Good Sam Community

Friend mine is a super high end security guy... He doesn't talk about it at all, but I suspect NSA.

He was in an airport once and got pinged by someone in the airport. He was able to electronically identify the culprit and from there physically identified him. Broadcast a popup directly to the guys computer describing his clothing and told him you're being watched. Guy packed up and immediately left.

Some day I'm going to spend some time with him securing my network and computers better. He has a dedicated hardwired PC that is ONLY used for financial transactions.

mike-s wrote:

Bachelor wrote:
I still don't get it, when all the popular VPN providers provide excellent encryption such as Nord, Express, PIA and several others. They've all been tested and receive generally high marks. How can they be useless, as many of you say? This enquiring mind seeks answers.

For those types of VPN the encryption is only between your PC and the VPN provider. From there it flows across the public Internet, just as it would if there were no VPN. VPNs hide your IP address (there's a NAT gateway at the provider). They don't provide any more connection security than an HTTPS connection, but are popular for use with geographically restricted services (e.g. get US Netflix from some country where it isn't offered).

There are also enterprise VPNs (which were around first), where the VPN provides a tunnel between a client and an enterprise network (or between enterprise networks). Those encrypt all traffic crossing the public Internet, so are basically as secure as being directly on the enterprise network.

Excellent clarification! All my experience is with the latter. I knew the former existed but never quite understood why.

I think I understand better now. Thanks to everyone.

Bachelor wrote:
I still don't get it, when all the popular VPN providers provide excellent encryption such as Nord, Express, PIA and several others. They've all been tested and receive generally high marks. How can they be useless, as many of you say? This enquiring mind seeks answers.

For those types of VPN the encryption is only between your PC and the VPN provider. From there it flows across the public Internet, just as it would if there were no VPN. VPNs hide your IP address (there's a NAT gateway at the provider). They don't provide any more connection security than an HTTPS connection, but are popular for use with geographically restricted services (e.g. get US Netflix from some country where it isn't offered).

There are also enterprise VPNs (which were around first), where the VPN provides a tunnel between a client and an enterprise network (or between enterprise networks). Those encrypt all traffic crossing the public Internet, so are basically as secure as being directly on the enterprise network.

A VPN is encrypted from your PC VPN client application to te VPN server and then is unencrypted from the VPN server out to the “rest of the internet” and the reverse for “inbound traffic”. A VPN is generally used to allow access to a closed network that is attached to a public network. A by-product of a VPN is that the originating location is masked and appears to the internet as the point where the VPN connects to the internet. Keep in mind that the unencrypted traffic from a VPN server to the public internet may still contain data encrypted by an HTTPS session as described below.

By contrast, an HTTPS session is encrypted from your PC browser application to the endpoint server (such as your bank) and only the communication between your PC and the endpoint is encrypted, and your PC location is not masked.

I am not familiar with all VPN clients but would imagine most use TLS for session security just as HTTPS now does and therefore both would be subject to the same vulnerabilities (and likewise are both equally secure at this point in time). On an unencrypted WiFi network a VPN would hide all of your traffic from a local sniffer, not just your individual sessions as with HTTPS. Neither will provide protection from things like connecting to a bad WiFi network and ignoring certificate warnings.

Dave

Good point, Mr. Wizard. I had never considered that. Interesting that the VPN providers advertise security on public connections. Maybe it's all a sham. :h

Posted in error

i don't 'yet' use a VPN
but it would depend on whether the security starts in your PC or at the VPN server

if the data is encrypted inside your PC or at the VPN server

even if the data is encrypted from your browser to the vpn server

the data between your PC and the public wifi is not

every device connected to the public wifi is logging in with the same password "if a password is even needed"

which allows any evil pert, to monitor your signal traffic and attempt to break the encryption key of your VPN

I still don't get it, when all the popular VPN providers provide excellent encryption such as Nord, Express, PIA and several others. They've all been tested and receive generally high marks. How can they be useless, as many of you say? This enquiring mind seeks answers.

mike-s wrote:

Gdetrailer wrote:
A VPN is no more "secure" than an open wifi, period.

A lot of people don't get that, though. I'm assuming the current popular use of "VPN", which is a simple attempt at disguising where you're geographically located.

VPNs are just fine, if they connect to the endpoint's network. Otherwise, they add exactly zero additional security (or perhaps less than zero, since they introduce an new "choke point").

I’ve never used a commercial VPN provider. You’re saying IPSec tunneling is not enabled? Makes it kind of pointless, doesn’t it?

Gdetrailer wrote:
A VPN is no more "secure" than an open wifi, period.

A lot of people don't get that, though. I'm assuming the current popular use of "VPN", which is a simple attempt at disguising where you're geographically located.

VPNs are just fine, if they connect to the endpoint's network. Otherwise, they add exactly zero additional security (or perhaps less than zero, since they introduce an new "choke point").

The thing with those pay as you go VPN services is that you are being routed thru their servers and they can log, track, control all of your internet activities..

You can choose the country you want your VPN ip address to be coming from, so say you are connected to an open wifi in the US, but if you choose a VPN connection to come out of say Canada, that's really the only thing that's happening with that VPN connection.

No additional "security" from that same open wifi.

Your computer is still using an IP address to that open wifi connection it gave you to connect in the first place. The VPN connection you have is just changing the IP address that the web sites you are going to sees..

Anyway, I looked at the Nord VPN and tried it, but cancelled it a couple of days later, as I found out that it simply does not make an open wifi any more secure than just using the open wifi.

When you connect to a new network, your computer should prompt you to select the type of network you are connecting to. At that point, you should select the "public network" option, as that will set your computers firewall to be not let your computer to be visible on the open network.. Nothing is ever 'secure' as such, but I still would not conduct my banking or other password entered web sites from an open wifi, even using a so called "VPN" connection..

Good luck!

Mitch

Bachelor wrote:
I guess, as some of you mentioned, you're more safe using your own hotspot, such as cell phone, your own router, etc.

You're fine with that. If you weren't the banking and shopping industries would be collapsing.