Looking for a security suite product that includes VPN. Most VPN services just by themselves run at least $50/yr. I figure for that price I may want to consider some sort of package. My only real need is to be able to use public wi-fi securely and VPN seems to be the best and easiest solution. If an encryption program would work, I'd consider that also. As much research as I've done, info is still difficult to find, amazing considering how much wi-fi is used today.
Security suites with VPN for use with public wi-fi?
- Thread starter flyted
- Start date
SagaLore
Elite Member
- Dec 18, 2001
- 24,036
- 21
- 81
I don't understand how a 3rd party VPN solution would solve anything.
If your wireless is unencrypted, then everything you're sending, including the establishment of the VPN, is sent in plaintext.
General rule of thumb is - if the free wifi does not offer you even the simplest of encryption, then don't use it for anything confidential. Whether you use a VPN to connect to another network to route your traffic, or an SSL proxy just for web surfing, you're exposing your connection.
Now if you do want to go the VPN route to defend against generic sniffing, you could setup an IPSEC tunnel back to your own home router, if your router supports this.
If your wireless is unencrypted, then everything you're sending, including the establishment of the VPN, is sent in plaintext.
General rule of thumb is - if the free wifi does not offer you even the simplest of encryption, then don't use it for anything confidential. Whether you use a VPN to connect to another network to route your traffic, or an SSL proxy just for web surfing, you're exposing your connection.
Now if you do want to go the VPN route to defend against generic sniffing, you could setup an IPSEC tunnel back to your own home router, if your router supports this.
I came to the conclusion based on what I read, that when I use public wi-fi, if I use a VPN no one could see who I was. Thats what I'm trying to verify and find a product that will do that. Secure-tunnel and Hotspot Shield describe how they say it can be done, look them up. Is what they say true? I don't know, thats why I'm asking. All I want to do is to make sure when I travel and use public wi-fi that when I surf, no destination or personal stuff sent or received, that they don't know who I am. Would it really matter if they did, no, but the less info my computer gives the better. What is a simply way to accomplish safe public wi-fi use? If I could find a security suite that encrypts my signal, that would be fine also, don't really care how it gets done, as long as it gets done.
SagaLore
Elite Member
- Dec 18, 2001
- 24,036
- 21
- 81
Do you have broadband at home? Do you use an Internet router/firewall? Does it have vpn capabilities?
I tried looking up HotSpot Shield, but their site is currently down. I don't understand how a freeware application can make your wifi more secure. If it connected back to their network, then you're routing your connection through them, so better make sure they can be trusted to watch your data.
I tried looking up HotSpot Shield, but their site is currently down. I don't understand how a freeware application can make your wifi more secure. If it connected back to their network, then you're routing your connection through them, so better make sure they can be trusted to watch your data.
Plaintext? Are you saying that the PSK used the in the VPN tunnel build is sent over the wire/air (or whatever layer1 medium) and not encrypted? That is not what I understand. That means that anyone using a coffee house wireless may be exposing their corporation's/division's VPN PSK (if not using Certs) every time they use it. Can you elaborate, links?
sourceninja
Diamond Member
- Mar 8, 2005
- 8,805
- 65
- 91
I highly recomend openvpn. It is free, very secure, easy to setup, and can (when properly setup) protect you in these situations.
SagaLore
Elite Member
- Dec 18, 2001
- 24,036
- 21
- 81
For starters, watch this video to see how fast it can be cracked. This video too.
During the IKE phases to establish an IPSec tunnel, you do create a secure channel for the rest of the authentication. But keep in mind - for you as the receiver, to decrypt what you're receiving, you must have all the information necessary. After the tunnel is established, its considerably difficult to decrypt those packets. This prevents interception. But, if the attacker has watched the entire communication from start to finish, then they have all the same information you have to decrypt the packets.
Maybe I was misunderstanding your original message. I thought you to say that the VPN tunnel itself is built in cleartext. If so, I have/had a lot more to understand.
I was not curious about WPA.
Unable to watch the videos for some reason. I did look at Openvpn, but the link I saw made it appear very difficult to set up, unlike hotspotshield which is suppose to do the same thing. The comment about freeware, well, zonealarm, ad-aware, true-crypt, avast, avg, the list goes on, can we trust any of them if its freeware? If we pay for their product can we trust them then? Even the pay services, who knows who they really work for. I understand your concern and it certainly is a calculated risk, but being free doesn't make it anymore so than paying for it in my opinion, you just never know.
SagaLore
Elite Member
- Dec 18, 2001
- 24,036
- 21
- 81
Yes but here is the difference - software that protects your system, free or not, remains on your system. There are chances of some information leakage (Google toolbar for example), but its minimized by what you're willing to accept. If you use software that protects your communication between your machine and every other machine out there, then you actually have to route all those packets through somebody's else network. Its not encrypted after they've received it.
Oakenfold
Diamond Member
- Feb 8, 2001
- 5,740
- 0
- 76
Is the cost of the control justified by the cost of not paying for protection?
If you pay for a product hopefully you will receive some kind of support if you need it, if you go open source or free software you are the tech support. Trust? Unless you wrote the code or have the ability to read it and can reverse engineer you don't know what's happening for every piece of software that you run.
A VPN doesnt require a secure connection to create a secure connection, thats kinda the whole point....
And to the OP, Google has a VPN tool for use on open networks...
Bill
SagaLore
Elite Member
- Dec 18, 2001
- 24,036
- 21
- 81
Sure. But there is a world of difference between establishing the VPN on a switched network and a wireless network. The closest wired equivalent would be a 10baseT network looping around the cafe, into the restrooms, out in the parking lot, into the building next door, etc...
So everything being said - my advice: Do NOT use public wireless to log into or transmit anything financial. If for whatever reason you seriously need to do this, establish the VPN back to a trusted source, i.e. your home or your office, and either use temp passwords you change frequently or two factor authentication involving a time based token (i.e. RSA SecureID). That won't prevent them from decrypting what you sent while on wireless, but will prevent them from gaining access to your home/office network later on.
Originally posted by: SagaLore
The whole point of a VPN would be lost if you couldnt establish a connection from a hostile network, network security in no way determines how safe the VPN is. By design, the network is assumed to be hostile (otherwise, really, whats the point?)
IPSEC AH/ESP / IKE has exactly NOTHING to do with WPA / WEP type security.
Just because WEP and to a much lesser extent WPA have security weaknesses built in to the implementations does NOT mean that the same level of insecurity is associated with IPSEC / AH / ESP / IKE!
Using a VPN product with a remote VPN endpoint hosted by a secure host is an excellent idea to help solve the OP's problem, and it is highly commended that s/he do just that.
I cannot vouch for any particular 3rd party software product or VPN ISP / terminus service, but the idea is a sound one. If you have a business or a home server that can be a custom VPN endpoint and effectively an internet access relay / proxy then that would be just fine for a self managed solution. In that case free software like openvpn or whatever could certainly be well employed.
In theory this sort of thing SHOULD be unnecessary since all web sites and protocols like instant messaging, email access, et. al. SHOULD use encrypted SSL / TLS / AH / ESP / ... type transports for ALL communications. Unfortunately they don't, so a lot of privacy / security sensitive traffic ends up out in the open on various internet pathways.
One thing to help change that would be to ask why your commonly used web sites, communications tools like IM / email providers, et. al. aren't ALREADY 100% encrypted and secured not just during certain financial / authentication transactions, but always, for all content so there might be closer to zero privacy / security / identity concerns about accessing these services from / through untrusted networks.
Just because WEP and to a much lesser extent WPA have security weaknesses built in to the implementations does NOT mean that the same level of insecurity is associated with IPSEC / AH / ESP / IKE!
Using a VPN product with a remote VPN endpoint hosted by a secure host is an excellent idea to help solve the OP's problem, and it is highly commended that s/he do just that.
I cannot vouch for any particular 3rd party software product or VPN ISP / terminus service, but the idea is a sound one. If you have a business or a home server that can be a custom VPN endpoint and effectively an internet access relay / proxy then that would be just fine for a self managed solution. In that case free software like openvpn or whatever could certainly be well employed.
In theory this sort of thing SHOULD be unnecessary since all web sites and protocols like instant messaging, email access, et. al. SHOULD use encrypted SSL / TLS / AH / ESP / ... type transports for ALL communications. Unfortunately they don't, so a lot of privacy / security sensitive traffic ends up out in the open on various internet pathways.
One thing to help change that would be to ask why your commonly used web sites, communications tools like IM / email providers, et. al. aren't ALREADY 100% encrypted and secured not just during certain financial / authentication transactions, but always, for all content so there might be closer to zero privacy / security / identity concerns about accessing these services from / through untrusted networks.
I saw this VPN ISP service mentioned today in an apparently at least somewhat favorable context:
http://www.hotspotvpn.com
I have no experience with it personally.
http://www.hotspotvpn.com
I have no experience with it personally.
Thanks to all who replied, I believe my question has been answered. VPN is the answer it appears, though caution is needed, as I mentioned, nothing important is sent just browsing the internet, no financials or critical stuff. I understand the issue of who is running these free services. And for those who trust a brand name over free stuff, need I remind you AT&T has been giving your private information to the gov't for 20 years, so pay-for service guarantees nothing either, and thats just one example. To be perfectly secure, we'd never turn on our computers. Thanks again everyone, my next post will be how to secure, as best as possible, IM, internet messaging, see you there.
http://en.wikipedia.org/wiki/Off-the-Record_Messaging
For privacy I'd use the above off the record system interoperating with whatever IM client you want via any of the available plug-ins or clients with integrated support or whatever.
In terms of security *of* the IM client wrt. vulnerabilities, bloatware, spyware, et. al.
1) I'd run a 3rd party program like pidgin or whatever that doesn't have all the bloat / spyware / adware / built in vulnerabilities due to the "enhanced" features & bloat.
2) I'd run whatever IM client I was going to use in a fairly locked down (i.e. doesn't expose the host OS's disks / folders / etc.) virtual machine with the IM client only installed and living inside the restricted VM. That way even if you do get some kind of infection or data theft kind of situation, hopefully it'll be constrained to the VM and not affect the security / privacy of the host OS and its files. Of course I'd run the usual anti-malware / anti-virus / anti-spyware stuff inside the VM along with the IM client. IM clients are almost the perfect application to do this sort of thing with; they don't REALLY need access to much any files / resources from the Host machine. They don't REALLY generate a lot of data you'd want to save over on the host machine; at worst you'd copy some log files and stuff over now and then.
3) For privacy (where you're not using OTR or whatever) I'd use standards based generic client programs / products like using SIP protocol over something like SKYPE, use JABBER and its support for encryption over something like MSN/AIM/Yahoo, et. al.
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 25K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes Discussion Threads
- Started by Tigerick
- Replies: 21K
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 23K
-
-
Facebook
Twitter