• Visitors can check out the Forum FAQ by clicking this link. You have to register before you can post: click the REGISTER link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. View our Forum Privacy Policy.
  • FREE webinar: What does a post IR35 reform CV look like? : Wed, Jul 28, 2021 7:15 PM - 8:15 PM BST More details here.

VPNs - how more secure?

Collapse
X
  •  
  • Filter
  • Time
  • Show
Clear All
new posts

    VPNs - how more secure?

    I'm on a VPN at the moment, in a coffee shop, and apart from spoofing my location (good for accessing streaming apps that have location restrictions) and causing Gmail to have a hissy fit and block my email access because it thinks I'm somewhere else, I can't quite get my head around how more secure they might be.

    If I were to be doing my online banking my details might be hidden from sniffers on the coffee shop wireless, but surely my details are now going through a server in God knows where that I have no clue who owns or has access to?

    #2
    Quite. VPN might stand for Vladimir Putin Network.
    Last edited by xoggoth; 12 January 2019, 16:44.
    bloggoth

    If everything isn't black and white, I say, 'Why the hell not?'
    John Wayne (My guru, not to be confused with my beloved prophet Jeremy Clarkson)

    Comment


      #3
      Absolutely. Depends how much you trust your VPN provider. Still, I think the worry is more about privacy (snooping, logging etc. by the provider) than security.

      Comment


        #4
        Originally posted by meridian View Post
        I'm on a VPN at the moment, in a coffee shop, and apart from spoofing my location (good for accessing streaming apps that have location restrictions) and causing Gmail to have a hissy fit and block my email access because it thinks I'm somewhere else, I can't quite get my head around how more secure they might be.

        If I were to be doing my online banking my details might be hidden from sniffers on the coffee shop wireless, but surely my details are now going through a server in God knows where that I have no clue who owns or has access to?
        Don't implicitly trust the free ones. As you say, you don't know who runs it.
        You can always setup your own with AWS or Azure. At least you might have a better comfort factor that way.
        Don't forget the main crux of the problem with free WiFi is man-in-the-middle. Very complex attacks can easily and dynamically mock-up a web page login imitating popular sites.
        So if you do roll your own VPN make sure you set it up so your client checks the server SSL cert is the correct one and matches a pre-stored serial and alerts you if not correct.

        Sent from my SM-T280 using Tapatalk
        Don't believe it, until you see it!

        Comment


          #5
          I use SurfShark VPN. It's about £2 per month.
          I was an IPSE Consultative Council Member, until the BoD abolished it. I am not an IPSE Member, since they have no longer have any relevance to me, as an IT Contractor. Read my lips...I recommend QDOS for ALL your Insurance requirements (Contact me for a referral code).

          Comment


            #6
            Originally posted by darrylmg View Post
            Don't implicitly trust the free ones. As you say, you don't know who runs it.
            I don't know who runs the paid-for ones, either

            You can always setup your own with AWS or Azure. At least you might have a better comfort factor that way.
            Don't forget the main crux of the problem with free WiFi is man-in-the-middle. Very complex attacks can easily and dynamically mock-up a web page login imitating popular sites.
            So if you do roll your own VPN make sure you set it up so your client checks the server SSL cert is the correct one and matches a pre-stored serial and alerts you if not correct.
            Cheers, thanks for the info.

            If nothing else, at least the thread's confirmed my suspicions and I won't be doing anything too sensitive over VPNs.

            Comment


              #7
              Originally posted by Scruff View Post
              I use SurfShark VPN. It's about £2 per month.
              I'm using IPVanish at the moment. A mate is using NordVPN.

              My question though was about the security aspects of them. Nord, for example, says that they have a "no log" policy. Having a policy is one thing, but I don't understand the technical aspects enough to be able to say whether that is enough.

              Comment


                #8
                Originally posted by darrylmg View Post
                Don't implicitly trust the free ones. As you say, you don't know who runs it.
                You can always setup your own with AWS or Azure. At least you might have a better comfort factor that way.
                Don't forget the main crux of the problem with free WiFi is man-in-the-middle. Very complex attacks can easily and dynamically mock-up a web page login imitating popular sites.
                So if you do roll your own VPN make sure you set it up so your client checks the server SSL cert is the correct one and matches a pre-stored serial and alerts you if not correct.

                Sent from my SM-T280 using Tapatalk
                This is my set up at the moment, I use OpenVPN which was simple enough to set up
                Originally posted by Stevie Wonder Boy
                I can't see any way to do it can you please advise?

                I want my account deleted and all of my information removed, I want to invoke my right to be forgotten.

                Comment


                  #9
                  Originally posted by meridian View Post
                  I'm on a VPN at the moment, in a coffee shop, and apart from spoofing my location (good for accessing streaming apps that have location restrictions) and causing Gmail to have a hissy fit and block my email access because it thinks I'm somewhere else, I can't quite get my head around how more secure they might be.

                  If I were to be doing my online banking my details might be hidden from sniffers on the coffee shop wireless, but surely my details are now going through a server in God knows where that I have no clue who owns or has access to?
                  Indeed. Better off trusting the randomers in a coffee shop than a remote location you have no idea about.
                  It's not easy to break SSL encryption but deliberately passing all your traffic, via VPN, to a man in the middle makes it considerably easier.
                  See You Next Tuesday

                  Comment


                    #10
                    I'm running my own VPN on EC2 in AWS's us-east-1 region. I set it up primarily to get around GDPR blocking by US news sites, but it has all the other benefits of a VPN.

                    It was very straightforward to set up and configure using Algo: GitHub - trailofbits/algo: Set up a personal IPSEC VPN in the cloud

                    Add the certificates and such on my Macs, iPhone and iPad and it was good to go. As I recall it took me less than an hour including reading the instructions, experimenting a couple of times and cocking things up, then setting up the one that's been running without incident since last May.

                    Looking at the AWS billing console, it would appear it costs me about $9 per month, but it's all mine and nobody's sniffing my traffic

                    Comment

                    Working...
                    X