D&C GLug - Home Page

[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

[LUG] Threat modeling, was: VPN

 

On Wed, Sep 23, 2015 at 04:35:59PM +0100, Neil Winchurst wrote:
> I can see the idea but, as ever, the more I research the more I get
> confused. Is a VPN a good idea, mainly to help with personal security?
> It seems that some of them are for Windows only, so which are
> recommended for Linux? If necessary I don't mind paying.
> 
> If anyone can point me in the right direction I would be very grateful,
> even if the advice is 'don't bother'.

Before deciding whether to use a certain security tool - such as a VPN -
it's always worth looking at what your threat model is. In other words,
what kind of "attacks" (a term used loosely here, to include targeted
and non-targeted snooping) you want to protect against.

What a VPN does is make all your traffic go through a remote server in a
way that can't be read* by anyone with access to connection between your
device and said server.

If you don't trust your ISP not to monitor your Internet traffic, a VPN
to any VPN service you do trust is a good idea.

If you don't trust your government not to monitor your Internet traffic,
a VPN to a VPN server located in a country whose government you do trust
is a good idea.

If you don't trust people on the same open WiFi network not to tap your
Internet traffic, again a VPN to any VPN service is a good idea.

If you're worried that someone has physical or remote access to your
computer, then using a VPN isn't going to help you.

If you're worried a service you connect to can trace you, a VPN is only
useful if a) you don't use the same VPN for a very long time b) you
don't think whatever you are doing will be a reason for the service to
contact your VPN provider and c) you're not leaving personal details on
the service.
(Assuming c) doesn't apply, Tor is a good defense against both a) and
b).)

Etcetera.

* there's reasonable evidence that the NSA and its allies had been able
to read a significant portion of VPN traffic (probably using a
Logjam-like vulnerability). But assuming your threat model doesn't
include the NSA going after your specifically, there's not much you can
do as an individual against such threats. Not using a tool like a VPN is
rarely going to make you more secure.

Martijn.

Attachment: signature.asc
Description: Digital signature

-- 
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/listfaq