I am running a VPN from my laptop to my home computer. The VPN is
encrypted and I have been using dialup internet access with Zonealarm
firewall. If I were to use the laptop on a hotel unencrypted wireless
network would there be any security problems as far as VPN data is
concerned?
Thanks,
Mike
In article <1141243279.378339.92190@i39g2000cwa.googlegroups.com>,
macosham@excite.com
>I am running a VPN from my laptop to my home computer. The VPN is
>encrypted and I have been using dialup internet access with Zonealarm
>firewall. If I were to use the laptop on a hotel unencrypted wireless
>network would there be any security problems as far as VPN data is
>concerned?
Running an encrypting VPN over an unencrypted wireless network
merely converts the -possibility- of someone intercepting the
packets (by tapping wires or controlling an intermediate router
or by monitoring a microwave or satellite link) into the -certainty-
that someone *could* be intercepting the packets.
If the VPN was secure enough against the possibility that someone
was pulling the packets off of the wire, then it should be secure
enough against someone pulling the packets out of the radio waves.
Unless you are using very weak encryption, that is.
For example, if you are only using single DES (maximum 48 bit key
strength) and you have an aggressive competitor, then it would be
-feasible- for the competitor to sniff your wireless packets and
break at least one layer of your keys -- within a day if they
really went at it, or over several days or weeks with lesser resources.
On the other hand, it might -not- be feasible for the competitor
to get into your building or take control of any of the intermediate
routers or to tap your WAN connection: those things require
Break & Enter or other similar well-recognized crimes -- whereas
the law in most places is pretty weak about passively sniffing
radio packets.
But if you go to 3DES or AES, then the computation resources
required to crack the VPN become large enough that no-one {credible}
claims to have succeeded. If you are up against the resources of
the NSA or similar, they -might- have the computational resources
but would likely find it easier to just bug your laptop.
"macosham@excite.com"
> I am running a VPN from my laptop to my home computer. The VPN is
> encrypted and I have been using dialup internet access with Zonealarm
> firewall. If I were to use the laptop on a hotel unencrypted wireless
> network would there be any security problems as far as VPN data is
> concerned?
Depends on the strength of the encryption, but assuming it's
reasonably strong, it shouldn't be a concern.
Your DNS requests will probably still go in the relative clear, and
your regular web traffic, etc. But as far as your communication with
your home computer, it wouldn't be anything I'd hesitate to do given a
suffiently strong VPN.
--
Todd H.
http://www.toddh.net/
On 1 Mar 2006 12:01:19 -0800, "macosham@excite.com"
>I am running a VPN from my laptop to my home computer. The VPN is
>encrypted and I have been using dialup internet access with Zonealarm
>firewall. If I were to use the laptop on a hotel unencrypted wireless
>network would there be any security problems as far as VPN data is
>concerned?
>Thanks,
>Mike
Mike,
when your VPN is activated on the laptop, all of your traffic SHOULD
be encrypted, unless you are using a a Split VPN Connection. Which
means that only traffic destin for your IP in the VPN will go thru the
tunnel.
Hope this helps
Thanks for the replies.
I have DUN1.4 with Win98SE on the laptop as VPN client. I don't know
what the encryption level is; under properties for the VPN connection I
have 'Require encrypted password' and 'Require data encryption' checked
under the Server Types Tab.The server is a WinXP (home) machine. When I
look at the status of the VPN connection on the laptop, under Protocols
it says:
Microsoft mutual challenge handshake authentication.
Microsoft strong encryption.
So I think the concensus is that if the above represents a good
encryption level I'm safe to connect on an unencrypted wireless network
for 10 minutes each day.
Mike