dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
2073
share rss forum feed


secureity

@saitis.net

Strength of VPN encryption

what is the encryption type and strength of sonic.net's vpn?



DaneJasper
Sonic.Net
Premium,VIP
join:2001-08-20
Santa Rosa, CA
kudos:9

It depends on what VPN client you use to connect. For the Sonic.net supplied Cisco VPN client, we should always negotiate 168 bit 3DES with HMAC-MD5 authentication.

-Dane



secureity

@ccc.de
reply to secureity

that seems pretty secure. i think i should feel safe even if i had to access the internet on a restaurant's wireless connection.

my only concern is being disconnected. suppose the connection is unstable, and i get disconnected for their internet, then immediately reconnected for some reason. how would sonic.net's vpn software respond? in those brief moments, is it possible that i might access sensitive information without the protection of the vpn?



DaneJasper
Sonic.Net
Premium,VIP
join:2001-08-20
Santa Rosa, CA
kudos:9

The Cisco VPN software pops up if the encrypted connection fails.

This is a concern though - for example if you were set up to check POP email without encryption every five minutes, and the VPN went offline and then your client checked. You should always enable encrypted login and communication in your email client application to avoid this.



secureity

@ccc.de

i'll watch out for connection failures then. i'm pretty confident in the strength of the vpn now, but i'm still worried that when i launch some obscure program, it will fail to use the vpn's connection.

how exactly does cisco's vpn software ensure that ALL traffic going through connects to the vpn only, whether i'm running an instant messenger, an email client, an irc client, or a web browser?


klui

join:2001-11-08
Castro Valley, CA
Reviews:
·SONIC.NET

1 edit

said by secureity :

how exactly does cisco's vpn software ensure that ALL traffic going through connects to the vpn only, whether i'm running an instant messenger, an email client, an irc client, or a web browser?

I have not used the VPN software yet but most likely it disables split tunnelling forcing all network traffic to go through the tunnel as long as it is established.

You can test this behavior if you have IP devices in your internal network. If you can't ping them while the tunnel is up, split tunnelling is disabled and all net traffic will go through the VPN. But if the tunnel is up and you can ping any of your internal IPs--presumably a non-routable IP--split tunnelling is enabled and all local addresses will bypass the VPN.

Displaying your routing table will also tell you that but in a much more technical way.

EDIT: grammar and incorrect description of split tunneling disabled.


secureity

@geonosis.org

if i'm doing something sensitive like banking on a restaurant's wifi, is there any way i can change the encryption of the cisco client to a stronger type? what other types of encryption does sonic.net's vpn support?



DaneJasper
Sonic.Net
Premium,VIP
join:2001-08-20
Santa Rosa, CA
kudos:9

said by secureity :

if i'm doing something sensitive like banking on a restaurant's wifi, is there any way i can change the encryption of the cisco client to a stronger type? what other types of encryption does sonic.net's vpn support?

If you are doing banking, the website itself will use application layer HTTPS, SSL encryption, and cannot be snooped, even if your underlying connection is not encrypted.

Using the VPN would mean a second layer of encryption of the already-encrypted HTTPS - very, very secure.


secureity

@torland.me

i don't doubt that https is secure, but i can still think of a few situations in which i may have to disclose potentially sensitive data on a non HTTPS secured connection, rare though they might be.

plus, i'm just a paranoid person in general, and i go for the strongest type of encryption possible (within reason). does sonic.net's vpn support other types of encryption? if not, it's fine. i just want to know.



DaneJasper
Sonic.Net
Premium,VIP
join:2001-08-20
Santa Rosa, CA
kudos:9

said by secureity :

i don't doubt that https is secure, but i can still think of a few situations in which i may have to disclose potentially sensitive data on a non HTTPS secured connection, rare though they might be.

plus, i'm just a paranoid person in general, and i go for the strongest type of encryption possible (within reason). does sonic.net's vpn support other types of encryption? if not, it's fine. i just want to know.

I don't believe you can change the encryption level.

-Dane