Re: Encrypted VPN software?
- From: "[Anonymous] Persona" <anonymous@xxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 02 Jan 2006 01:12:43 -0500
-----BEGIN TYPE III ANONYMOUS MESSAGE-----
Message-type: plaintext
In <Xns973ECC9C8915Cabcxyzcom@xxxxxxxxxxxxxxx> "nemo_outis" <abc@xxxxxxx> wrote:
>"[Anonymous] Persona" <anonymous@xxxxxxxxxxxxxxxxxxxx> wrote in
>news:1136166132_99@xxxxxxxxxxxxxxx:
>
>> -----BEGIN TYPE III ANONYMOUS MESSAGE-----
>> Message-type: plaintext
>>
>> In <Xns973E873ECF228abcxyzcom@xxxxxxxxxxxxxxx> "nemo_outis"
>> <abc@xxxxxxx> wrote:
>>>"[Anonymous] Persona" <anonymous@xxxxxxxxxxxxxxxxxxxx> wrote in
>>>news:1136141973_98@xxxxxxxxxxxxxxx:
>>>
>>>> -----BEGIN TYPE III ANONYMOUS MESSAGE-----
>>>> Message-type: plaintext
>>>>
>>>> There is a site offering free software without pop ups or
>>>> tracking that purportedly allows encrypted and anonymous
>>>> Peer-to-Peer connections and web connections.
>>>>
>>>> If I understand correctly, it uses VPN technology.
>>>>
>>>> http://www.hamachi.cc/
>>>>
>>>> Can anyone enlighten me regarding the benefits, drawbacks and
>>>> risks of this type of software? Is one's IP address revealed
>>>> or discernable to the person or web site on the other end of
>>>> the connection?
>>>>
>>>> Persona
>>>>
>>>> -----END TYPE III ANONYMOUS MESSAGE-----
>>>>
>>>
>>>
>>>
>>>Hamachi is a very good system. The Hamachi servers are only used to
>>>establish the original connection; thereafter the two ends of the VPN
>>>talk directly to each other with no Hamachi involvement. Security is
>>>very strong and your private key is NOT disclosed to the Hamachi
>>>servers which brokers the connection.
>>>
>>>The reason for the brokered connection is that this goes a long way
>>>towards defeating corporate firewalls/filters when setting up the VPN.
>>>A "meet in the middle" approach for setup followed by point-to-point
>>>thereafter.
>>>
>>>With that said, however, I am a big (no, make that gigantic!) fan of
>>>OpenVPN. It is a bombproof open-source multi-platform SSL/TLS VPN
>>>(not just a makeshift alternative but actually much better than the
>>>standard IPSEC, PPTP (spit!), or L2TP). Those are complicated , have
>>>interoperability problems, but worst of all, have real problems
>>>tunnelling through corporate firewalls and routers (or even just a
>>>hotel router if you are using your laptop out on the road and want to
>>>connect back to the ranch).
>>>
>>>There has been a great series of discussions of VPN issues by Steve
>>>Gibson of grc (including Hamachi, OpenVPN, and others) at:
>>>
>>>http://www.grc.com/SecurityNow.htm#20
>>>
>>>See particularly episodes 15, 17, 18 & 19 for VPN (Lots of other good
>>>info on other topics on this site as well)
>>>
>>>For OpenVPN wander on over to: http://openvpn.net/
>>>
>>>Regards,
>>>
>> I'm impressed. Very impressed. Unfortunately, I think I know so
>> little about what I'm impressed about that I must ask more questions
>> even after reading the information on the openvpn.net site and the
>> hamachi site. After reading the www.grc.com papers I get the
>> impression that it's like SSL - each knows who's connecting, but
>> no one in between will know what's going on. Is that right?
>
>
>The most fundamental thing about VPN is that's exactly what it is: a
>virtual private network.
>
>Many other encryption protocols can let this application or that
>application, this protocol or that protocol, connect to a distant
>computer system but they must be set up individually at the application
>level. VPN allows a distant computer to connect to another computer on a
>faraway LAN as if it was just another local computer on that LAN. From
>there you work out what programs it can run, what data it can access on
>the "local" LAN. It's done at the network level once and for all, not
>once at a time for each application.
>
>The "as if it was connected locally" is the VPN part. The connection is
>not just another physical wire to an ethernet hub on the local LAN but an
>encrypted connection over the internet - a virtual connection. How to do
>that encrypted internet connection so you appear as part of the local LAN
>(and it appears to you) is where the various VPN technologies differ.
>(Note that there are some "almost VPN" technologies as well, just to
>muddy the water :-)
>
>The various VPN methods differ in complexity, in whether they are open,
>proprietary or in-between, whether they are all software, all-hardware or
>a mix, whether they interoperate between different hardware and software
>vendors, and how easy they penetrate firewalls and routers (important,
>for instance, when you are out on the road and trying to connect to the
>company VPN back home).
>
>
>> I'm familiar with mixminion, types I and II remailers, TOR, SSH
>> tunnels, and proxies. Can you briefly explain what VPN does to
>> make connections "secure"?
>>
>> In particular:
>>
>> 1. Do the parties connecting to one another see each other's IP
>> addresses - or can someone configure a connection to ferret out
>> the connecting party's IP address?
>> 2. Are all packets encrypted from the source computer to the
>> destination computer (a la TOR or SSH tunnel)?
>
>There's no attempt to hide the end-points of a VPN - who's connecting to
>whom (at least at the IP level) is not hidden. However, what the VPN
>does offer is once-and-for-all encryption and authentication with no need
>to set it up multiple times for different programs, etc. All programs
>would use one common encrypted VPN tunnel. So for spies on the internet,
>"they" can know who you're connected to but not what you're doing.
>
>
>> IOW, is this a form of anonymous connection with encryption, or is
>> it more like P2P with encryption (where each can see the other's
>> IP address - or it can be determined with dedicated software
>> for that purpose)? If I connect with the Pentagon, will they
>> know who I am? or is it more like Freenet?
>
>
>A VPN is just an extension of a local LAN (even if that LAN consists of
>just one computer) so that the LAN can be extended to faraway places, not
>over a hard wire, but over an encrypted internet connection. You must be
>known to and have privileges on that LAN VPN server before you can
>connect to it and do anything - it's just like signing on to your LAN
>from your desktop computer at a company each morning, except that you can
>do it from a thousand miles away.
>
>
>> Also, on another note, I see that hamachi seems to allow web browsers
>> but openvpn doesn't. How does that affect communication, security
>> and file transfer?
>
>
>Hamachi is a "near-VPN" and not a true VPN. A true VPN is not tied to
>any particular protocol or application (e.g., a browser). Hamachi's
>claim to fame is its ability to almost always be able to burrow through
>corporate (& university, etc) firewalls, etc. to establish an encrypted
>link with the outside - it's very good at that. Moreover, it's much
>easier to set up than other VPNs since it uses the familiar browser
>interface (no VPN is truly easy to set up, but some crappy ones, like
>Microsoft's PPTP, do have some fairly slick interface "wrappers" that,
>say, open-source OpenVPN cannot match.)
>
>Regards,
>
I think I understand now. It reminds me of "PC Anywhere" except
encrypted. I've noticed people using it to remotely control
their computers.
In the end, however, the true security comes from knowing who
you are connecting to. From your laptop to your computer is
secure. From your computer to a bunch of other computers of
people you barely know (or don't know) isn't very secure.
Persona
-----END TYPE III ANONYMOUS MESSAGE-----
.
- Follow-Ups:
- Re: Encrypted VPN software?
- From: nemo_outis
- Re: Encrypted VPN software?
- References:
- Re: Encrypted VPN software?
- From: nemo_outis
- Re: Encrypted VPN software?
- Prev by Date: Re: Happy New Year!
- Next by Date: Re: Encrypted VPN software?
- Previous by thread: Re: Encrypted VPN software?
- Next by thread: Re: Encrypted VPN software?
- Index(es):
Relevant Pages
|
