target letting a 3rd party vendor doing HVAC maintenance onto their intranet as a trusted party.

There is no patch for human stupidity or ingenuity. It's a constant race to stop people from doing stupid stuff. All a person can do is keep a close eye on their accounts and invest in their own maintenance. If you allow your laptop browser to downgrade encryption to RC4... well, there you go. You didn't keep up with your OWN patches, did you? It's not the BANK dropping the ball in that scenario. You're the one screaming your personal business in a crowded virtual lobby, thinking no one is listening to you.

A VPN doesn't fix everything. A VPN that still allows access to local networks--yeah, good luck with that! I've seen so many "smart" people set null passwords or C$ shared completely open to put anything past the enduser.

/14 days... 14 days... 14 days and I get a nice, long break...

//That's Mrs. BOFH to you.

///PATCH already, people!!! We don't just patch when things are visibly broken!

Erm, no, though I appreciate your faith in the financial sector. Encryption is only as good as the maintenance performed on the equipment involved and the lack of bad actors in the path of the communication (look up "Man in the Middle" attacks or OpenSSL in Wikipedia to get an easy case of insomnia).

 

Lemme put it this way... Banks invest a TON of money in physical security, and yet a dude just casually walked off with a 5 gallon pail of gold flakes from an armored truck the other day. The same thing happens in the virtual world; drop your guard for a moment and hacks happen like Target letting a 3rd party vendor doing HVAC maintenance onto their intranet as a trusted party.

 

There is no patch for human stupidity or ingenuity. It's a constant race to stop people from doing stupid stuff. All a person can do is keep a close eye on their accounts and invest in their own maintenance. If you allow your laptop browser to downgrade encryption to RC4... well, there you go. You didn't keep up with your OWN patches, did you? It's not the BANK dropping the ball in that scenario. You're the one screaming your personal business in a crowded virtual lobby, thinking no one is listening to you.

 

A VPN doesn't fix everything. A VPN that still allows access to local networks--yeah, good luck with that! I've seen so many "smart" people set null passwords or C$ shared completely open to put anything past the enduser.

 

/14 days... 14 days... 14 days and I get a nice, long break...

//That's Mrs. BOFH to you.

///PATCH already, people!!! We don't just patch when things are visibly broken!

While I appreciate your thorough explanation, I will tell you that I am a cyber security expert. It's what I do for the army. And everything you say is correct but it changes nothing. Accessing your bank website from home vs accessing it while on a cruise is the same. Virtually no more risk. The maintenance and patching that the bank may or may not do has no effect on where I access it from.

Sent from my iPhone using Tapatalk

While I appreciate your thorough explanation, I will tell you that I am a cyber security expert. It's what I do for the army. And everything you say is correct but it changes nothing. Accessing your bank website from home vs accessing it while on a cruise is the same. Virtually no more risk. The maintenance and patching that the bank may or may not do has no effect on where I access it from.

However, we aren't talking about YOUR accessing anything. We're talking about your giving advice to random people that they are safe because the bank is running https. That is patent medicine. Being on the IT side I AM on, I know financial industry willingness to downgrade encryption to keep that customer functional. Read some OCC guidance and try not to reach for Excedrin. There's a multitude of reasons NIST is still fighting to get SHA256 implemented--much less 4K key sizes.

However, we aren't talking about YOUR accessing anything. We're talking about your giving advice to random people that they are safe because the bank is running https. That is patent medicine. Being on the IT side I AM on, I know financial industry willingness to downgrade encryption to keep that customer functional. Read some OCC guidance and try not to reach for Excedrin. There's a multitude of reasons NIST is still fighting to get SHA256 implemented--much less 4K key sizes.

The OPs question was how secure is the ships internet for doing banking etc. My answer is just as secure as accessing it from one's home. It is as simple as that.

Sent from my iPhone using Tapatalk

You can set up a VPN account for as little as $10 per month, cancel any time.

I would recommend StrongVPN. You can learn more here.

 

http://strongvpn.com

 

Simply put, you would activate an account and install the VPN client (or configure the built-in Windows client) at home. Then once onboard, connect to the ship's wi-fi, then connect to your VPN and enjoy an encrypted, secure connection.

I agree with everything you explained!

For the occasional user a monthly plan is not that convenient ... even if you cancel the next time you find yourself needing it you need to re-sign up, etc. I like the volume plans that don't have a time limit. I am using PrivateTunnel VPN and $9.99 gets you 20 GB to use at any time with no monthly fees (they even have a 200MB level that is free so you can test it out.) It is very simple to set up, simple to use, and simple to have sitting there and unused when you don't need the security.

My phone just got hacked on the Dawn. I'm now posting via my Philips Sonicare toothbrush.

Sent from my Philips Sonicare using Colgate Total

The OPs question was how secure is the ships internet for doing banking etc. My answer is just as secure as accessing it from one's home. It is as simple as that.

 

 

Sent from my iPhone using Tapatalk

You can't be serious. No public wifi is secure.

If you can read this, it is already too late!

You can't be serious. No public wifi is secure.

Read my previous posts. The wifi connection itself is not encrypted however the connection between your device and the bank's website will be encrypted. Therefore it is as secure as if you were accessing it from home.

Sent from my iPhone using Tapatalk

Do your banking BEFORE you go on vacation! Wait until you're HOME to continue!!!

Best answer.

My phone just got hacked on the Dawn. I'm now posting via my Philips Sonicare toothbrush.

Best reply.

Best answer.

 

 

 

 

 

Best reply.

It's not about "doing banking". Sometimes you just need to check your account. For example last time I was on the breakaway my bank flagged my account for possible fraudulent activity and required me to login to verify charges.

Sent from my iPhone using Tapatalk

You can't be serious. No public wifi is secure.

What specific vulnerabilities are you concerned about? Sniffing the traffic? Browser-based malware? Man in the middle? Super bad malware than can break the network driver?

In my opinion, "no public wifi is secure" is true, but only in the sense of, "no Internet-connected network is secure"

The OPs question was how secure is the ships internet for doing banking etc. My answer is just as secure as accessing it from one's home. It is as simple as that.

 

 

Sent from my iPhone using Tapatalk

I think that is a fair statement. Your ISP provider at home can provide its connection over hardwired connections or a Wi-Fi connection depending on the plan your on and region of the world where you live. The only difference is on the ship NCL is your ISP provider and then they use a satellite uplink from there.

If you don't have appropriate anti-malware software running on your device you have the same risk at home or on the ship.

If the bank does not keep its systems up to date you have the same risks.

Are we not talking about the same networking infrastructure and stellate uplink that NCL uses to process your credit card data and transmit your passport information to the authorities in the next port of call? Perhaps a different VLAN.

You are already trusting NCL IT team with a lot of your personal and financial information. Is website traffic that is encrypted between your computer and your bank any different?