Re: VPN ideas
On Wed, 9 Dec 2020 17:04:43 +0200
Andrei POPESCU <andreimpopescu@gmail.com> wrote:
> On Mi, 09 dec 20, 11:00:41, Joe wrote:
> >
> > I suppose it may depend on where you are. In the UK, public wifi
> > normally uses no encryption, because there are no local staff who can
> > help with problems. So any unencrypted protocol you use can be
> > overheard.
>
> It doesn't matter much whether the public WiFi is using encryption or
> not.
>
> Any unencrypted communication over the internet is vulnerable. Period.
>
> Even if some segments[1] are somewhat protected, the segment between the
> router/firewall/VPN exit point and the server on the internet is still
> completely vulnerable.
>
> It's probably a good idea to always assume your system is connected
> directly to the internet. If you really need to run (vulnerable)
> listening services on it configure them to be stopped and/or firewalled
> whenever outside your home/company network.
>
> [1] in this case the segment between the laptop and the AP via WPA, or
> the segments between the laptop and the VPN exit point.
It's certainly true that "any unencrypted communication over the
internet is vulnerable," but security is not black and white. Say we're
talking about some sort of 0-day MITM vulnerability. Yes, you'll never
be entirely safe insofar as you don't control the entire network path,
but I might be (marginally?) more worried about random people having
access to my network traffic via an unencrypted wireless connection
than about the proprietor of that wireless network or the staff at my
ISP.
Unless my threat model includes state actors, in which case
compromising my ISP might actually be easier and more straightforward
for them ;) But of course, they could also just use the $5 wrench ...
Celejar
Reply to: