MITM attack is exactly why I'd like my users to go through OpenVPN. So I am hearing MITM (for general internet browsing) becomes more probable if my server does not use the directive "redirect-gateway def1 bypass-dhcp" vs. if it were using it, correct?
-----Original Message----- From: Jason Haar [mailto:jason_h...@trimble.com] Sent: Wednesday, October 16, 2013 4:33 PM To: openvpn-users@lists.sourceforge.net Subject: Re: [Openvpn-users] OpenVPN Security On 17/10/13 02:42, Les Mikesell wrote: > Banking transactions would normally be done over https - which uses > ssl. Openvpn would add another layer over the open wifi hop, but I'm > not sure how much that adds to the security. For one thing it stops MITM attacks. Most people are naive and if they're on an untrusted network and someone MITM'ed their bank connection, they will click through the browser "don't trust this website" warning and bam - they've lost their bank creds. Forcing users through openvpn puts them on a trusted network where such skulduggery doesn't happen (and you could have AV proxies and other such stuff) ...of course, if the untrusted network is truly 0wneD, it could break openvpn, leading to the annoyed user disabling openvpn in order to get a working Internet connection and - well - see the first sentence ;-) You can try to engineer yourself a foolproof system, but the Universe can always engineer a better fool -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +1 408 481 8171 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 ---------------------------------------------------------------------------- -- October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60135031&iu=/4140/ostg.clktrk _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users ------------------------------------------------------------------------------ October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60135031&iu=/4140/ostg.clktrk _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
