Is the wi-fi purchased a secure network?

[elliev]

Need to be in touch with work info while on the Fantasy...sensitive financial info involved possibly...is the wi-fi purchased a secure network?

 

[DISNEY FANTASY]

Need to be in touch with work info while on the Fantasy...sensitive financial info involved possibly...is the wi-fi purchased a secure network?

Personally I do not consider it a secure network.

I only consider 'cable' ethernet to be 100% safe.

But on the ship, it could be hacked the log ins are easy to work out and with many people on a ship using it, its not secure.

The website doesn't say if it is WPA encyption but I do not think its at a high level and looking at the internet paperwork from previous cruises I cant see it mentioned.

 

[SuperDry]

It's like almost any other public hotspot, free or otherwise: there is no encryption provided on the connection itself. It's up to you to provide encryption if you need or want it. You mention "sensitive financial information" - if you are doing business on any sort of e-commerce, banking, or brokerage website, the entire transaction will certainly be protected by SSL, which provides more than enough security, even over an unsecure link. Basically, whenever you see HTTPS in the web browser address (and don't ignore any security warnings that may pop up), you will be fine within that session.

The most common way to run into trouble is with email. The default configuration for most email clients is to connect in an unsecured manner, so if your Internet connection is also insecure, then you're vulnerable to eavesdropping. The easiest way to address this is to use only web email (in HTTPS mode) when on an unsecure connection. Alternatively, you could go into your email account settings in your email program and switch everything to a secure method, but this gets complicated because outbound is configured separately from inbound, there are several secure methods for each, and different email servers support different subsets of what's available, so it can be a pain to get this set up at first. But it's nice to have if you go to the trouble to do so.

In all of the above, the ship is no different than any other public hotspot: hotel, airport, library, or whatever. Unlike a home hotspot, almost none of the public ones offer any sort of encryption on the connection.

 

[tinkerone]

It's like almost any other public hotspot, free or otherwise: there is no encryption provided on the connection itself. It's up to you to provide encryption if you need or want it. You mention "sensitive financial information" - if you are doing business on any sort of e-commerce, banking, or brokerage website, the entire transaction will certainly be protected by SSL, which provides more than enough security, even over an unsecure link. Basically, whenever you see HTTPS in the web browser address (and don't ignore any security warnings that may pop up), you will be fine within that session.

The most common way to run into trouble is with email. The default configuration for most email clients is to connect in an unsecured manner, so if your Internet connection is also insecure, then you're vulnerable to eavesdropping. The easiest way to address this is to use only web email (in HTTPS mode) when on an unsecure connection. Alternatively, you could go into your email account settings in your email program and switch everything to a secure method, but this gets complicated because outbound is configured separately from inbound, there are several secure methods for each, and different email servers support different subsets of what's available, so it can be a pain to get this set up at first. But it's nice to have if you go to the trouble to do so.

In all of the above, the ship is no different than any other public hotspot: hotel, airport, library, or whatever. Unlike a home hotspot, almost none of the public ones offer any sort of encryption on the connection.

this was my thought exactly. i was in banking for over 30 years and anything we sent or received pertaining to work already provided encryption. i can't imagine any company that is sending or receiving sensitive financial information or, for that matter, any sensitive information at all not having their own.

opp, if your unsure you may want to check into that before you leave.

 

[Bettzy]

I agree, I would trust SSL communication/transactions but that is about it.

 

[richw2]

If you are doing financial work, you should be using a VPN no matter what network you are on, if logging into work.. Just sayin

 

[lanejudy]

If you are doing financial work, you should be using a VPN no matter what network you are on, if logging into work.. Just sayin

Maybe it's just my employer's VPN, but it's VERY fussy about Internet service in hotels and other such public places. I carry a cable with me because in most hotels I have found I need to use a wired connection as it won't allow me to connect using the hotel wi-fi. Occasionally it lets me connect via wi-fi, but definitely only if there is a password. There's no way my VPN would connect using the wi-fi onboard DCL. YMMV.

 

[pxlbarrel]

Sure it's secure ... because you can NEVER log into it.

Ok, seriously though, if you do manage to log in, I doubt it's very secure.

The others are more knowledgeable than I. I can only comment on the fact that there's a lot of money wasted on the onboard WiFi. Secure or not, if you need to rely on it for anything important, you may have a problem.

 

[algae]

Maybe it's just my employer's VPN, but it's VERY fussy about Internet service in hotels and other such public places. I carry a cable with me because in most hotels I have found I need to use a wired connection as it won't allow me to connect using the hotel wi-fi. Occasionally it lets me connect via wi-fi, but definitely only if there is a password. There's no way my VPN would connect using the wi-fi onboard DCL. YMMV.

The SSL-based VPN's are very picky. We switched to HTTP-based VPN which works well everywhere I've tried it including on the Magic.

On the same token, a wired net connection is no more or less secure than a Wifi connection. If you need a secure connection, the data needs to be encrypted at the endpoints: your computer and your work's servers.

 

[lanejudy]

The SSL-based VPN's are very picky. We switched to HTTP-based VPN which works well everywhere I've tried it including on the Magic.

On the same token, a wired net connection is no more or less secure than a Wifi connection. If you need a secure connection, the data needs to be encrypted at the endpoints: your computer and your work's servers.

Interesting, thanks! Since I (obviously) am not in the IT department, I don't get to make such decisions as to which VPN to use. All I know is that I cannot connect my VPN using wifi at some hotels when I travel (for work), at our local library, or the local community college -- unless I plug in with the cable. Not sure of the reason if it's not any more/less secure than the wifi, but that's been my experience.

 

[insureman]

We changed our email servers to Kerio Connect which makes me more comfortable using email outside of our network.

 

[Beermam42]

Nsa is listing and reading all.

 

[SuperDry]

Maybe it's just my employer's VPN, but it's VERY fussy about Internet service in hotels and other such public places. I carry a cable with me because in most hotels I have found I need to use a wired connection as it won't allow me to connect using the hotel wi-fi. Occasionally it lets me connect via wi-fi, but definitely only if there is a password. There's no way my VPN would connect using the wi-fi onboard DCL. YMMV.

The whole point of the VPN is that it allows you to conduct business securely through it, no matter how unsecure the underlying connection. So, there would be no reason for a VPN to reject a particular connection because it "wasn't secure enough."

There very well may be other reasons that a particular VPN won't connect over a particular connection, but they'd have nothing to do with the security of the underlying connection. It's more likely that the hotspot is blocking whatever connection mechanism the VPN is trying to use. Sometimes, a hotspot in a school or library won't allow a VPN precisely because they have a content filter and can't monitor what you're doing on a VPN connection, and they don't want to be responsible for a kid using a VPN to access material they shouldn't be accessing.

My experience on the Disney ships involves using the Cisco VPN client software. The older IPSEC-based client is almost unusable, as it's hyper-sensitive about dropped packets. The connection continually dropped, like every minute or so. I switched to the newer SSL-based Cisco AnyConnect VPN client, now it works like a dream (and not just on the Dream, but also the other ships ). It gracefully handles all of the connection challenges that the satellite throws at it without ever disconnecting. In fact, I can switch from the satellite to 3G when the ship gets close enough to shore and not drop connections.

 

[lanejudy]

Thanks, SuperDry! While I'll never be a techie, it's always good to have some background knowledge of what's happening. Appreciate you taking the time to explain!

So, my point to OP was that even if the wifi is considered "secure" -- they may still have a problem accessing an employer's site through a VPN.

 

[Tenkawa]

Warning, more techie answer incomming.

Wifi authentication (WPA, WEP, WPA2) is basically like a locked door on a house. Anyone who has the key can get in. So it is great to stop the casual walker by when there are lots of different wifis to connect to.

On a ship, this is limited to a few, all run by the ship. So most people will have access past this locked door. Once you are in, you could "listen" for the conversations of other people (computers) and possibly get information from that.

VPNs, and HTTPS web sites (pretty much all banking sites or ecommerce, and a bunch more, like gmail) basically talk in swahili, in different dialects for every connection, in code. So even if someone hears (captures) a segment of it, it will not make any sense, and they will not be able to understand (read) it.

The biggest hurdle on the ship is Latency. That is the time it takes for one person to say something, and the reply to get back to them. On a ship, it uses a satellite for internet, which means the latency is about 1-2 seconds. As a point of reference, most regular connections have a latency under 50 milliseconds, and gamers cry if their latency is over 100ms (1/10th of a second).

Some VPNs, like the HTTP-SSL based and Certificate based, have problems with high latency. They decide that it is taking too long to communicate, so there must be something wrong and the connection is terminated. This is why it can be frustrating to use a VPN on a ship. It all depends on how your company has the back-end setup for timeouts. It is a trial and error process.

Hopefully that helped a little and make it understandable.

Source: Work in IT for an IT security company, and have supported road warrior sales personnel using various connection means.

 

[smootenloopers]

If you are doing financial work, you should be using a VPN no matter what network you are on, if logging into work.. Just sayin

Maybe it's just my employer's VPN, but it's VERY fussy about Internet service in hotels and other such public places. I carry a cable with me because in most hotels I have found I need to use a wired connection as it won't allow me to connect using the hotel wi-fi. Occasionally it lets me connect via wi-fi, but definitely only if there is a password. There's no way my VPN would connect using the wi-fi onboard DCL. YMMV.

I used to be able to VPN from the ship; however, when they changed to the new system (with by bandwidth rather than by minute) it was blocked. Just like many hotels are blocking VPN connections.

Same problem at WDW. Back when you paid ~$10 per day for internet, VPN was no problem. Now with the "free" internet, they block VPN.