[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
> On 20 Aug 2018, at 08:46, Gordon Henderson <gordon+lug@xxxxxxxxxx> wrote: > >> On Sun, 19 Aug 2018, mr meowski wrote: >> >> I'm going to be pretty mind boggled if literally nobody else here is >> using VPNs all the time for everything... > > Let your mind be boggled then because I don't use VPNs. :) Spent a long time convincing myself work still needs a VPN. There are real threats to devices not using VPNs, such as the recent VPNFilter malware. But I’d argue most of these threats also apply to the same traffic on the Internet. Especially if your threat model includes rogue ISPs, rogue telecoms companies, or well resources attackers. In the end I decided that we needed more VPNs, but plenty of big companies came to the opposite conclusion. Whilst the encryption overhead is low you pay per round trip, and to ship data multiple times. That said we ship our DNS traffic over a VPN, and use HTTPS for all business services, so we may be less typical than most. I’ve shied away from 3rd party DNS resolvers before, but now there is a choice of DNS over TLS and DNS over HTTPS I’m thinking of recommending HTTPS://1.1.1.1 Some folk seem to think this was crazy, but using a simple stable config, with DNSSEC, and concentrating our requests with others seems like a plausible approach to make it harder to target our devices, and to prevent those devices making insecure DNS requests. Google reached a similar conclusion for Android P, or possibly they just want to own the Internet. -- The Mailing List for the Devon & Cornwall LUG https://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq