VPN virtual private network?

securityguy

Nick_C wrote: »

I was describing VPN in general terms for a layperson. Its trusted enough to be used by many major companies.

Yes, but the company controls both ends of the link. The same person, or organisation, will both manage the VPN concentrator and be accountable for the security of the overall network, including the client devices. And of course, a company VPN is mostly there to provide access into the company network from outside, not to protect traffic that's then going to head out, unencrypted, over the Internet.

That's a completely different usecase to an individual paying a company, about which they know for practical purposes nothing, to protect traffic which then heads out of the provider's network.

Nick_C

securityguy wrote: »

Yes, but the company controls both ends of the link. The same person, or organisation, will both manage the VPN concentrator and be accountable for the security of the overall network, including the client devices. And of course, a company VPN is mostly there to provide access into the company network from outside, not to protect traffic that's then going to head out, unencrypted, over the Internet.

That's a completely different usecase to an individual paying a company, about which they know for practical purposes nothing, to protect traffic which then heads out of the provider's network.

Completely agree.

ivavoucher

I use my home internet connection as VPN.
It's a simple setup on some routers and its free.

I have Asus RT-N66U router and it was very easy to set up the VPN.

When away from home I use VPN on phone, pad and laptop.

esuhl

murphydavid wrote: »

Thank you esuhl.
Sorry to be a complete novice and a bit off my original subject. Just to check what you are saying in laymans terms. If I am away from home and log my laptop in at say a cafe that has free internet access and open firefox then send information on a form on a page that starts https (as does yahoo mail). Does the fact that it ends in an "s" mean that the information will be encrypted before it leaves my computer. ie no matter what I am logged on to it can't be read by anyone other than the intended recipient? Also if I use a VPN they wont be able to read it either.
Thanks

No worries -- I'm no expert on computer security myself! But it sounds your main interest is not so much in hiding your identity, but more in protecting your data whilst it is in transit, with only the intended recipient being able to decrypt it. Using public wi-fi can leave you vulnerable to "man in the middle" attacks:

https://en.wikipedia.org/wiki/Man-in-the-middle_attack

I'm pretty sure that this is where SSL (i.e. HTTPS) can protect you. If you connect to facebook.com using SSL, only facebook.com will be able to decrypt your web traffic. However... thinking about it, the public wi-fi network could perhaps intercept your DNS lookup so visiting facebook.com will take you to the malicious network owner's mocked-up version of the site. You enter your username and password, the malicious site decrypts them, and then logs you into Facebook. Everything seems legit from your end, but now the malicious network operator has your login credentials. There's some information on securing DNS requests here:

http://lifehacker.com/how-to-boost-your-internet-security-with-dnscrypt-510386189

If you're not sure if you can trust a third-party VPN provider, maybe the solution would be to set up an encrypted VPN tunnel between your laptop and your home desktop PC. That way, you can be secure on public networks, and no third-party (except for your own ISP) will be able to "see" what you are doing.

If you're worried about what your ISP knows about you (what on earth are you doing?!), then TOR might help... but I (personally) wouldn't use it to access sensitive websites (i.e. your bank) or type in any identifying personal details (e.g. login information) since the "exit node" could possibly see that information...

As I say, I'm no expert, but I think I got all that right! :-)