[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: VPN ideas

On Mi, 09 dec 20, 10:21:46, Joe wrote:
> On Wed, 9 Dec 2020 11:49:45 +0200
> Andrei POPESCU <andreimpopescu@gmail.com> wrote:
> > On Ma, 08 dec 20, 12:27:40, Joe wrote:
> > > 
> > > This application is also useful with a home VPN server, if you're
> > > not trying to hide anything, but just want to use the Net
> > > reasonably safely from an unsafe location e.g. Internet cafe. You
> > > can tailor a set of firewall rules to allow nothing in or out
> > > except DNS, DHCP and HTTP (normally a local web login is required),
> > > not forgetting the tunnelling protocol port out. A VPN client will
> > > normally have a switch to route everything through the tunnel to
> > > achieve this.  
> > 
> > Sorry, I must be dense. How is this improving safety compared to 
> > accessing the internet from my home network?
> >
> It isn't. It's improving safety compared to surfing the web from public
> wifi or other untrusted network. It then uses your home Internet
> connection for surfing the web, etc., which should be safer.

Let me rephrase that: how is connecting to the internet from some public 
hot-spot decreasing my security?

I can think of possibly messing with DNS queries (use "own" DNS server 
instead, maybe with DNSSEC) and possible some attacks are easier via the 
local network (e.g. by other hot-spot users or local staff).

Other that that, as far as I'm aware, the biggest threat are the servers 
I access with my client software (typically web sites accessed with a 
browser), in which case it doesn't make any difference whether I access 
them via some VPN and/or (home) firewall.

(Assuming one doesn't run NFS, Samba, etc. *listening* software on the 
laptop in which case stopping those and/or running a firewall would be 

Kind regards,

Attachment: signature.asc
Description: PGP signature

Reply to: