| 1 |
On Saturday 11 Jun 2016 17:57:11 Dale wrote: |
| 2 |
> Howdy, |
| 3 |
> |
| 4 |
> I ran up on a video website that had some info on it. I found it |
| 5 |
> interesting and was curious about what it said and another question I |
| 6 |
> been wondering about. It mentioned using a VPN so that the NSA, my ISP |
| 7 |
> and others couldn't "see" what was going on. |
| 8 |
|
| 9 |
I don't think there is any VPN service offered for a fee to the public that |
| 10 |
hasn't been compromised by the NSA, with or without the cooperation of its |
| 11 |
owners (unless it is based outside the USA). |
| 12 |
|
| 13 |
At a basic level a VPN tunnel is no different to functionality than SSH. Like |
| 14 |
SSH both ends (local & remote peers) must be able to negotiate a connection |
| 15 |
over the VPN tunnel. High(er) grade ciphers, PFS and SSL certificates create |
| 16 |
a more secure tunnel than otherwise would be the case. |
| 17 |
|
| 18 |
|
| 19 |
> So, my first question, |
| 20 |
> does that work and does it require the site on the other end to have it |
| 21 |
> set up as well? |
| 22 |
|
| 23 |
BOTH sites must be able to negotiate a tunnel, using the same ciphers. IKE |
| 24 |
VPNs are more fiddly to set up and troubleshoot than SSH. |
| 25 |
|
| 26 |
|
| 27 |
> Bonus question, is it easy to use on any site if it |
| 28 |
> doesn't require the other end to use it? |
| 29 |
|
| 30 |
The way public these public VPN services work is by acting as a proxy server |
| 31 |
forwarding your connection ownard to your intended website, without revealing |
| 32 |
your local IP address. As long as the connection to the intended website is |
| 33 |
also encrypted, e.g. over https, then your connection remains both anonymous |
| 34 |
and secure. |
| 35 |
|
| 36 |
|
| 37 |
> I'm thinking of using this for |
| 38 |
> my banking/financial sites as well if it is a good idea. |
| 39 |
|
| 40 |
Good idea if you are out and about a lot, using unsecured public WiFi for this |
| 41 |
purpose. Depending how you can configured your Linksys you could use your own |
| 42 |
local network for the same purpose, i.e. as a SOCKS5 server. |
| 43 |
|
| 44 |
|
| 45 |
> This is something I been wondering about and I've seen a few posts here |
| 46 |
> that bump around the edges of this question. As most here know, I use |
| 47 |
> Gentoo. It's a older install but I keep it up to date. I sit behind a |
| 48 |
> DSL modem, a older Westell one, and a Linksys router, the old blue nosed |
| 49 |
> one. Neither modem or router has wireless stuff included. Is that |
| 50 |
> hardware and my Gentoo install pretty secure for most hackers? In other |
| 51 |
> words, since I don't keep the formula to run car/truck engines on water |
| 52 |
> here, would this stop most since there is nothing worth stealing here? |
| 53 |
|
| 54 |
You haven't given this much thought ... How would all these hackers who want |
| 55 |
to steal the secret of running car engines on water, know that you have |
| 56 |
nothing worth stealing in your secret lab? |
| 57 |
|
| 58 |
|
| 59 |
> I'm not interested in a NSA based hardened install here, just reasonably |
| 60 |
> secure. |
| 61 |
> |
| 62 |
> Basically, I'm just wanting to make sure I'm reasonably secure here. |
| 63 |
> |
| 64 |
> Dale |
| 65 |
> |
| 66 |
> :-) :-) |
| 67 |
|
| 68 |
I guess you are reasonably secure, if by secure you mean protecting your LAN |
| 69 |
from unwanted penetration and you have a firewall configured on the Linksys, |
| 70 |
your PC's are NAT'ed and finally you have a firewall configured on your Gentoo |
| 71 |
PCs. However, being secure is a relative term and in your case ill defined. |
| 72 |
|
| 73 |
-- |
| 74 |
Regards, |
| 75 |
Mick |
Archives