I realize this is not a ubuntu-related question but I hope some other security professionals here will provide feedback as I'm an avid Ubuntu user and setting up a VPN is easily accomplished with a Ubuntu distro.
What are the risks of hosting VPN services and what would be sufficient, from a high level, to operate safely? It seems to me that VPN hosts should not freely offer service to whomever purchases a subscription, or host a free VPN farm for that matter, as cyber criminals could easily use that VPN connection to conduct illegal activity. If you wanted to host a legitimate VPN service such as Private Internet Access or Tunnelbear I would think you'd need to invest heavily in providing evidence that any illegal activity was not initiated by your service, but was initiated by the subscriber. Perhaps you should have monitoring measures in place to stop any such activity if it violates the ToS but that might go against any guarantee of privacy that is offered. How do VPN services operate and likely provide a passthrough for illegal activity and also protect themselves from prosecution? I've tried googling phrases like "VPN Server / Hosting risks" and several tutorials on setting up a VPN server, but I can't find anything that addresses the risks.
Also - I realize that a VPN is supposed to provide a secure, encrypted connection to the VPN service. However, if you're connecting to a site providing SSL how is that different than using a VPN? The SSL-enabled site provides a security connection using public and session keys. I realize that VPN offers more options: more security protocols, authentication methods, and it seems a VPN connection is less susceptible to man-in-the-middle attacks, but what about your data being sent from the VPN service exit node and the destination host? Is that segment of the connection not open to the same vulnerabilities? Isn't the SSL connection again being setup between the SSL-enabled site and the VPN exit node? If that's the case, then it seems the VPN is more about serving as an intermediary, not for its encrypted traffic between itself and the subscriber.
Bookmarks