should I use a VPN

Adcadet · Feb 5, 2003

hey all -
so I was reading up on my university's wireless access and the VPN they suggest you use. This makes sense, as you don't want all your info floating about in the air unencrypted. Just for fun I downloaded the software (Cisco's) and it seems to run just fine. But should I bother running the VPN software when I'm connected to my LAN at home or at work? I currently run Zone Alarm, so I don't feel totally naked.

(FYI: I don't have wireless access yet, but will starting in the fall)

Mercutio · Feb 6, 2003

There's a performance hit in using a VPN, which is subjectively unnoticable on a LAN, and may be noticeable on 802.11b - my seat-of-the-pants guess is it "costs" about 10% in overhead to do the VPN thing, but I don't have everyday access to an AP, so let's just say there *is* a perceptable slowdown.
As for why should use it? Especially on a campus, where there are well-educated, bored and largely amoral kids, I think the best reason of all might just be the fact that something bad COULD happen to you.

After a while, wireless just gets taken for granted. It's there. So rather than saying "oh, well I'll just be careful", maybe you should say "Oh, well, I'll probably forget to be careful, and this way I'll have another layer of defense."

Make sense?

Pradeep · Feb 6, 2003

I don't see how Zone Alarm will protect your wireless link. The problem is that the WEP encryption built into 802.11b is trivially broken. I don't know whther they fixed it for 802.11g or a. Best to be sure and use a secondary security system. For your home network you could just use a certificate based one?

honold · Feb 6, 2003

you only need the vpn for the wireless bits, but yes, you need it (unless your data is worthless)

Adcadet · Feb 6, 2003

Pradeep said:
I don't see how Zone Alarm will protect your wireless link. The problem is that the WEP encryption built into 802.11b is trivially broken. I don't know whther they fixed it for 802.11g or a. Best to be sure and use a secondary security system. For your home network you could just use a certificate based one?

Well, hopefully Zone Alarm will at least restrict some programs from sending out my data.

I get the point that when using wireless it makes good sense to use VPN. But what about when sitting at home or at work and on a regular LAN? Is there any point then, other than to prove that I can make it work?

Pradeep · Feb 6, 2003

Well if you are at home and connecting to work, then a VPN connection is probably a good idea. Whether you worry about it on your home network, if you have a good firewall I wouldn't bother.

Cliptin · Feb 6, 2003

Pradeep said:
Well if you are at home and connecting to work, then a VPN connection is probably a good idea. Whether you worry about it on your home network, if you have a good firewall I wouldn't bother.

Again, unless you live in student housing and run wireless at home. At least some Cisco equipment lets the administrator restrict access based on MAC address (linksys products do too). If they are not requiring this I would definitely VPN.

blakerwry · Feb 7, 2003

cliptin, you mean restrict the server from allowing clients to obtain or specify an IP address on your network (unless they have the correct MAC address)?

This is an excellent feature and I'm glad most routers have it built in now (my Dlink 704 has it)... the only practical applications I can see for it in a home or small office type situation though is 1) wireless computing (practically a requirement) or 2) you have physical conenctions to the network that are publicly accessible.. and you dont want people leeching off your network or gaining access to information.

Mercutio · Feb 7, 2003

If you've got a real firewall (e.g. not ZoneAlarm) you can do all KINDS of fun things to lock down your AP, but none of those things help for the guy who is sitting outside your home or office with a laptop with a 802.11 card running netstumbler, just watching the traffic that's being broadcast. WEP is pretty broken. IMO, if you want privacy and you use 802.11 at all, you need to at least look into PPTP.

Cliptin · Feb 7, 2003

Cliptin said:
Pradeep said:

Well if you are at home and connecting to work, then a VPN connection is probably a good idea. Whether you worry about it on your home network, if you have a good firewall I wouldn't bother.

Click to expand...

Again, unless you live in student housing and run wireless at home. At least some Cisco equipment lets the administrator restrict access based on MAC address (linksys products do too). If they are not requiring this I would definitely VPN.

On second thought, I would VPN regardless. As Merc said, You are likely in an area where people have plenty of equipment and time.

should I use a VPN

Adcadet

Storage Freak

Mercutio

Fatwah on Western Digital

Pradeep

Storage? I am Storage!

honold

Storage is cool

Adcadet

Storage Freak

Pradeep

Storage? I am Storage!

Cliptin

Wannabe Storage Freak

blakerwry

Storage? I am Storage!

Mercutio

Fatwah on Western Digital

Cliptin

Wannabe Storage Freak