Mick wrote: > On Saturday 11 Jun 2016 17:57:11 Dale wrote: >> Howdy, >> >> I ran up on a video website that had some info on it. I found it >> interesting and was curious about what it said and another question I >> been wondering about. It mentioned using a VPN so that the NSA, my ISP >> and others couldn't "see" what was going on. > I don't think there is any VPN service offered for a fee to the public that > hasn't been compromised by the NSA, with or without the cooperation of its > owners (unless it is based outside the USA). > > At a basic level a VPN tunnel is no different to functionality than SSH. > Like > SSH both ends (local & remote peers) must be able to negotiate a connection > over the VPN tunnel. High(er) grade ciphers, PFS and SSL certificates create > a more secure tunnel than otherwise would be the case. > >
After the Snowden thing, I read a article that talked about how the NSA could monitor https data and decrypt it basically, live. In other words, they didn't have to spend time breaking it because they already knew how to break it with some sort of backdoor method. I don't recall where the article was just that it was a site I've seen mentioned a fair amount when it comes to geeky/nerdy stuff. In other words, not some site just looking to stir the pot. >> So, my first question, >> does that work and does it require the site on the other end to have it >> set up as well? > BOTH sites must be able to negotiate a tunnel, using the same ciphers. IKE > VPNs are more fiddly to set up and troubleshoot than SSH. > > >> Bonus question, is it easy to use on any site if it >> doesn't require the other end to use it? > The way public these public VPN services work is by acting as a proxy server > forwarding your connection ownard to your intended website, without revealing > your local IP address. As long as the connection to the intended website is > also encrypted, e.g. over https, then your connection remains both anonymous > and secure. > This explains some of what I read on the link Dutch posted. Since https seems to have already been broken, well, there goes that. >> I'm thinking of using this for >> my banking/financial sites as well if it is a good idea. > Good idea if you are out and about a lot, using unsecured public WiFi for > this > purpose. Depending how you can configured your Linksys you could use your > own > local network for the same purpose, i.e. as a SOCKS5 server. > I only access my bank and such from my desktop. I don't have a laptop or one of those smart phones either. I wouldn't mind a laptop but not interested in a smart phone. That said, I've been notified by me cell phone folks that I have to get a newer phone before they do their tower upgrade. If I don't, my phone won't work any more. I have a old Motorola Razr thingy. Hey, it makes/receives calls and does a decent text. It works. I also don't butt dial since it is a flip phone. lol >> This is something I been wondering about and I've seen a few posts here >> that bump around the edges of this question. As most here know, I use >> Gentoo. It's a older install but I keep it up to date. I sit behind a >> DSL modem, a older Westell one, and a Linksys router, the old blue nosed >> one. Neither modem or router has wireless stuff included. Is that >> hardware and my Gentoo install pretty secure for most hackers? In other >> words, since I don't keep the formula to run car/truck engines on water >> here, would this stop most since there is nothing worth stealing here? > You haven't given this much thought ... How would all these hackers who want > to steal the secret of running car engines on water, know that you have > nothing worth stealing in your secret lab? > Well, I'm sure a lot can be told by the fact that I'm on a basic home DSL account. I'm not on J. B. Blows secret services network. Now if I had a super fast connection that had something interesting in the name, then I could see someone peeking around and thinking, let's go break into this network because he has some neat stuff to steal. Basically, I'm not NSA.gov. ;-) Although, it would be odd but funny to read about the NSA being hacked since they are the ones nosing into everyone else's stuff. o_O >> I'm not interested in a NSA based hardened install here, just reasonably >> secure. >> >> Basically, I'm just wanting to make sure I'm reasonably secure here. >> >> Dale >> >> :-) :-) > I guess you are reasonably secure, if by secure you mean protecting your LAN > from unwanted penetration and you have a firewall configured on the Linksys, > your PC's are NAT'ed and finally you have a firewall configured on your > Gentoo > PCs. However, being secure is a relative term and in your case ill defined. > There is a website somewhere out there that scans to see if a puter can be seen or not. I've ran it before and it always gives me a clean bill of health. Basically, the only port it sees is the one it is using to do the test. Sort of hard to break into something they can't see but I'm sure there is some hacker out there somewhere that could get around that too. I'm not going to dream about being as secure as a bank or something. It's not reasonable to think I could do that. I just want to be reasonably secure given what I can reasonably do. I've had folks tell me that DSL is more secure than cable service. I've also read that having a router added into the mix also helps, since it is one more step they have to make. Hopefully that is enough. I've been running Linux for over a decade. So far, I've never had anyone hack into anything here. I use Lastpass to handle my passwords and use a pretty secure master password. I just try to do the things I can to make it at least difficult. If someone wants to go to the trouble to break in to find out that I'm subscribed on a bunch of Linux mailing lists, well, they deserve what they get. ROFL Thanks. Dale :-) :-)
