1 |
Mick wrote: |
2 |
> On Saturday 11 Jun 2016 17:57:11 Dale wrote: |
3 |
>> Howdy, |
4 |
>> |
5 |
>> I ran up on a video website that had some info on it. I found it |
6 |
>> interesting and was curious about what it said and another question I |
7 |
>> been wondering about. It mentioned using a VPN so that the NSA, my ISP |
8 |
>> and others couldn't "see" what was going on. |
9 |
> I don't think there is any VPN service offered for a fee to the public that |
10 |
> hasn't been compromised by the NSA, with or without the cooperation of its |
11 |
> owners (unless it is based outside the USA). |
12 |
> |
13 |
> At a basic level a VPN tunnel is no different to functionality than SSH. Like |
14 |
> SSH both ends (local & remote peers) must be able to negotiate a connection |
15 |
> over the VPN tunnel. High(er) grade ciphers, PFS and SSL certificates create |
16 |
> a more secure tunnel than otherwise would be the case. |
17 |
> |
18 |
> |
19 |
|
20 |
After the Snowden thing, I read a article that talked about how the NSA |
21 |
could monitor https data and decrypt it basically, live. In other |
22 |
words, they didn't have to spend time breaking it because they already |
23 |
knew how to break it with some sort of backdoor method. I don't recall |
24 |
where the article was just that it was a site I've seen mentioned a fair |
25 |
amount when it comes to geeky/nerdy stuff. In other words, not some |
26 |
site just looking to stir the pot. |
27 |
|
28 |
|
29 |
>> So, my first question, |
30 |
>> does that work and does it require the site on the other end to have it |
31 |
>> set up as well? |
32 |
> BOTH sites must be able to negotiate a tunnel, using the same ciphers. IKE |
33 |
> VPNs are more fiddly to set up and troubleshoot than SSH. |
34 |
> |
35 |
> |
36 |
>> Bonus question, is it easy to use on any site if it |
37 |
>> doesn't require the other end to use it? |
38 |
> The way public these public VPN services work is by acting as a proxy server |
39 |
> forwarding your connection ownard to your intended website, without revealing |
40 |
> your local IP address. As long as the connection to the intended website is |
41 |
> also encrypted, e.g. over https, then your connection remains both anonymous |
42 |
> and secure. |
43 |
> |
44 |
|
45 |
This explains some of what I read on the link Dutch posted. Since https |
46 |
seems to have already been broken, well, there goes that. |
47 |
|
48 |
>> I'm thinking of using this for |
49 |
>> my banking/financial sites as well if it is a good idea. |
50 |
> Good idea if you are out and about a lot, using unsecured public WiFi for this |
51 |
> purpose. Depending how you can configured your Linksys you could use your own |
52 |
> local network for the same purpose, i.e. as a SOCKS5 server. |
53 |
> |
54 |
|
55 |
I only access my bank and such from my desktop. I don't have a laptop |
56 |
or one of those smart phones either. I wouldn't mind a laptop but not |
57 |
interested in a smart phone. That said, I've been notified by me cell |
58 |
phone folks that I have to get a newer phone before they do their tower |
59 |
upgrade. If I don't, my phone won't work any more. I have a old |
60 |
Motorola Razr thingy. Hey, it makes/receives calls and does a decent |
61 |
text. It works. I also don't butt dial since it is a flip phone. lol |
62 |
|
63 |
|
64 |
>> This is something I been wondering about and I've seen a few posts here |
65 |
>> that bump around the edges of this question. As most here know, I use |
66 |
>> Gentoo. It's a older install but I keep it up to date. I sit behind a |
67 |
>> DSL modem, a older Westell one, and a Linksys router, the old blue nosed |
68 |
>> one. Neither modem or router has wireless stuff included. Is that |
69 |
>> hardware and my Gentoo install pretty secure for most hackers? In other |
70 |
>> words, since I don't keep the formula to run car/truck engines on water |
71 |
>> here, would this stop most since there is nothing worth stealing here? |
72 |
> You haven't given this much thought ... How would all these hackers who want |
73 |
> to steal the secret of running car engines on water, know that you have |
74 |
> nothing worth stealing in your secret lab? |
75 |
> |
76 |
|
77 |
Well, I'm sure a lot can be told by the fact that I'm on a basic home |
78 |
DSL account. I'm not on J. B. Blows secret services network. Now if I |
79 |
had a super fast connection that had something interesting in the name, |
80 |
then I could see someone peeking around and thinking, let's go break |
81 |
into this network because he has some neat stuff to steal. Basically, |
82 |
I'm not NSA.gov. ;-) Although, it would be odd but funny to read about |
83 |
the NSA being hacked since they are the ones nosing into everyone else's |
84 |
stuff. o_O |
85 |
|
86 |
>> I'm not interested in a NSA based hardened install here, just reasonably |
87 |
>> secure. |
88 |
>> |
89 |
>> Basically, I'm just wanting to make sure I'm reasonably secure here. |
90 |
>> |
91 |
>> Dale |
92 |
>> |
93 |
>> :-) :-) |
94 |
> I guess you are reasonably secure, if by secure you mean protecting your LAN |
95 |
> from unwanted penetration and you have a firewall configured on the Linksys, |
96 |
> your PC's are NAT'ed and finally you have a firewall configured on your Gentoo |
97 |
> PCs. However, being secure is a relative term and in your case ill defined. |
98 |
> |
99 |
|
100 |
There is a website somewhere out there that scans to see if a puter can |
101 |
be seen or not. I've ran it before and it always gives me a clean bill |
102 |
of health. Basically, the only port it sees is the one it is using to |
103 |
do the test. Sort of hard to break into something they can't see but |
104 |
I'm sure there is some hacker out there somewhere that could get around |
105 |
that too. I'm not going to dream about being as secure as a bank or |
106 |
something. It's not reasonable to think I could do that. I just want |
107 |
to be reasonably secure given what I can reasonably do. I've had folks |
108 |
tell me that DSL is more secure than cable service. I've also read that |
109 |
having a router added into the mix also helps, since it is one more step |
110 |
they have to make. Hopefully that is enough. |
111 |
|
112 |
I've been running Linux for over a decade. So far, I've never had |
113 |
anyone hack into anything here. I use Lastpass to handle my passwords |
114 |
and use a pretty secure master password. I just try to do the things I |
115 |
can to make it at least difficult. If someone wants to go to the |
116 |
trouble to break in to find out that I'm subscribed on a bunch of Linux |
117 |
mailing lists, well, they deserve what they get. ROFL |
118 |
|
119 |
Thanks. |
120 |
|
121 |
Dale |
122 |
|
123 |
:-) :-) |