how secure are SSL VPN's?

Question:

2010-06-25 06:58:28 UTC

if i am using public wi-fi using a good ssl vpn can i feel confident enough to any kind of browsing / banking or personal info?

Six answers:

2010-06-25 11:35:50 UTC

VPN is the current best available secure communication.

However, there can be conditions wherein the users API is compromised (as in keylogger) or the public WiFi has 'gateway' technology inserted into the data stream pre-VPN connection.

If any network uses a properly configured "gateway", all traffic (including "secure connection" types) can be completely transparent & copied, and used for any purpose, unknown to you.

The use of some varieties of "gateways", where all of the clients in a network are accepting a certificate from the gateway, which shows a secure connection, but in fact allows the gateway to impersonate a remote server.

The gateway is trusted like a legit certificate authority, and is able to sign the certificates of sites that you think you're visiting.

Your traffic is decrypted there, analyzed, and then re-encrypted for its transit across the Internet.

To ascertain your 'VPN' connection is not being proxied (and therefore potentially compromised a la 'man-in-the-middle' snooping):

look @ the 'properties' of your VPN client and it's certificate pedigree (the 'chain of trust' or the 'certification path'); who's issuing the certificate, and so on. Untrusted issuing authorities, between the end point and your machine would be an indication of some monkey business.

For example: a corporate environment or hotel, where the connection was using the gateway to issue certificates.

Want more?

Virtual Private Networks (VPN): Theory & Solutions

Episode #14 & 15

http://www.grc.com/sn/sn-014.htm

http://www.grc.com/sn/sn-016.htm

2010-06-25 17:28:35 UTC

SSL-based VPNs were designed to eliminate the need for complex configurations on the user's PC. Unfortunately, that was before the dangers of public WiFi networks and tougher regulatory requirements came into being. Thanks to WiFi, many attacks that were difficult are now quite simple. In particular, a man-in-the-middle attack can intercept SSL-encrypted traffic, rendering SSL-based VPNs useless - even if it's protected by a typical one-time password system. The man-in-the-middle can easily feed the one-time password into the SSL-based VPN within the alloted time.

In order to thwart this attack, mutual authentication is required. Mutual authentication means that the user is validated to the site and the site is validated to the user. In this document, we will show how to configure the WiKID Strong Authentication System to provide strong, mutual authentication for SSL-Explorer.

Weblly

2014-10-06 19:53:31 UTC

A Virtual Private Network acts as an encryption tunnel between you and the Internet, making sure that your Internet access is anonymous and that your web browsing is secure. There are a number of computers connected to a VPN, and the data of all of these computers is encrypted before they connect to the Internet. The Surf Easy VPN is a no-log network, meaning that we don’t log your data, web browsing, downloads or IP address on our servers. We want your browsing to be truly anonymous. The greatest advantage is the flexibility of the VPN and there are many types of service applications to set up the network. There are also several protocols used to tunnel the traffic, security mechanisms to protect the data, and authentication methods to allow the tunnelling of data to be transferred.

2010-06-25 11:26:37 UTC

I use the Personal VPN, http://www.surfbouncer.com and it's totally secure being built on OpenVPN. They even offer a 256 bit AES service which is military grade encryption. http://www.surfbouncer.com/256_bit_vpn.htm

2014-04-19 17:51:14 UTC

When i highly recommend employing http://www.vpnpower.net to unblock web-sites. I am using their services for more than 4 years without issues.

PCeeze

2010-06-25 10:58:52 UTC

Yes, provided you have a good firewall, malware protection and your computer is up to date with its patches.

ⓘ

This content was originally posted on Y! Answers, a Q&A website that shut down in 2021.

about - legalese