Comments on: Using Public Wi-Fi? Hop Into a Free VPN Tunnel First

By: Ace Winget

Ace Winget — Fri, 30 Jul 2010 16:41:21 +0000

You really need to make sure that everything is secure before you send any kind of secure information to any website. especially bank sites.

By: VPN Haus

VPN Haus — Thu, 19 Nov 2009 21:24:13 +0000

User education is what’s missing here – why VPN is important, what happens to your PC (and your company’s network) if your session get’s hacked, and how to set it all up. With OpenVPN, you take away the user setup piece – very convenient for the user who needs spot email access. If you’re a network admin though … totally different story. OpenVPN doesn’t cut it and unfortunately neither do most systems right now. I’ve been doing a series on Rethinking Remote Access on my blog that you all might find interesting: http://vpnhaus.wordpress.com/category/rethink-remote-access/

By: Man-in-the-middle attacks demoed on 4 smartphones | Steve Shead Dot Com

Man-in-the-middle attacks demoed on 4 smartphones | Steve Shead Dot Com — Wed, 18 Nov 2009 00:21:23 +0000

[...] from sslstrip, while other SSL/TLS based protocols such as imaps, pop3s, smtps, ssl/irc, and SSL-based VPNs never present an opportunity for stripping. This talk will outline some new tools and tricks aimed [...]

By: Man-in-the-middle attacks demoed on 4 smartphones - Opsec

Man-in-the-middle attacks demoed on 4 smartphones - Opsec — Wed, 18 Nov 2009 00:20:16 +0000

By: Brett Glass

Brett Glass — Mon, 16 Nov 2009 18:06:28 +0000

Yes, some third party products make the setup process simple. But the “network setup wizard” in Windows is just as simple. Just tell it that you want to connect to the network at your workplace, and it will set up PPTP in a few clicks.

I wish I could say the same for the Mac. The Mac used to have a utility called “Internet Connect” which likewise set up a VPN connection in a few clicks. But now you have to go through the main Network Preferences control panel, whose strange interface (unique even to the Mac) is very complex and confusing and has gotten more so in “Snow Leopard.” (It’s a shame to see that the Mac is going backwards on ease of use and ease of learning.) I regularly help customers to set up Mac VPNs over the phone, though.

By: glennobrien

glennobrien — Mon, 16 Nov 2009 16:31:39 +0000

I agree with the well put points Dave, however, the majority of users out there still are getting to grips with email – let alone well managed machines ;-) Certainly some of my colleagues struggle with the concept of, don’t leave your machine in the pub!! As with most security issues, its about reducing the risk. Anti virus, firewall etc. VPN software just falls in to the mix.

By: David Morton

David Morton — Mon, 16 Nov 2009 16:14:11 +0000

Man-in-the-Middle attacks aren’t and issue if you pay attention to the certificate that comes with the HTTPS web page. If it is signed from a public source (Verisign, etc) and the server name, company name, etc matches the site you are visiting, you are good to go. Most modern browsers will give you a warning when the info doesn’t match.

I argue that a well managed machine, use of HTTPS/SSL and common sense offer as much or more protection than many of the VPN solutions being discussed here. Don’t get me wrong, VPN can be a great thing, but often people assume that because they are using a VPN that they don’t need to worry about the other stuff.

By: glennobrien

glennobrien — Mon, 16 Nov 2009 15:58:30 +0000

Hi, HTTPS is safe, however Man in the Middle attacks are still possible, there is also a new vulnerability in SSL, however this vulnerability applies mostly to self signed certificates. Most e-banks have trusted certificates from authorities like verisign etc. The best way to avoid all problems is to use VPN!

By: glennobrien

glennobrien — Mon, 16 Nov 2009 12:22:54 +0000

HI, This is great advice and a subject that is often over looked. I agree with the comment regarding the only true security is to port through a secure server – effectively creating a secure tunnel. Ipig does this, but from no techie point, all we want is a simple download and run service with nothing to setup and ongoing server costs! the blog http://securif.wordpress.com has more Q&As relating to this!

By: Eric

Eric — Mon, 16 Nov 2009 12:17:07 +0000

Jon – problem with Nortel product is that the company went chapter 11, so getting it and supporting it will be a problem going forward unless it is purchased and rebranded.

By: Mark

Mark — Mon, 16 Nov 2009 07:14:44 +0000

Pardon my rookie question–> I’ve heard that if I log-in on an https:// website (like for my bank, gmail, etc.) on public wi-fi, that I don’t need a VPN. Is this true?

By: Sebastian Rupley

Sebastian Rupley — Mon, 16 Nov 2009 01:41:06 +0000

@ Brett– excellent input, thanks Brett. Yep, the methods you describe work and there is increased OS support for VPNs. For lots of people, though, I think some of the third-party tools have easy GUIs and make the process simple. One thing I notice from the comments thread here is that some potential VPN users are still under the impression that one needs to be managing some remote server that is being pinged by the VPN client–not so. That’s how it worked years ago, but definitely not now.

Best,
Sebastian

By: Brett Glass

Brett Glass — Sun, 15 Nov 2009 19:17:49 +0000

Sebastian, you don’t need to use any third party software at all to make a VPN connection. Every computer sold today comes with the ability to use PPTP (Point-to-Point Tunneling Protocol), which is secure so long as one uses a strong password. There’s no need for a “certified” product or one that uses a proprietary protocol. And most operating systems (though not Windows) also come with an SSH client, which allows extremely secure tunneling of e-mail. (Free third party SSH clients are readily available for Windows, though.)

In most cases, you’ll have the option of doing “split tunneling” (in which only certain traffic goes through the VPN) or complete tunneling (in which everything, even your browsing, goes through the VPN). The latter is a bit more secure, but so inefficient and slow that it probably isn’t worth it. (If you do anything on the Net that requires security, you will likely be using SSL/HTTPS anyway.)

The only problem you’ll find with VPNs is that some cellular providers (Alltel in particular) limit the lengths of all TCP sessions and will cut off a VPN connection after a certain amount of time. Thus, they can be awkward to use with datacards. But this does not tend to be an issue on public Wi-Fi networks.

By: ophirk

ophirk — Sat, 14 Nov 2009 12:58:17 +0000

While the recommendation is good, if fails to ignore some basic critical elements.
Where do you connect back to ? Is it hub and spoke topology ? route all ?

1. VPN is using cryptography, so certified , vendor based products have strong advantage.

2. There is abig difference between SSL based VPNS and IPSEC based VPNs,
Unfortunately the differences are not that trivial for regular users.

3. Firewall traversal, NAT Traversal and “office mode” IP’s are important features that have been around foe years. If your VPN client works in one place, it does nor mean it will work in any place.
Moreover, you’ll be surprised when things strat working when you have overlapping IP’s without office private address space.

4. Unfortunately, most big vendors ( cisco,Check Point,Juniper, Microsoft ) have stopped investing development efforts in this area 5 years ago.It seems people don’t really care about encryption and SSL is “good enough” in most cases.

By: Jon

Jon — Sat, 14 Nov 2009 00:33:05 +0000

@Sebatian,

Using a the HotSpot Shield may protect you from other Wi-Fi users in that hotspot, but it does not protect your data the rest of the way across the Internet.

Nortel also provides easy to use VPN clients and gateways, for both IPSec and SSL VPNs, that will secure your data end-to-end.

Regards,
Jon

By: David Morton

David Morton — Sat, 14 Nov 2009 00:11:12 +0000

VPNs can be a good thing, though one that I rarely use. My computer spends most of its day on an open network (with a public IP address no less). I use SSL encryption for my email and HTTPS/SSL for most websites that I will be posting/reading non-public information. Strongish passwords, up-to-date OS and reasonable firewall settings round out the package. I’d recommend these steps even with a VPN.

In the end, I don’t think that a solution like the Hotspot Shield offers me much extra protection.