On Saturday 11 Jun 2016 17:57:11 Dale wrote: > Howdy, > > I ran up on a video website that had some info on it. I found it > interesting and was curious about what it said and another question I > been wondering about. It mentioned using a VPN so that the NSA, my ISP > and others couldn't "see" what was going on.
I don't think there is any VPN service offered for a fee to the public that hasn't been compromised by the NSA, with or without the cooperation of its owners (unless it is based outside the USA). At a basic level a VPN tunnel is no different to functionality than SSH. Like SSH both ends (local & remote peers) must be able to negotiate a connection over the VPN tunnel. High(er) grade ciphers, PFS and SSL certificates create a more secure tunnel than otherwise would be the case. > So, my first question, > does that work and does it require the site on the other end to have it > set up as well? BOTH sites must be able to negotiate a tunnel, using the same ciphers. IKE VPNs are more fiddly to set up and troubleshoot than SSH. > Bonus question, is it easy to use on any site if it > doesn't require the other end to use it? The way public these public VPN services work is by acting as a proxy server forwarding your connection ownard to your intended website, without revealing your local IP address. As long as the connection to the intended website is also encrypted, e.g. over https, then your connection remains both anonymous and secure. > I'm thinking of using this for > my banking/financial sites as well if it is a good idea. Good idea if you are out and about a lot, using unsecured public WiFi for this purpose. Depending how you can configured your Linksys you could use your own local network for the same purpose, i.e. as a SOCKS5 server. > This is something I been wondering about and I've seen a few posts here > that bump around the edges of this question. As most here know, I use > Gentoo. It's a older install but I keep it up to date. I sit behind a > DSL modem, a older Westell one, and a Linksys router, the old blue nosed > one. Neither modem or router has wireless stuff included. Is that > hardware and my Gentoo install pretty secure for most hackers? In other > words, since I don't keep the formula to run car/truck engines on water > here, would this stop most since there is nothing worth stealing here? You haven't given this much thought ... How would all these hackers who want to steal the secret of running car engines on water, know that you have nothing worth stealing in your secret lab? > I'm not interested in a NSA based hardened install here, just reasonably > secure. > > Basically, I'm just wanting to make sure I'm reasonably secure here. > > Dale > > :-) :-) I guess you are reasonably secure, if by secure you mean protecting your LAN from unwanted penetration and you have a firewall configured on the Linksys, your PC's are NAT'ed and finally you have a firewall configured on your Gentoo PCs. However, being secure is a relative term and in your case ill defined. -- Regards, Mick
signature.asc
Description: This is a digitally signed message part.
