Product Activation Still Coming >>
<< Microsoft Making Changes To Browser To Quiet...
 tdicon 

Nokia Reminds Carriers That Customers Will Use... >>
<< Concourse Roams with NetNearU
 | 


Wireless

by Mike Masnick

Mon, Oct 6th 2003 10:51pm





Should We VPN All Connections?

from the sounds-good-to-me dept

I've been having this discussion with people for nearly two years now, wondering why more people aren't aware of the general dangers of data traveling across a wireless network. While there are plenty of stories about security problems with WiFi, they tend to focus on the wrong thing. The real issue is that anyone else on the same network can easily access any data traveling through the network that isn't encrypted. The most basic solution to this is to use a VPN - and now some are predicting that VPN use is going to spread so that it isn't just for corporate computers logging on from outside the corporate network but for all data transmissions between computers. I think this is a great idea, and am honestly quite surprised that there haven't been more efforts to offer personal VPN products to encrypt all data flows. Right now, if you don't have a corporate VPN or don't want to set up a VPN yourself (no fun task), you're left with few reasonable options for the everyday user. Boingo, the WiFi aggregator offers a VPN service on top of their WiFi subscription plan, but that only makes sense if you're traveling and using Boingo WiFi hotspots on a regular basis. There's also HotSpotVPN, which is a great idea - but at nearly $9/month probably too costly for your average non-business user. I'm surprised that (as far as I know) no one else has come out with a basic VPN offering for the home user. It seems like the sort of thing that a Symantec or a ZoneAlarm (or even a Microsoft) would want to offer. Better yet, why wouldn't an ISP offer it? All your data is already going through their machines, so why not VPN the connection?

9 Comments | Leave a Comment..


If you liked this post, you may also be interested in...
 

Reader Comments (rss)

(Flattened / Threaded)

  1.  

    No Subject Given

    identicon
    w.h., Oct 7th, 2003 @ 7:08am

    That was what IPsec was supposed to solve.

    Key distribution is the problem.

    reply to this | link to this | view in thread ]

  2.  

    IPSec, IPv6 and Key Distro

    identicon
    Anonymous Coward, Oct 7th, 2003 @ 7:49am

    What's the news that IPv6 will be all IPsec from the ground up? Those rumours, mostly congealed, are what's pushing me to get into IPSec vs the other guys, because it's supposed to be pretty close to what's going to be Standard.

    I'm of the opinion that the feature of IPSec with the most potential is this Opportunistic Encryption method, although my reading of it is very light. It seems that, if the DNS records can be maintained to where we almost trust their integrity, we can publish our keys as DNS entries per-machine, and have connections to those machines pass encrypted.

    Yeah, in all we're looking at a 12-20% higher traffic numbers and processors that are way more overworked than before (all hail that malformed hunchback of an idea, the TCP Offload Engine!), but it's not just the desire to hide my MSN family chats from Echelon's prying eyes that makes me want to secure stuff. That dream where more affluent versions of ourselves are ordering pizza via the 6"x6" handheld touchy-pad device, using our credit card from the hot tub, that's a nice dream, and I want to LIVE that dream, damn it.

    This 'add ssl to everything that moves' mentality is a half-measure at best, and we really need to get IPSec going full-time in order to realize the goal of where all of our traffic is harder-than-trivial to sniff. Opportunistic Encryption is, from what little I know, a half-step toward a real solution, if we can achieve the minor victory of getting pubkeys into a trustable form of DNS.

    (and I mean something more than what DJB promotes)

    reply to this | link to this | view in thread ]

  3.  

    No Subject Given

    identicon
    Anonymous Coward, Oct 7th, 2003 @ 9:17am

    Personally I use SSH, scp, sftp etc. on my LAN anyway - even WebMin is running over SSL.

    reply to this | link to this | view in thread ]

  4.  

    HotSpotVPN

    identicon
    Anonymous Coward, Oct 7th, 2003 @ 10:45am

    Does anyone know anything about this HotSpotVPN company? Who is it? How long have they been in business? Why should I trust them with all my traffic? It looks like a good service, but I am curious how much due diligence PC Magazine did before writing about them. Anyone know anything about this company?

    reply to this | link to this | view in thread ]

  5.  

    Re: HotSpotVPN

    icon
    Mike (profile), Oct 7th, 2003 @ 10:58am

    I had the same concerns, actually. I even wrote the guy and pointed out that there was no reason why I should feel safe having all of my traffic go through his server - since it could just be him taking all my data.

    I've emailed back and forth with him to the point that I trust him, but you should do your own homework.

    As for how long they've been in business, they launched earlier this year (around March, I believe).

    reply to this | link to this | view in thread ]

  6.  

    Average Joe

    identicon
    John Doe, Oct 7th, 2003 @ 1:36pm

    Perhaps the reason that most people are not that concerned about VPN's is that for a majority of users, they just don't care if their transmission is intercepted. I mean, for the average user, I don't believe they care if their Pr0n downloading or pictures and email from Grandma are intercepted and viewed by others. Perhaps I'm wrong, but I would imagine this is why VPN's only seem to be an issue with my network admin when I am working from home/

    reply to this | link to this | view in thread ]

  7.  

    Re: Average Joe

    identicon
    Benjamin, Oct 7th, 2003 @ 2:35pm

    Yes, but once upon a time no one had anti-virus software on their computers either. Remember the Newt Gingrich cell phone tap? It is only a matter of time before someone cruises the home of someone high profile and intercepts their IM traffic and leaks it to the press. Then everyone will get paranooid at once.

    reply to this | link to this | view in thread ]

  8.  

    Opportunistic Encryption

    identicon
    Michael Bravo, Oct 9th, 2003 @ 8:26am

    There's more than one implementation of IPSec that supports opportunistic encryption; most importantly, FreeSWAN does, and this means that almost every Linux server can be configured to support it.

    With a little effort (just an additional DNS record) instant VPN level encryption can then be achieved. Note - I do not even think it's a panacea, but this significantly raises the bar for routine sniffing and bruteforcing.

    reply to this | link to this | view in thread ]

  9.  
    identicon
    vpn&proxy, Feb 28th, 2009 @ 4:19am

    We use a vpn to secure connectivity - this eliminates the need to expose internal systems to the whole wide world. Related to topic- proxy

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>


Product Activation Still Coming >>
<< Microsoft Making Changes To Browser To Quiet...
 tdicon 

Nokia Reminds Carriers That Customers Will Use... >>
<< Concourse Roams with NetNearU
 | 

A word from our Sponsors...
Follow Techdirt
Flattr rss rss

Powered by Postrank

From the Techdirt Archive...
A word from our Sponsors...

Close

Email This