VPN's

[JTilling]

Hi All

I am thinking about getting some sort of VPN to encrypt data etc. I wondered how many of you use them/reccomend them?

 

which ones do you use? Is there any that are free or which ones are worth paying for?

So far I've looked at Nord VPN and my AVG antivirus has reccomended I use its own VPN

 

thoughts?

[ImagineerTom]

Ok obvious question.... "why?"

 

There are plenty of legitimate needs for VPN but a vegue concept of "encrypting data" isn't an especially good one. If you believe you're holding sensitive data that needs protecting then you need a much more comprehensive policy in place than just buying a vague online service and if you are being bombarded by adverts that make you think on a personal level you need one for "security against hackers" then I have a bridge I'd like to sell you.

[timmeh2]

Hi

 

3rd party VPN providers generally cause greater security issues than they fix.

They leave you wide open to MiTM attacks. HTTPS provides sufficient encryption to perform banking and eCommerce without the need for a VPN.

 

All the best

Timmeh

[emsgeorge]

I echo the thoughts 'whats the reason'.

 

We went on a very expensive journey sorting all out IT kit out for gdpr.

 

All laptops and desktops are now on win10 pro - allowing bitlocker to be used (windows in built hard drive encryption software)

 

All laptops have docks, and Kensington locks when at desks.

 

The network switch is now a decent managed one, with vlans.

 

The ubiquiti wifi AP's are now split into our core network, and guest networks, so they cant see our machines or server.

 

The server is now in a locked rack, covered by camera.

 

We have a big red 1u firewall sat in the rack, that stops all the outside nasty attacks coming in.

 

That's off the top of my head. It doesn't need to be expensive or massive to ensure that you can secure your data, and keep it secure. Its sometimes the simple things of not giving everyone access to the HR info, or payroll folders, and keeping it separate.

[JTilling]

Thanks for replies so far. I basically was thinking about the amount of public WiFi hotspots I use around the country with my job and thought it might be nice to have a little extra security when doing things like online banking or even using my crm software etc. I may just be being paranoid to be honest but a few people I know have started using them, though if I’m honest I couldn’t see a huge reason at the time but they all said it was a good idea to be using one.

 

 

[Gerry]

A VPN doesn't encrypt data.

It makes the connection between you and, say, your bank more difficult to hack into.

So it is very sensible to use a VPN for your online banking if you are using a public WiFi connection.

Cheers

Gerry

[Jivemaster]

From watching several "black hat conference talks" on youtube they regard "the venue's" guest wifi as totally open to hack BUT regard mobile broadband as much much harder to hack. But nothing is secure in the digital domain, ask the NSA how much data escaped with Snowden and whether he was the only leaker? And this was from supposedly a secure establishment.

[JTilling]

So which one do you reccomend?

 

A VPN doesn't encrypt data.

It makes the connection between you and, say, your bank more difficult to hack into.

So it is very sensible to use a VPN for your online banking if you are using a public WiFi connection.

Cheers

Gerry

 

 

 

[ImagineerTom]

A VPN doesn't encrypt data.

It makes the connection between you and, say, your bank more difficult to hack into.

So it is very sensible to use a VPN for your online banking if you are using a public WiFi connection.

Cheers

Gerry

 

No it doesn’t. It adds an extra level of security between your computer and the server operated by the VPN company. Beyond that server the connection is travelling across the “same internet” as if you hadn’t used the VPN. It makes you marginally more secure against people hacking you who are also attached to the public Wifi you connected to the net via. Broadly speaking that is NOT where hackers are hanging around. It also means yours (and thousands of other people’s) valuable data is all coming out of the same connection of the VPN server company making this an attractive target for hackers as whilst there might be more security in place, once cracked a hacker has unrestricted access to thousands of sensitive transactions.

 

Most “hacking” comes from people stealing your passwords through old school scams and people choosing crappy passwords. Second biggest level of hacking comes from people hacking VPN or cloud based services and stealing millions of transactions in one hit. The number of hackers who are floating around public WiFi networks physically trying to decrypt your passwords and usernames and do anything with them is almost immeasurably small.

[adamantiumxt]

So which one do you reccomend?

 

As a start, you can try the free offering from Windscribe, which is quite generous with its free offering. There's also SigaVPN which requires you to use a separate OpenVPN client but is completely free - however, with all VPN providers, there is the issue that they might be snooping on your traffic themselves, even if this seems unlikely for those two.

One issue with the free ones is that they often don't have UK servers, and if they do, they are shared with many other users, so services such as iPlayer detect VPN usage.

 

 

I personally pay €3.50 a year for a LowEndSpirit VPS based in the UK, which is more than ample for running a VPN server, and the relatively low amount of users per IP address meaning that iPlayer is fully working. Though it does require a bit of work to set up (maybe up to an hour if you're unsure of what you're doing), this can be quite a fun learning experience! If you do choose down this route, I recommend you read this guide first. To set up the VPN server follow this. If you have any questions, feel free to message me!

 

Adam

[nickb12345]

If your sole purpose for using a VPN is to offer increased security when using unencrypted WiFi networks then the simplist solution is to VPN to your home or office router and then connect out to the net from there. This does rely on a half decent internet connection there and also a router slightly better than the ISP provided ones. But with a Microtik RB Lite setting you back not much more than £20 there is really no reason to use an ISP provided router these days

[ImagineerTom]

GDPR regs- you shouldn’t be using CRM software across open networks and in situations where you have no working knowledge of the security of the connection. A $5 VPN isn’t going to absolve you of your responsibilities to protect the data you hold and take basic steps to ensure it’s oroperly protected.

 

As others have pointed out, just connecting over cellular data is already several orders of magnitude more secure than connecting to public WiFi with a cheap unknown VPN.

[Jivemaster]

All the major cellular networks offer a data only option, a little box that has a SIM card and receives their network broadband and gives it to you by wire or wireless. Never use Mac Wifi again. If the hacking of your data would cause problems then don't use that computer on the web, certainly don't expose confidential data to a free wifi that's shared between every customer of ASDA MacD etc