Results 1 to 5 of 5

Thread: Security for public internet connections, VPN?

  1. #1
    Join Date
    Jan 2007
    Beans
    27
    Distro
    Xubuntu 12.04 Precise Pangolin

    Security for public internet connections, VPN?

    Is there a way that the VPN connection can be circumvented? Could someone be listening in on your network traffic as your authenticating with the VPN server and then use those credentials / receive the decryption info to continue looking at the packets passing by? And could they additionally store your credentials for the network to which you have connected?

    I've been wondering about security with internet connections. I have some general paranoia, and just wanted to know if it is silly or if it is justified. I've read a few articles on the matter, and most of them state that you should try to stick to a VPN as much as possible.

  2. #2
    Join Date
    Feb 2008
    Location
    USA
    Beans
    189
    Distro
    Ubuntu 10.10 Maverick Meerkat

    Re: Security for public internet connections, VPN?

    It depends on the VPN connection and how it's configured

    The most basic PPTP VPN connections have weak encryption or no encryption enabled at all, in which case, yes absolutely, everything being passed through the connection can be eavesdropped on. There are also varying levels f this type of VPN connection with varying degrees of vulnerability: MSCHAPv1 and v2 are fundamentally insecure. while MPPE is rather weak.

    (I realize this may be alphabet soup for you. The bottom line is, PPTP VPN isn't all that great, though there are ways to use TLS encryption on it which makes it more secure.)

    Then you have IPSec VPNs, which is Cisco's big thing. This is a much more secure VPN, with end-to-end protection against various different types of attacks. In this case, everything you do through your connection - even logging in to the VPN - is encrypted and secure.

    One potential drawback of IPsec is that it's pretty easy for someone analyzing the data to know that you're using a VPN, and relatively easy to block this kind of traffic. Not that they will be able to see what you're doing, but if you are trying to hide the fact that you're using a VPN at all, or if you're using a VPN to try to get around restrictions on a network (a censorship firewall, for instance), your use of this kind of VPN will be easy to spot and block.

    Personally, I like OpenVPN. It's somewhat simpler than IPsec to get going once you have it set up, and you can get it going using a simple installation token. it uses TLS/SSL encryption, and works really well in traversing NATs. And the great thing is, if you have control of the VPN server, it's pretty straightforward to change the port it runs on. You can even have it run on the same port (443) as an SSL website, making it difficult to ferret out or filter (unless your local network tyrant wants to block access to ALL online shopping, banking and secure webmail sites, among others).
    When you politicize free software, it is no longer "free."

  3. #3
    Join Date
    Oct 2009
    Beans
    Hidden!
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Security for public internet connections, VPN?

    I'm not sure about the VPN thing, but I've always tunneled my traffic over SSH if I'm using a public internet connection.
    Come to #ubuntuforums! We have cookies! | Basic Ubuntu Security Guide

    Tomorrow's an illusion and yesterday's a dream, today is a solution...

  4. #4
    Join Date
    Aug 2006
    Location
    Yellowknife
    Beans
    878

    Re: Security for public internet connections, VPN?

    ssh tunnel ftw.
    Not the cupcakes!
    Trust me.

  5. #5
    Join Date
    Apr 2011
    Beans
    30

    Re: Security for public internet connections, VPN?

    I use Arethusa free VPN

    http://arethusa.su/vpn.html

    it uses OpenVPN TCP

    you don't have to give your details or have an account,

    you can get the CA and Config files for the free server here

    http://bb.s6n.org/viewtopic.php?id=81

    it's real easy to set up


    i like it, it's good

    limit of complete degeneracy,



Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •