Vpn

Johno100

dipsomaniac wrote: »

in all my 30 years of computing i don't think i have ever used a vpn. what am i missing?

Personally I don't use mine for security /privacy reasons rather I use it to access geo-blocked content from overseas.

Anthorn

arciere wrote: »

I haven't read all the posts so I apologise if this has been said already.
You don't get more 'security' by using a VPN tunnel, unless YOU are the one who provides the service. All you get is a private connection between your device and the other end device (basically, the provider that is giving you the service).
If you are not the person that manages the connection at both ends, then you will need to trust the other end because, effectively, you are giving them access to all your data and everything that travels through the tunnel. Are they more reliable and trustworthy than your ISP? Who knows?
In regards to the previous question from dipsomaniac, you don't normally *choose* to use VPN, it is usually a requirement when you need to connect different sites together (in a corporate environment).

Personally, I don't use VPN for my private connections because there is pretty much no advantage.

Any hacker worth the title will search for open ports or rather his software does it for him or her. When s/he finds an open port s/he gets the IP address and et voila access to your computer. But if you're using a VPN all the hacker gets is the server of the VPN service and no access to your own computer.

The other main use of a VPN related to the above is to prevent tracking. For example your IP address betrays your location and your ISP which can be related to other data about you to build a file all about you (it's called data mining) but if that IP address is the VPN and not your's your location is not betrayed.

A lot is made by VPN services of being Netflix friendly but what is missed is that to use Netflix one has to log in with a username and password. So for example to use Netflix in both the U.K. and U.S.A. two subscriptions are required. Also Netflix is very good at blocking VPNs so while a VPN works on Netflix today it might not work tomorrow.

Lastly, the VPN I use was not forced upon me, I chose it for my private communications to keep them private! I also use OpenPGP but that's another story.

RumRat

Use a VPN to stop your ISP snooping on your internet activity. If the Government gets it's way, a VPN will become essential to stop ISPs logging all your internet usage.
Of course, it's necessary to ensure that whichever VPN you choose, doesn't log activity.

Anthorn

RumRat wrote: »

Use a VPN to stop your ISP snooping on your internet activity. If the Government gets it's way, a VPN will become essential to stop ISPs logging all your internet usage.
Of course, it's necessary to ensure that whichever VPN you choose, doesn't log activity.

Exactly! Personally I find it very disconcerting that ISPs and data miners can snoop on my internet activity. I don't do anything illegal on the internet nor anywhere else but still it's very bad that I can get snooped on. It's kinda like having sex with my nearest and dearest and having that recorded by secret cameras and then it's distributed to all and sundry!

arciere

Anthorn wrote: »

Any hacker worth the title will search for open ports or rather his software does it for him or her. When s/he finds an open port s/he gets the IP address and et voila access to your computer. But if you're using a VPN all the hacker gets is the server of the VPN service and no access to your own computer.

You are a bit confused here. A VPN is just a tunnel between A and B. It does not encapsulate A.
What this means is that you will always be connected to the internet via your ISP (with your own IP address), but the traffic that your computer decides to divert, will go through the tunnel. But this does not mean that you are invisible to the external world. It only means that whatever is transmitted through the tunnel, it can't be seen from others. (EDIT: to be clear, it CAN be seen, but since it's encrypted, it can't be understood. So your ISP will always know that your IP address is transmitting/receiving something to/from the VPN provider IP address).
Since you are talking about ports, a PPTP based VPN uses TCP port 1723. So if your hacker scans your IP, he will see port 1723 open, plus all the others you would normally have open unless you manually closed them.

Anthorn wrote: »

The other main use of a VPN related to the above is to prevent tracking. For example your IP address betrays your location and your ISP which can be related to other data about you to build a file all about you (it's called data mining) but if that IP address is the VPN and not your's your location is not betrayed.

.
Wrong. Your ISP will always know your IP address, no matter how many VPN you use.
ISP is the provider giving you internet access, the VPN tunnel comes after that. What the ISP can't see is the data you transmit through the tunnel.

Anthorn wrote: »

Exactly! Personally I find it very disconcerting that ISPs and data miners can snoop on my internet activity. I don't do anything illegal on the internet nor anywhere else but still it's very bad that I can get snooped on. It's kinda like having sex with my nearest and dearest and having that recorded by secret cameras and then it's distributed to all and sundry!

The difference here is that your ISP won't be monitoring your internet activity, but the company providing you the VPN service will. Plus, who tells you that when you connect to your bank account, the VPN provider doesn't store your passwords? How can you be sure that a hacker doesn't monitor the activity between your bank's website and the VPN provider browsing on your behalf? If you trust your VPN provider based in China or Russia more than your ISP, then happy days.

that

Anthorn wrote: »

Any hacker worth the title will search for open ports or rather his software does it for him or her. When s/he finds an open port s/he gets the IP address and et voila access to your computer.

Nooooo, the person/software doing the scanning always knows the ip beforehand. From here they scan the ports looking for vulnerabilities. Even if everything is locked down, processing a large number of requests at once (DDOS) could cause the device to fail in an unpredictable way

Anthorn

arciere wrote: »

You are a bit confused here. A VPN is just a tunnel between A and B. It does not encapsulate A.
What this means is that you will always be connected to the internet via your ISP (with your own IP address), but the traffic that your computer decides to divert, will go through the tunnel.

What you are describing is a Proxy and not a VPN and there is a difference: What it comes down to is the security of the data stream. With a Proxy the data stream is fully open and can be accessed by anyone. We can liken it to regular http. All a proxy does as you say is divert traffic.

On the other hand the data stream of a VPN is encrypted so while traffic originating in your device goes through your ISP they cannot read it unless they have the encryption key. That's the whole point of a VPN protecting against data mining by ISPs.

arciere

Anthorn wrote: »

What you are describing is a Proxy and not a VPN and there is a difference: What it comes down to is the security of the data stream. With a Proxy the data stream is fully open and can be accessed by anyone. We can liken it to regular http. All a proxy does as you say is divert traffic.

On the other hand the data stream of a VPN is encrypted so while traffic originating in your device goes through your ISP they cannot read it unless they have the encryption key. That's the whole point of a VPN protecting against data mining by ISPs.

What I said is that even if you use a VPN, your ports will still be open, including the ones used for the VPN tunnel itself.

You normally initiate a VPN connection from the operating system. Your router/modem will still be connected to your ISP with its own IP address and its own open ports, that have nothing to do with your VPN connection initiated from your computer.
VPN doesn't let others see what you are downloading/uploading, but your ISP IP address will still be there, which won't be necessarily linked to your computer, but rather to the main router or modem.
Others most likely won't see what you are doing, but still know that your IP address has opened a VPN connection with another IP address (and this is how some ISP can block VPN).
You can connect to as many VPN as you wish, but if your router has ports open, they will remain open.
P.S. If you have a printer, smartphone or other device connected to your network, they won't be affected by your connection to the VPN from your laptop.
A hacker will still be able to see your original IP address and what ports your router has open.

arciere

that wrote: »

Nooooo, the person/software doing the scanning always knows the ip beforehand. From here they scan the ports looking for vulnerabilities. Even if everything is locked down, processing a large number of requests at once (DDOS) could cause the device to fail in an unpredictable way

There's a something called 'IP scan', which is different than a 'Port scan'.

AndyPix

To be clear ..


A potential hacker would start an IP address scan - scanning IP addresses incrementally.


Once they got a ping reply, they would then perform a port scan on that IP address, and continue any attacks accordingly


This is all possible regardless of VPN usage


All a VPN does is encrypts the traffic between two locations


Scanning ports to find IP addresses doesnt make sense