Security – Does VPN secure web traffic? Or: will a home VPN prevent Firesheep attacks

Securityvpn

I use public Wifi constantly when I'm away from home/office. I'm contemplating setting up a home VPN, which my ipod touch and laptop could communicate with via VPN to protect my requests from prying eyes, whether it is through the owner of the public wifi or some script kiddie running firesheep.

Being somewhat ignorant of VPNs, Im wondering if they by default route all requests through the VPN?

I.e., If I connect to public wifi, connect to vpn, and visit a site in the browser, would I expect my request to be routed through the VPN tunnel, and then my home network makes the request and returns the result? Or does HTTP traffic go through the public Wifi, and only POP etc are secure?

Any recommendations for good/easy home VPN?

Thanks!

Best Answer

You can setup a VPN client to forward all traffic over the VPN. This is the default in some VPN clients.

Like @David, I'd recommend OpenVPN. Many low cost routers capable of running OpenWRT (or other flavors of embedded Linux like DD-WRT) can act as OpenVPN endpoints.

For your iPod Touch you'll be stuck jailbreaking to use OpenVPN, though. PPTP, L2PT, or IPSEC are your only choices there "out of the box". I believe that DD-WRT ships with a PPTP server, so that might be a good option, too.

"Firesheep" was about intercepting credentials on wifi networks. Encrypting your traffic when it's traversing an unsecure wifi network will help with that attack.

The fundamental problem, though, being credentials passed "in the clear" (or cookies standing-in-place of credentials) over the network isn't solved by a VPN. You're just pushing the unencrypted traffic to a path between the VPN server and the remote web site.

The unencrypted wifi network may be one of the easiest places to sniff traffic, so using a VPN isn't a completely worthless measure. It's not the only place where traffic can be sniffed, though.

The Real Answer^TM is to run all the traffic between the client and the web server over HTTPS. You can't control that, though. That's going to be up to website operators to wake up and do the right thing.

Related Solutions

Windows – Webserver exposes client real IP address in OpenVPN network

Install bind on the Openvpn/web server. Add a zone for www.example.com to point to the internal IP of the web server and set forwarders for 8.8.8.8 and 8.8.4.4, also make sure it is listening and set as a resolver for internal/VPN subnets.

A basic zone for the Specific subdomain, be sure to replicate any duplicate details as needed.

named.conf.options

forwarders { 8.8.8.8; 8.8.4.4; };
allow-recursion { 10.8.0.0/24; };
allow-query { 10.8.0.0/24; };
listen-on { any; }

Zone File

$TTL 300   
@       IN      SOA     www.example.com. dnsadmin.example.com. (
                        2015000000       ; serial, YYYYMMDDRR
                        8H              ; refresh, seconds
                        2H              ; retry, seconds
                        4W              ; expire, seconds
                        1D )            ; minimum, seconds
@ IN NS ns1
ns1 IN A 10.8.0.5
@ IN A 10.8.0.5

make sure you test and configure openvpn to push this dns server.

Can’t ping one system through VPN, but I can ping the rest of the network

Some kind of ACL or firewall may be running on the VPN that is preventing you from accessing certain addresses or address ranges.

Best Answer

Related Solutions

Windows – Webserver exposes client real IP address in OpenVPN network

Can’t ping one system through VPN, but I can ping the rest of the network

Related Topic