On Mi, 09 dec 20, 10:21:46, Joe wrote: > On Wed, 9 Dec 2020 11:49:45 +0200 > Andrei POPESCU <andreimpopescu@gmail.com> wrote: > > > On Ma, 08 dec 20, 12:27:40, Joe wrote: > > > > > > This application is also useful with a home VPN server, if you're > > > not trying to hide anything, but just want to use the Net > > > reasonably safely from an unsafe location e.g. Internet cafe. You > > > can tailor a set of firewall rules to allow nothing in or out > > > except DNS, DHCP and HTTP (normally a local web login is required), > > > not forgetting the tunnelling protocol port out. A VPN client will > > > normally have a switch to route everything through the tunnel to > > > achieve this. > > > > Sorry, I must be dense. How is this improving safety compared to > > accessing the internet from my home network? > > > It isn't. It's improving safety compared to surfing the web from public > wifi or other untrusted network. It then uses your home Internet > connection for surfing the web, etc., which should be safer. Let me rephrase that: how is connecting to the internet from some public hot-spot decreasing my security? I can think of possibly messing with DNS queries (use "own" DNS server instead, maybe with DNSSEC) and possible some attacks are easier via the local network (e.g. by other hot-spot users or local staff). Other that that, as far as I'm aware, the biggest threat are the servers I access with my client software (typically web sites accessed with a browser), in which case it doesn't make any difference whether I access them via some VPN and/or (home) firewall. (Assuming one doesn't run NFS, Samba, etc. *listening* software on the laptop in which case stopping those and/or running a firewall would be indicated.) Kind regards, Andrei -- http://wiki.debian.org/FAQsFromDebianUser
Attachment:
signature.asc
Description: PGP signature