Re: [PLUG] VPN

[Rich Freeman <r-plug@thefreemanclan.net>]

On Sun, May 29, 2011 at 6:36 PM, Stephen Slaughter
<steve2slaughter@gmail.com> wrote:
> My goal is to encrypt all my internet traffic so that no one can intercept
> or modify it.
> I read a few security articles which led me to believe that a VPN could
> secure my internet traffic.
> Is this true or not?  If yes, how?  If not, what is the best way to
> accomplish my goal?

So, a VPN is a great way to get traffic from point A to point B, but
it requires support on both ends.  To use a VPN with GMail, for
example, you'd have to call up Google and get them to set up a VPN
server on their network connected to the Gmail servers.  You'd have to
do the same thing with everybody else you communicate with.  Obviously
this isn't practical.  VPNs tend to be used more for connecting two
networks with many machines on them, or by a company getting many
laptops onto its corporate network.  It isn't very good for
communication between random individuals.

The best you're going to be able to do for truly encrypting your
internet traffic in general is using encrypted protocols like SSL for
everything.  The problem is that only about 5% of the things you do on
the internet probably support it.

Now, if your concern is your local ISP evesdropping on communications,
you could get somebody else on the internet (maybe somebody you pay)
to set up a VPN server that you'd tunnel into.  All your
communications would be unencrypted on the internet in general, but
they would be encrypted as they traverse your ISP - which is the most
likely place that somebody would try to intercept your communications
if they are targetting you in general.  However, this will do you no
good against somebody just tapping into some big router on the
internet and just capturing everything that goes through it.

>
> I'd also like to make my traffic anonymous.  I had Tor configured a few
> months ago before the release of Firefox, but my browser performance
> was horribly slow.  I read somewhere that I could increase the speed by
> shortening the circuit, but this would
> make traffic analysis easier for an attacker.  Not exactly sure how to
> shorten the circuit anyway!

Yup - Tor is slow in practice, since only a few people run exit nodes.
 Also, your anonymity depends greatly on what you send over the
connection.  The obvious example is that if you type your address into
a form on a webpage, the server it ends up on and anybody intercepting
the hops between that server and the Tor exit node will know exactly
who you are.  The less obvious example is that your browser probably
divulges all kinds of info that could be traced back to you, and pages
running Javascript can divulge even more.

Running Tor also serves to encrypt your data out to the internet, but
not once it is on the internet itself.

>
> I'm just a student trying to learn things!  And I don't like the idea of
> anyone eavesdropping or tampering with my communications!

Yup - unfortunately most people don't care much, which means that most
places you communicate with don't really do much to support end-to-end
encryption.  At best you're only going to be able to encrypt past your
ISP and not end-to-end except for specific services that support
SSL/etc.

What is really needed is encryption at the TCP connection level -
there is very little reason these days why every TCP session shouldn't
be encrypted.  Authentication is harder, but again there is no reason
that SSL certificates shouldn't be in DNS records protected by DNSsec
(and thus be better protected than having CAs signing them).  If
encryption and authentication were the default then quite a few
attacks would be prevented.

Rich
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug