varigb707
Topic Author
Posts: 1236
Joined: Wed May 10, 2006 6:02 am

VPN's. Any Recommendation?

Mon Nov 07, 2011 2:58 pm

I use WiFi at work. It's a secure connection (PW, etc), but i'm still doubtful of its security. I spoke with an IT person, who suggested a VPN. I Googled it and found quite a few options. I used Cyber Ghost for a bit (recommended by PC World), but the FREE version will allow anyone with only a 1 GB usage per month. I know, i'm cheap... Oh Well.

So, any suggestions? That'd be great, thanks....

[Edited 2011-11-07 07:09:10]
First, I said 'hey' and then I said 'now'. "Hey Now!" - Hank K.
 
ALTF4
Posts: 1154
Joined: Tue Jul 13, 2010 5:01 pm

RE: VPN's. Any Recommendation?

Mon Nov 07, 2011 3:10 pm

Plenty of them out there, but not many ones for free. I don't know if you're looking for free only.

That said, if you're worried about people spying on you (whether it be other users if the wifi only uses WEP or WPA but not WPA2, the company since they can see all traffic heading out to the internet, or their ISP), you are simply shifting who is able to see the traffic. With a VPN, the company and peers on the network can no longer see the traffic, but the VPN hosting company can. With some of the shady ones out there, I'd be a little more worried about that than your company. Case in point, a popular proxy said they did not log any traffic, and were completely anonymous. Well, over the last few months, it turned out that they were logging everything and turned over all the records to the US government. I'm sure there were more than one or two dumb criminals that used that proxy service to cover their tracks... which weren't covered.

How does that happen? Well, some of these VPN providers are based in some remote country where the privacy laws are non-existent. Sure, they may claim on their site that they don't log traffic, track you, or report your actions to others, but how do you know? What would happen if they actually do? Nothing; they operate in a country that doesn't care.

On the other hand, your employer has to follow worker's rights laws, privacy laws, and depending on how big they are and whether they operate in other countries, they may not log any traffic due to other privacy laws in other countries that make it simpler to just not log traffic at all. If you work for a medium sized business (say, 6,000+ employees) or larger, in most cases the traffic is logged for a few days only, then deleted, and unless you are undergoing an investigation, there won't be any more logs kept.

So, while the VPN recommendation is a good one (I use my own home-brewed VPN connection hosted on my own server, where I know nobody else is 'watching' the traffic), don't assume it doesn't come without risks, either.

I know I didn't give a specific recommendation for a VPN provider, which is what you wanted, but many people think a VPN is secure and perfect, but it is not. As long as you realize the risks, you'll be fine.
The above post is my opinion. Don't like it? Don't read it.
 
varigb707
Topic Author
Posts: 1236
Joined: Wed May 10, 2006 6:02 am

RE: VPN's. Any Recommendation?

Mon Nov 07, 2011 3:22 pm

Quoting ALTF4 (Reply 1):
I didn't give a specific recommendation

Right. But i just learned more about VPN's with your reply. I appreciated. Cheers.   
First, I said 'hey' and then I said 'now'. "Hey Now!" - Hank K.
 
Klaus
Posts: 20594
Joined: Wed Jul 11, 2001 7:41 am

RE: VPN's. Any Recommendation?

Mon Nov 07, 2011 3:23 pm

Even when the network has proper encryption (which at this point means only WPA2 – all other encryptions have been cracked by now and offer no protection any more), all other logged-in users of the same network can normally still see your traffic as far as I'm aware (it is possible to compartmentalize WiFi networks, but that is not done very often), so a VPN could be sensible indeed. The thing is just that as explained above, the VPN server needs to be trustworthy.

And if you don't have the server under your own control (you could in principle set up a VPN connection to your home system and route all your traffic through that), the risk of the VPN provider being unsafe might compromise any gains to be had from the VPN in the first place.

I personally simply don't use public WiFi networks but instead go through the cell network when away from my own network. Cell network encryption is not unbreakable either, but at least at this point it's not as easily and routinely compromised as protocols snooped on via WiFi.
 
ALTF4
Posts: 1154
Joined: Tue Jul 13, 2010 5:01 pm

RE: VPN's. Any Recommendation?

Mon Nov 07, 2011 3:49 pm

Quoting Klaus (Reply 3):
Even when the network has proper encryption (which at this point means only WPA2 – all other encryptions have been cracked by now and offer no protection any more), all other logged-in users of the same network can normally still see your traffic as far as I'm aware (it is possible to compartmentalize WiFi networks, but that is not done very often), so a VPN could be sensible indeed.

Not quite, but good advice. WPA and WPA2 both use a method to effectively encrypt each user's traffic with a different key. WEP was not that way, and assumed anybody with the network key was trusted.

WPA/2 sets up a session with each user, so only I can see my own traffic and not my cubical mate's. That said, WPA is weak in that if I know the network key (pre-shared key you type in) and sniff somebody's traffic as they join the network, I can then know their personal session key and decrypt their traffic. This is not possible if I don't get the four-way handshake as they join.

WPA2 does away with this vulnerability and, for now, is fairly secure. Secure enough that I feel that I am safe enough to use it for standard user - the amount of time/horsepower to read my traffic would be high enough that people probably wouldn't do it for fun.

That said, the traffic between the access point and the gateway is standard ethernet traffic. If varigb707's workplace uses hubs instead of switches, his traffic is readable by everybody if they plug in to a RJ-45 in the wall anywhere near him. Most places use switches, though, so it would be unlikely that a standard person could read the traffic. Not impossible - especially if they have access to a switch directly or a spanned or mirrored port, but more difficult. At that point, though, we're really worried about wired network security and not wireless.
The above post is my opinion. Don't like it? Don't read it.
 
Klaus
Posts: 20594
Joined: Wed Jul 11, 2001 7:41 am

RE: VPN's. Any Recommendation?

Mon Nov 07, 2011 5:42 pm

Quoting ALTF4 (Reply 4):
WPA/2 sets up a session with each user, so only I can see my own traffic and not my cubical mate's.

I've just re-checked my information there; Apparently that's indeed standard in WPA2 (I had remembered that it was still optional). But the session key handshake can be snooped on, too, so you're not entirely safe from other users logged in to the same network, even if the security is better than with older protocols. In the end, your security will depend on the availability of ready-made exploits of such weaknesses to potential attackers.
 
ALTF4
Posts: 1154
Joined: Tue Jul 13, 2010 5:01 pm

RE: VPN's. Any Recommendation?

Mon Nov 07, 2011 5:49 pm

Quoting Klaus (Reply 5):
I've just re-checked my information there; Apparently that's indeed standard in WPA2 (I had remembered that it was still optional). But the session key handshake can be snooped on, too, so you're not entirely safe from other users logged in to the same network, even if the security is better than with older protocols. In the end, your security will depend on the availability of ready-made exploits of such weaknesses to potential attackers.

Interesting. Looks like I'll have to go back and re-read on that. I've successfully attacked WPA networks like that (not maliciously, but for security audits), but was unable to do so with WPA2.

At any rate, sorry to the OP for taking this down a wireless security tangent... didn't mean to derail it!
The above post is my opinion. Don't like it? Don't read it.
 
User avatar
casinterest
Posts: 5367
Joined: Sat Feb 12, 2005 5:30 am

RE: VPN's. Any Recommendation?

Mon Nov 07, 2011 6:03 pm

Quoting varigb707 (Thread starter):
I use WiFi at work. It's a secure connection (PW, etc), but i'm still doubtful of its security. I spoke with an IT person, who suggested a VPN. I Googled it and found quite a few options. I used Cyber Ghost for a bit (recommended by PC World), but the FREE version will allow anyone with only a 1 GB usage per month. I know, i'm cheap... Oh Well.

So, any suggestions? That'd be great, thanks....

Not sure what your IT person is suggesting here.

A VPN / Secure VPN tunnell is great if you own the network. However if you are at Work, you are at the Mercy of the IT department and it's implementation of security. Most companies offer VPN clients for access from Home back to the internal network, but internal to the company network, I doubt it. If you are on the network and have security for it, most companies aren't going to secure data within the firewall.
Older than I just was ,and younger than I will soo be.

Who is online

Users browsing this forum: Bing [Bot], lugie, Redd and 21 guests