Sponsor Message:
Non Aviation Forum
My Starred Topics | Profile | New Topic | Forum Index | Help | Search 
VPN's. Any Recommendation?  
User currently offlinevarigb707 From , joined Dec 1969, posts, RR:
Posted (2 years 10 months 4 weeks 22 hours ago) and read 744 times:

I use WiFi at work. It's a secure connection (PW, etc), but i'm still doubtful of its security. I spoke with an IT person, who suggested a VPN. I Googled it and found quite a few options. I used Cyber Ghost for a bit (recommended by PC World), but the FREE version will allow anyone with only a 1 GB usage per month. I know, i'm cheap... Oh Well.

So, any suggestions? That'd be great, thanks....

[Edited 2011-11-07 07:09:10]

7 replies: All unread, jump to last
 
User currently offlineALTF4 From United States of America, joined Jul 2010, 1212 posts, RR: 4
Reply 1, posted (2 years 10 months 4 weeks 22 hours ago) and read 730 times:

Plenty of them out there, but not many ones for free. I don't know if you're looking for free only.

That said, if you're worried about people spying on you (whether it be other users if the wifi only uses WEP or WPA but not WPA2, the company since they can see all traffic heading out to the internet, or their ISP), you are simply shifting who is able to see the traffic. With a VPN, the company and peers on the network can no longer see the traffic, but the VPN hosting company can. With some of the shady ones out there, I'd be a little more worried about that than your company. Case in point, a popular proxy said they did not log any traffic, and were completely anonymous. Well, over the last few months, it turned out that they were logging everything and turned over all the records to the US government. I'm sure there were more than one or two dumb criminals that used that proxy service to cover their tracks... which weren't covered.

How does that happen? Well, some of these VPN providers are based in some remote country where the privacy laws are non-existent. Sure, they may claim on their site that they don't log traffic, track you, or report your actions to others, but how do you know? What would happen if they actually do? Nothing; they operate in a country that doesn't care.

On the other hand, your employer has to follow worker's rights laws, privacy laws, and depending on how big they are and whether they operate in other countries, they may not log any traffic due to other privacy laws in other countries that make it simpler to just not log traffic at all. If you work for a medium sized business (say, 6,000+ employees) or larger, in most cases the traffic is logged for a few days only, then deleted, and unless you are undergoing an investigation, there won't be any more logs kept.

So, while the VPN recommendation is a good one (I use my own home-brewed VPN connection hosted on my own server, where I know nobody else is 'watching' the traffic), don't assume it doesn't come without risks, either.

I know I didn't give a specific recommendation for a VPN provider, which is what you wanted, but many people think a VPN is secure and perfect, but it is not. As long as you realize the risks, you'll be fine.



The above post is my opinion. Don't like it? Don't read it.
User currently offlinevarigb707 From , joined Dec 1969, posts, RR:
Reply 2, posted (2 years 10 months 4 weeks 21 hours ago) and read 714 times:

Quoting ALTF4 (Reply 1):
I didn't give a specific recommendation

Right. But i just learned more about VPN's with your reply. I appreciated. Cheers.   


User currently offlineKlaus From Germany, joined Jul 2001, 21479 posts, RR: 54
Reply 3, posted (2 years 10 months 4 weeks 21 hours ago) and read 714 times:

Even when the network has proper encryption (which at this point means only WPA2 – all other encryptions have been cracked by now and offer no protection any more), all other logged-in users of the same network can normally still see your traffic as far as I'm aware (it is possible to compartmentalize WiFi networks, but that is not done very often), so a VPN could be sensible indeed. The thing is just that as explained above, the VPN server needs to be trustworthy.

And if you don't have the server under your own control (you could in principle set up a VPN connection to your home system and route all your traffic through that), the risk of the VPN provider being unsafe might compromise any gains to be had from the VPN in the first place.

I personally simply don't use public WiFi networks but instead go through the cell network when away from my own network. Cell network encryption is not unbreakable either, but at least at this point it's not as easily and routinely compromised as protocols snooped on via WiFi.


User currently offlineALTF4 From United States of America, joined Jul 2010, 1212 posts, RR: 4
Reply 4, posted (2 years 10 months 4 weeks 21 hours ago) and read 702 times:

Quoting Klaus (Reply 3):
Even when the network has proper encryption (which at this point means only WPA2 – all other encryptions have been cracked by now and offer no protection any more), all other logged-in users of the same network can normally still see your traffic as far as I'm aware (it is possible to compartmentalize WiFi networks, but that is not done very often), so a VPN could be sensible indeed.

Not quite, but good advice. WPA and WPA2 both use a method to effectively encrypt each user's traffic with a different key. WEP was not that way, and assumed anybody with the network key was trusted.

WPA/2 sets up a session with each user, so only I can see my own traffic and not my cubical mate's. That said, WPA is weak in that if I know the network key (pre-shared key you type in) and sniff somebody's traffic as they join the network, I can then know their personal session key and decrypt their traffic. This is not possible if I don't get the four-way handshake as they join.

WPA2 does away with this vulnerability and, for now, is fairly secure. Secure enough that I feel that I am safe enough to use it for standard user - the amount of time/horsepower to read my traffic would be high enough that people probably wouldn't do it for fun.

That said, the traffic between the access point and the gateway is standard ethernet traffic. If varigb707's workplace uses hubs instead of switches, his traffic is readable by everybody if they plug in to a RJ-45 in the wall anywhere near him. Most places use switches, though, so it would be unlikely that a standard person could read the traffic. Not impossible - especially if they have access to a switch directly or a spanned or mirrored port, but more difficult. At that point, though, we're really worried about wired network security and not wireless.



The above post is my opinion. Don't like it? Don't read it.
User currently offlineKlaus From Germany, joined Jul 2001, 21479 posts, RR: 54
Reply 5, posted (2 years 10 months 4 weeks 19 hours ago) and read 664 times:

Quoting ALTF4 (Reply 4):
WPA/2 sets up a session with each user, so only I can see my own traffic and not my cubical mate's.

I've just re-checked my information there; Apparently that's indeed standard in WPA2 (I had remembered that it was still optional). But the session key handshake can be snooped on, too, so you're not entirely safe from other users logged in to the same network, even if the security is better than with older protocols. In the end, your security will depend on the availability of ready-made exploits of such weaknesses to potential attackers.


User currently offlineALTF4 From United States of America, joined Jul 2010, 1212 posts, RR: 4
Reply 6, posted (2 years 10 months 4 weeks 19 hours ago) and read 662 times:

Quoting Klaus (Reply 5):
I've just re-checked my information there; Apparently that's indeed standard in WPA2 (I had remembered that it was still optional). But the session key handshake can be snooped on, too, so you're not entirely safe from other users logged in to the same network, even if the security is better than with older protocols. In the end, your security will depend on the availability of ready-made exploits of such weaknesses to potential attackers.

Interesting. Looks like I'll have to go back and re-read on that. I've successfully attacked WPA networks like that (not maliciously, but for security audits), but was unable to do so with WPA2.

At any rate, sorry to the OP for taking this down a wireless security tangent... didn't mean to derail it!



The above post is my opinion. Don't like it? Don't read it.
User currently offlinecasinterest From United States of America, joined Feb 2005, 4636 posts, RR: 2
Reply 7, posted (2 years 10 months 4 weeks 19 hours ago) and read 654 times:

Quoting varigb707 (Thread starter):
I use WiFi at work. It's a secure connection (PW, etc), but i'm still doubtful of its security. I spoke with an IT person, who suggested a VPN. I Googled it and found quite a few options. I used Cyber Ghost for a bit (recommended by PC World), but the FREE version will allow anyone with only a 1 GB usage per month. I know, i'm cheap... Oh Well.

So, any suggestions? That'd be great, thanks....

Not sure what your IT person is suggesting here.

A VPN / Secure VPN tunnell is great if you own the network. However if you are at Work, you are at the Mercy of the IT department and it's implementation of security. Most companies offer VPN clients for access from Home back to the internal network, but internal to the company network, I doubt it. If you are on the network and have security for it, most companies aren't going to secure data within the firewall.



Older than I just was ,and younger than I will soo be.
Top Of Page
Forum Index

This topic is archived and can not be replied to any more.

Printer friendly format

Similar topics:More similar topics...
Any Drunk Topics? posted Fri Jan 7 2011 19:56:50 by DeltaMD90
Any Bob Dylan Fans Here? posted Wed Jan 5 2011 23:25:55 by jayeshrulz
Any Disk Golfers Here On A.net? posted Wed Jan 5 2011 14:36:42 by faxiTMA
Any Levitation Trains In Europe? posted Mon Jan 3 2011 20:53:46 by United Airline
Any New Year's Party In Pittsburgh? posted Wed Dec 15 2010 13:42:52 by jasp25
Any Other Country Music Fans On A-net? posted Thu Dec 9 2010 17:37:47 by CHRISBA777ER
Tibet-China History--any Good Books? posted Thu Dec 9 2010 08:22:51 by MaverickM11
Any Hovercraft Ferry Service Still? posted Wed Dec 8 2010 04:55:32 by United Airline
Akribos Xxiv Watches - Any Experiences? posted Wed Nov 24 2010 02:21:03 by KL838
Custom Text-only Book Printers-Need Recommendation posted Sat Nov 20 2010 12:48:07 by 2H4