ANY secure Internet access while traveling?

Questions on how we spend our money and our time - consumer goods and services, home and vehicle, leisure and recreational activities
User avatar
Topic Author
ResearchMed
Posts: 16795
Joined: Fri Dec 26, 2008 10:25 pm

ANY secure Internet access while traveling?

Post by ResearchMed »

We are traveling now, and I don't think there is any secure way to access the Internet to process charge payments for our small business, or to access our business checking account to return security deposits (which we do by check and not by crediting back the charge payment, to get the refund to customers faster - plus we can see the checks clear and thus know the payment has been received).

This isn't a huge problem now, as we are only gone a matter of days (as in the recent past) and these transactions can wait a few days.

However, in a few months, we'll be away for about 12 days overseas, and we'll start doing that more and more.

Is there ANY way to combine something like a password protected hot spot (or even using iPhone as hot spot)?
The link between the laptop and the hot spot isn't secure, AFAIK.

Would a virtual private network make a difference with this link?
(As you can tell, I'm not entirely sure *what* a VPN actually "is"!)

Any other suggestions?

I fear that if there were such a way to connect "away from home/office", it would be better known, so there probably isn't.

Thanks very much.

RM
btraven
Posts: 105
Joined: Tue Jul 02, 2013 3:27 pm

Re: ANY secure Internet access while traveling?

Post by btraven »

Yes, a VPN should be a big help. You download software onto your device that encrypts it before it leaves your computer. A VPN can also help you to look like you are in the US when traveling so you can access US-only sites. One that I use is boxpn.com
User avatar
Topic Author
ResearchMed
Posts: 16795
Joined: Fri Dec 26, 2008 10:25 pm

Re: ANY secure Internet access while traveling?

Post by ResearchMed »

btraven wrote:Yes, a VPN should be a big help. You download software onto your device that encrypts it before it leaves your computer. A VPN can also help you to look like you are in the US when traveling so you can access US-only sites. One that I use is boxpn.com
Thanks very much.

Now, if one uses a VPN and then connects via a password protected device and then on to another site, how is the signal "un"-encrypted on the receiving end (be it an email or some sort of transaction)?

Thanks again!

RM
Mudpuppy
Posts: 7409
Joined: Sat Aug 27, 2011 2:26 am
Location: Sunny California

Re: ANY secure Internet access while traveling?

Post by Mudpuppy »

ResearchMed wrote:
btraven wrote:Yes, a VPN should be a big help. You download software onto your device that encrypts it before it leaves your computer. A VPN can also help you to look like you are in the US when traveling so you can access US-only sites. One that I use is boxpn.com
Thanks very much.

Now, if one uses a VPN and then connects via a password protected device and then on to another site, how is the signal "un"-encrypted on the receiving end (be it an email or some sort of transaction)?

Thanks again!

RM
Think of it like a UPS or FedEx distribution/sorting center. A truck full of packages is sent from one center to another. At the sorting center, the truck is unpacked and packages are sorted onto other trucks to be sent to their way. The VPN tunnel is used to get your data to the "sorting center" in a secure fashion. It's like a secured truck pulling up to the loading dock. The VPN host is the "sorting center" and it's responsible for getting the data to its final destination by whatever method the "sorting center" uses normally. That might mean loading up on another "secured truck" or it might be put on a "normal truck", depending on how the network is set up around the VPN host ("normal truck" is most common).

In a more technical sense, when you use VPN software, you connect to a VPN host (which could be your home machine, your work LAN, some random VPN provider, and so on), which acts like a proxy for all of your data transactions. When you go to a banking website, the data is first sent over an encrypted "tunnel" to the VPN host. The VPN host then decrypts the data ("unpacks" it) and sends it to the banking website using standard TCP/IP communications. If you are visiting an SSL (https) website, the data is first encrypted by the browser, then encrypted AGAIN when it travels through the VPN tunnel, then the tunnel encryption is removed by the VPN host (but the SSL encryption remains), and the VPN host delivers the SSL encrypted data to the web server. Reverse this all to get from the web server back to you.

Hopefully one of those two make sense.
User avatar
Topic Author
ResearchMed
Posts: 16795
Joined: Fri Dec 26, 2008 10:25 pm

Re: ANY secure Internet access while traveling?

Post by ResearchMed »

Thanks.

Actually, that second description (the "technical" one) DID make sense.

I'll look into this when we get home, to be prepared for the next trip.

Not having a secure connection is becoming more and more irritating - and worrisome.

I'd rather delay processing payments than risk exposing the charge card info that has been entrusted to us.
That's the most troublesome aspect, not that risking our own financial information sounds good...

RM
User avatar
Ketawa
Posts: 2521
Joined: Mon Aug 22, 2011 1:11 am
Location: DC

Re: ANY secure Internet access while traveling?

Post by Ketawa »

I recently signed up for a VPN and proxy service through a company called Private Internet Access. So far, I have found it very easy to use. It was $40 for a one year subscription.
AlohaJoe
Posts: 6609
Joined: Mon Nov 26, 2007 1:00 pm
Location: Saigon, Vietnam

Re: ANY secure Internet access while traveling?

Post by AlohaJoe »

ResearchMed wrote:The link between the laptop and the hot spot isn't secure, AFAIK.
Why isn't using your laptop while traveling secure?
oxothuk
Posts: 891
Joined: Thu Nov 10, 2011 7:35 pm

Re: ANY secure Internet access while traveling?

Post by oxothuk »

Using your smartphone as a private hotspot and connecting your laptop to this private hotspot seems pretty safe to me, at least in most places.

I would only be concerned if you are in some part of the world where the telco that provides data service to your smartphone would not be trustworthy.
denovo
Posts: 4808
Joined: Sun Oct 13, 2013 1:04 pm

Re: ANY secure Internet access while traveling?

Post by denovo »

oxothuk wrote:Using your smartphone as a private hotspot and connecting your laptop to this private hotspot seems pretty safe to me, at least in most places.
This seems the cheapest and convenient solution. You can also get an app that charges less for hotspotting than your carrier, FoxFi works well for android phones on the verizon network.
"Don't trust everything you read on the Internet"- Abraham Lincoln
User avatar
Artsdoctor
Posts: 6063
Joined: Thu Jun 28, 2012 3:09 pm
Location: Los Angeles, CA

Re: ANY secure Internet access while traveling?

Post by Artsdoctor »

I use a mobile hotspot. You could use your phone but you'll drain the battery relatively fast. Also, you won't have to worry about a hotel's WiFi charge or a miserably slow hotel WiFi (which is not secure). This all depends on your needs:

http://www.zdnet.com/blog/mobile-news/4 ... ttery/1863

If you're traveling outside of the country, using a VPN program will probably work best.
Fclevz
Posts: 651
Joined: Fri Mar 30, 2007 11:28 am

Re: ANY secure Internet access while traveling?

Post by Fclevz »

KyleAAA
Posts: 9498
Joined: Wed Jul 01, 2009 5:35 pm
Contact:

Re: ANY secure Internet access while traveling?

Post by KyleAAA »

Agree with the VPN suggestion above. What advantage would using your phone as a hotspot solve? Wouldn't you just be connecting the phone to the hotel's wifi anyway? Data access can be quite expensive overseas, especially if you don't want to deal with getting your phone unlocked. I suppose if you have unlimited data and you're in the US, using your phone would be reasonable. But I'd still just rather just use a VPN. They're cheap.
User avatar
englishgirl
Posts: 2508
Joined: Thu Mar 01, 2007 4:34 pm
Location: FL

Re: ANY secure Internet access while traveling?

Post by englishgirl »

Why not use the app for the bank you use on your phone?

I have access to my biz bank accounts on my app, including transfers, bill pay, and check deposit. I send checks using bill pay.

I mean, if we're talking using the phone as the hotspot, why not use the phone directly. Perhaps I'm missing something...
Sarah
oxothuk
Posts: 891
Joined: Thu Nov 10, 2011 7:35 pm

Re: ANY secure Internet access while traveling?

Post by oxothuk »

Using a VPN makes sense if your internet connection will be through a public wifi hotspot which you don't want to trust.

But if you don't want to bother how to setup and use a VPN, then the private hotspot feature of your phone lets you get in internet connection through the local telco, which is more trustworthy than the hotel wifi. Downside is that cellular data charges can be expensive when you are outside of the country.

If your bank has a smartphone app, that will be a lot easier/more convenient than connecting the laptop through the phone. But it's not any more secure unless you are connecting the phone to the internet via the cell network vs. public wifi.
obgraham
Posts: 1618
Joined: Mon Jan 28, 2013 6:30 pm

Re: ANY secure Internet access while traveling?

Post by obgraham »

I guess if you are savvy, and know what VPN and tethering, etc, means, there are ways.

However, we are simple people. I use a Verizon JetPack hotspot device, which is my own broadband internet service. I've used it all over the US and had service almost everywhere without any problems or security worries. In the RV community, this is the most popular way to have mobile internet service.

You can use it abroad, in about 200 countries. Unfortunately that is pretty expensive -- $25 monthly get you only 100mb of data. That's not very much.
User avatar
Topic Author
ResearchMed
Posts: 16795
Joined: Fri Dec 26, 2008 10:25 pm

Re: ANY secure Internet access while traveling?

Post by ResearchMed »

Thanks all.

Thus far, it does seem that VPN is what we are looking for.

One more question: If we DO use VPN in the future, is there any reason NOT to use hotel WiFi (which we've found to be increasingly freely available) rather than using more time on a hotspot or iPhone (which will end up costing more $$ as we travel more)?
If so, we could then "save" the hotspot/iPhone connection for when there isn't any free hotel WiFi.

To answer a few questions/suggestions, we need to use a laptop for some of the transactions. There aren't mobile apps for everything that we'd need to do. (Connecting to the bank to send refund checks is only one of the functions we need to do.)
There might someday be apps for everything, but not yet.

Thanks again.

This community is wonderful :happy

RM
livesoft
Posts: 86079
Joined: Thu Mar 01, 2007 7:00 pm

Re: ANY secure Internet access while traveling?

Post by livesoft »

I think RM is trying to run a business by the internet and not just do personal banking. RM is responsible to his/her customers who might be sending credit card info to them and other information. I perceive that RM is not as worried about their bank account getting hacked as they are about having their clients' information getting hacked.
Wiki This signature message sponsored by sscritic: Learn to fish.
nhrdls
Posts: 108
Joined: Tue Aug 20, 2013 5:14 pm

Re: ANY secure Internet access while traveling?

Post by nhrdls »

For many financial institutes, its very important that your IP address originates from US. I have heard eTrade and some other institutes disconnecting the session when it "saw" the ip address was from Asia. I guess they are just trying to prevent fraud or hackers. This of course will depend upon the institute and level of sophistication they want to achieve.

From this perspective, using VPN definitely makes sense as institute will see US ip address..

Many routers have built in VPN functionality. You can check if your router at your home or business already supports such connection. Alternatively, if you have always connected machine at home, you can try using http://openvpn.net/. You may have to play with your firewall to open proper incoming ports.
KyleAAA
Posts: 9498
Joined: Wed Jul 01, 2009 5:35 pm
Contact:

Re: ANY secure Internet access while traveling?

Post by KyleAAA »

ResearchMed wrote:Thanks all.

Thus far, it does seem that VPN is what we are looking for.

One more question: If we DO use VPN in the future, is there any reason NOT to use hotel WiFi (which we've found to be increasingly freely available) rather than using more time on a hotspot or iPhone (which will end up costing more $$ as we travel more)?
If so, we could then "save" the hotspot/iPhone connection for when there isn't any free hotel WiFi.

To answer a few questions/suggestions, we need to use a laptop for some of the transactions. There aren't mobile apps for everything that we'd need to do. (Connecting to the bank to send refund checks is only one of the functions we need to do.)
There might someday be apps for everything, but not yet.

Thanks again.

This community is wonderful :happy

RM
No reason at all not to use hotel WiFi if you're on a VPN. If the Chinese government can't filter it, it's good enough for me.
User avatar
englishgirl
Posts: 2508
Joined: Thu Mar 01, 2007 4:34 pm
Location: FL

Re: ANY secure Internet access while traveling?

Post by englishgirl »

livesoft wrote:I think RM is trying to run a business by the internet and not just do personal banking. RM is responsible to his/her customers who might be sending credit card info to them and other information. I perceive that RM is not as worried about their bank account getting hacked as they are about having their clients' information getting hacked.
Yes, but for my wifi at my business I have to run security scans periodically and confirm that all computers have antivirus, etc, in order to process credit cards. [Well, technically, I can do it without, but to qualify for a discount in fees I do the scans.] Or I can use the app on my phone and the little swipe thingie. I would much rather trust/blame the mobile app of the company that does the credit card processing, than admit that I used an insecure hotel wifi spot. Or even a VPN, but hey. I am all about the apps.
Sarah
User avatar
Topic Author
ResearchMed
Posts: 16795
Joined: Fri Dec 26, 2008 10:25 pm

Re: ANY secure Internet access while traveling?

Post by ResearchMed »

englishgirl wrote:
livesoft wrote:I think RM is trying to run a business by the internet and not just do personal banking. RM is responsible to his/her customers who might be sending credit card info to them and other information. I perceive that RM is not as worried about their bank account getting hacked as they are about having their clients' information getting hacked.
Yes, but for my wifi at my business I have to run security scans periodically and confirm that all computers have antivirus, etc, in order to process credit cards. [Well, technically, I can do it without, but to qualify for a discount in fees I do the scans.] Or I can use the app on my phone and the little swipe thingie. I would much rather trust/blame the mobile app of the company that does the credit card processing, than admit that I used an insecure hotel wifi spot. Or even a VPN, but hey. I am all about the apps.
We don't swipe cards, so none of this is relevant.
(We don't swipe cards *ever*, but I'm not sure how we'd do that while traveling overseas or on a cruise, anyway.)
And we religiously update antivirus/etc. software and do full system security scans several times a week and sometimes daily. (Might be overkill, but it just runs overnight, and doesn't cost anything.)
And as mentioned, there are not currently mobile apps for everything we need to access.

Suffice it to say that our goal is a secure connection - to the extent possible - so that information we submit to process payments doesn't compromise the information entrusted to us.

We obviously assume no one is targeting "us". We assume anyone truly after "our data" would have ways to get it.

We are trying to control what would be "sniffed" by what I'll call "casual observers" who are patrolling the ether looking for easy information.

I'll "go with" the "if the Chinese government can't get at it" theme :!: although I suspect if they really, really wanted "it", they'd get it...

Fortunately, ours is a relatively low volume/somewhat high price transaction business, so except for an occasional busy season, we don't need to process more than a few payments per week, and occasionally none. And all of the payments other than with an initial reservation can be postponed, or scheduled for dates when we expect to be home.

We are getting ready to sell the business as a turnkey enterprise, so hopefully by the time we are seriously on extended trips, the business concerns will all be moot.

Thanks to all.

RM
inbox788
Posts: 8372
Joined: Thu Mar 15, 2012 5:24 pm

Re: ANY secure Internet access while traveling?

Post by inbox788 »

ResearchMed wrote:Is there ANY way to combine something like a password protected hot spot (or even using iPhone as hot spot)?
The link between the laptop and the hot spot isn't secure, AFAIK.

Would a virtual private network make a difference with this link?
(As you can tell, I'm not entirely sure *what* a VPN actually "is"!)
There are multiple layers of security, but some points of clarification, and some holes to plug. The connection between laptop and hotspot can be very secure. Just be sure you're using WPA2 and a strong password.

http://blogs.computerworld.com/14638/wh ... 2_security

The hotspot and ISP may not be secure. There is be a local network that can monitor your activity, especially if the hotspot is run by someone else. I'd trust the major providers more, but they can be vulnerable (i.e. Target). If you use iPhone hotspot or Verizon WiFi or equivalent, it's more secure than public wifi hot spots.

But the internet itself is not secure. Any of these networks can potentially be a weakness, so try to maximize the security at every link as best you can. Some of the VPN solutions mentioned here are good choices to give you a level of security, depending on your application, and that might be just what you need.

You mentioned that you're up to date on your antivirus, which is good, but don't forget system firmware.

http://appleinsider.com/articles/14/02/ ... -very-soon
patrick
Posts: 2594
Joined: Fri Sep 04, 2009 3:39 am
Location: Mega-City One

Re: ANY secure Internet access while traveling?

Post by patrick »

Smartphones can act as hot spots (that is, provide Internet access over Wi-Fi) but this is of limited use for a couple of reasons. First, if you set up security on the hot spot it only encrypts the communications between your PC and your phone. The phone will then send the data out to the general Internet over the phone network without any extra protection. The other problems (the severity of which will depend on which areas you travel) are that the cost of sending a large amount of data may be very high, and the speed of data on the phone network may be poor.

A VPN would be somewhat better. What it does is it send all of your communications through an encypted link to the VPN provider, which then sends them out onto the general Internet. The VPN, if used correctly, will be fully effective in preventing anyone from spying on (or tampering with) your communications as they pass between your computer and the VPN provider. If you are only worried about attackers in the country you are visiting (and the VPN provider is not in that country) then it should be enough. However it does not prevent anyone from spying on communications as they pass between the VPN provider and the other end of the connection.

If you want to keep your communications secure in general they would need to be encrypted end to end -- that is, all the way from your computer to the ultimate destination. If done properly, this would prevent anyone from spying on or tampering with the communications from any point. Any web connection over HTTPS is encrypted, and any non-web based finanical software out to encrypt its communications too, though there is no certainty of it being done properly. Note that you also must make sure you are communication with the correct site (by checking the other machine's certificates -- web browsers will usually indicate this somehow such as by the color of the URL and you can right click around the lock icon for details) because if you are tricked into connecting to a fake banking website, the encryption would just prevent anyone else from spying on communications between you and the fake bank, but the fake bank still gets all the information you send it! And also note you must prevent your own computer getting infected -- securing the communications link is useless if the endpoint is compromised.
sscritic
Posts: 21853
Joined: Thu Sep 06, 2007 8:36 am

Re: ANY secure Internet access while traveling?

Post by sscritic »

ResearchMed implies a certain affiliation, past or present. My affiliation offers a VPN to me at no cost. Have you looked at what your affiliation offers?
User avatar
Topic Author
ResearchMed
Posts: 16795
Joined: Fri Dec 26, 2008 10:25 pm

Re: ANY secure Internet access while traveling?

Post by ResearchMed »

patrick wrote:Smartphones can act as hot spots (that is, provide Internet access over Wi-Fi) but this is of limited use for a couple of reasons. First, if you set up security on the hot spot it only encrypts the communications between your PC and your phone. The phone will then send the data out to the general Internet over the phone network without any extra protection. The other problems (the severity of which will depend on which areas you travel) are that the cost of sending a large amount of data may be very high, and the speed of data on the phone network may be poor.

A VPN would be somewhat better. What it does is it send all of your communications through an encypted link to the VPN provider, which then sends them out onto the general Internet. The VPN, if used correctly, will be fully effective in preventing anyone from spying on (or tampering with) your communications as they pass between your computer and the VPN provider. If you are only worried about attackers in the country you are visiting (and the VPN provider is not in that country) then it should be enough. However it does not prevent anyone from spying on communications as they pass between the VPN provider and the other end of the connection.

If you want to keep your communications secure in general they would need to be encrypted end to end -- that is, all the way from your computer to the ultimate destination. If done properly, this would prevent anyone from spying on or tampering with the communications from any point. Any web connection over HTTPS is encrypted, and any non-web based finanical software out to encrypt its communications too, though there is no certainty of it being done properly. Note that you also must make sure you are communication with the correct site (by checking the other machine's certificates -- web browsers will usually indicate this somehow such as by the color of the URL and you can right click around the lock icon for details) because if you are tricked into connecting to a fake banking website, the encryption would just prevent anyone else from spying on communications between you and the fake bank, but the fake bank still gets all the information you send it! And also note you must prevent your own computer getting infected -- securing the communications link is useless if the endpoint is compromised.
Thanks patrick and others above.

This all helps a lot.

Mostly we'd be using https websites (although I never know whether those are really secure).

But for my more general concerns, the VPN does seem to be the best thing for us.

My main concern is with those "casual observers" who are nearby, such as hotel lobbies or just outside, etc.
So using VPN should help with that, with non-https sites as well as another layer of security with https sites.

So for NOW (still in North America): If we use a password protected hotspot AND are linking to an https website, there are no "open links" along the way?

Many thanks!
(And apologies if I have just asked the "same question" again. Still learning...)

RM
User avatar
Topic Author
ResearchMed
Posts: 16795
Joined: Fri Dec 26, 2008 10:25 pm

Re: ANY secure Internet access while traveling?

Post by ResearchMed »

sscritic wrote:ResearchMed implies a certain affiliation, past or present. My affiliation offers a VPN to me at no cost. Have you looked at what your affiliation offers?
Thanks sscritic.

I don't think so, but we'll check.

I'm retired, but still have access to much of previous employer perks.
And DH is still full time at same institution, different branch. The IT dept might indeed be able to help with this.
I'll check. This hadn't occurred to us.

Thanks again.

RM
Bill Bernstein
Posts: 853
Joined: Sat Jun 23, 2007 12:47 am

Re: ANY secure Internet access while traveling?

Post by Bill Bernstein »

With T-mobile Simple Choice, you've got unlimited 2G and 3G data in just about any country you'd want to go outside of places like Myanmar and Paraguay.

We recently spent a month in Thailand and had coverage everywhere we stayed, including some places way out in the boonies, and we also had coverage much of the time we were traveling by road or train as well. Best of all, the data usage doesn't count against the limit, since that is only for 4G in the US.

Not much good for streaming video, but for tethering for browsing and email, it was fine. (Curiously, normal browsing and email when tethered used a lot less data than browsing with Safari on the iPhone itself.)

Bill
User avatar
LazyNihilist
Posts: 1005
Joined: Sat Feb 19, 2011 8:56 pm

Re: ANY secure Internet access while traveling?

Post by LazyNihilist »

I'd recommend looking for established OpenVPN providers within US.
Once you connect your computer to the provider using OpenVPN, the network should be pretty secure.

The danger is using untrusted devices (computer/smartphone) to login to your accounts. In that case an OpenVPN is not of much help if the device itself is compromised.
The strong do what they can and the weak suffer what they must -Thucydides
User avatar
ThereAreNoGurus
Posts: 970
Joined: Fri Jan 24, 2014 10:41 pm

Re: ANY secure Internet access while traveling?

Post by ThereAreNoGurus »

The answer is probably no, but I'll ask anyways...

If I have Hamachi Logmein installed on a PC acting as the server, can a Nexus 7 tablet running OpenVPN connect to the VPN network I setup on the Hamachi based PC?
Trade the news and you will lose.
User avatar
LazyNihilist
Posts: 1005
Joined: Sat Feb 19, 2011 8:56 pm

Re: ANY secure Internet access while traveling?

Post by LazyNihilist »

ThereAreNoGurus wrote:The answer is probably no, but I'll ask anyways...

If I have Hamachi Logmein installed on a PC acting as the server, can a Nexus 7 tablet running OpenVPN connect to the VPN network I setup on the Hamachi based PC?
Not sure how logmein works. But I have an OpenVPN server setup @ home and can connect to it from my Android phone and other computers. It's a secure way of using public wifi and hotspots.
The strong do what they can and the weak suffer what they must -Thucydides
User avatar
wassabi
Posts: 532
Joined: Sun Feb 02, 2014 7:06 am

Re: ANY secure Internet access while traveling?

Post by wassabi »

ResearchMed wrote: Thanks patrick and others above.

This all helps a lot.

Mostly we'd be using https websites (although I never know whether those are really secure).

But for my more general concerns, the VPN does seem to be the best thing for us.

My main concern is with those "casual observers" who are nearby, such as hotel lobbies or just outside, etc.
So using VPN should help with that, with non-https sites as well as another layer of security with https sites.

So for NOW (still in North America): If we use a password protected hotspot AND are linking to an https website, there are no "open links" along the way?

Many thanks!
(And apologies if I have just asked the "same question" again. Still learning...)

RM
A VPN will protect against any "casual observers" on the network/hotspot to which you connect. If you must connect to a local hotspot without a VPN and use an https website, you should be fine.

I've traveled overseas extensively and never connect without a VPN. In fact, I use a VPN in the states as well. I personally prefer to never connect to an open network/hotspot without the security of a VPN. Another user mentioned privateinternetaccess.com which, for $40 per year, is an affordable and excellent option. I've never noticed a decrease in internet speed using PIA.
ourbrooks
Posts: 1575
Joined: Fri Nov 13, 2009 3:56 pm

Re: ANY secure Internet access while traveling?

Post by ourbrooks »

A VPN is only useful if you need to access data that's inside a private network. An example of a private network would be a business which had its own server and had computers connected to the server locally. Typically, computers on that network can directly access each other's files, etc.

If all of your access is to a bank or other organization via a web browser, then you don't need a VPN. Indeed, the bank is not likely to let you use one because then you could directly access all of the bank's computers on their internal network.

Access via a web browser can be very secure, even if it travels over a public Wi-Fi connection if the connection is made with an encrypted connection, also known as HTTPS. Most bank connections automatically are made that way; you can tell because a little lock symbol appears where you typed in the address of the web site. Anyone listening on the connection will see just nonsense encrypted data so it doesn't matter if there are open links on the way.

What you still have to worry about over a public Wi-Fi connection is data which isn't encrypted, for example, the address of a web site you're visiting or any data sent to or from a non-HTTPS connection, such as the one to the Bogleheads site. (Don't post anything to the Bogleheads site that you wouldn't want other people to see :D ) Also, you have to worry about someone nearby accessing your computer and getting at the files you have stored on it. Be sure that you have a firewall running on your computer and that you use WPA2 encryption on the Wi-Fi connection.

VPNs and HTTPs both use the same basic encryption technology underneath so one isn't necessarily more secure than the other.
killjoy2012
Posts: 1329
Joined: Wed Sep 26, 2012 5:30 pm

Re: ANY secure Internet access while traveling?

Post by killjoy2012 »

As an information security professional, I would endorse the VPN approach as being your best bet to protect against wifi eavesdroppers, rogue hotel IT or ISPs, and even country-specific espionage concerns. That said, there's a couple things you should keep in mind when choosing your solution:

1) There's two major types of VPNs: IPsec & SSL. Both can provide adequate security, but they also work very differently. Make sure you think about what devices will be traveling with you, and whether the VPN solution you're considering supports those devices. e.g. IPsec VPNs, which I would probably favor, normally requires client software to be installed. Windows laptop - no problem. But if you need iOS, Andriod, Linux, etc... that may quickly rule out providers. SSL VPN is OK too, and that may offer broader client coverage, but you need to be very cognizant of when the VPN tunnel is up or down.

2) Not all VPN providers are "good guys". Keep in mind that when you tunnel all traffic from your client through the VPN, that VPN service provider will now have full access to network traffic streams as it exits the VPN. I'd suggest thinking about this and performing an adequate level of service provider vetting. At a minimum, I would be very cautious of using free or very cheap services.

3) Many countries block VPN services - most for the same reason as you're trying to protect yourself from. If you know the countries you'll be traveling to, it would probably pay to vet that out too before picking a provider. China is the obvious one... but there are others too.

4) Depending on what kind of money you're willing spend on this solution, especially for business, it may not be a bad idea to get someone local to help you stand up a small VPN gateway either at your business or home network. This way, instead of VPN'ing into a random service provider when traveling, you could VPN into your own trusted work/home network. This would also allow you to access files on shared drives, print, fax, etc. just like you were at home, or at the office. This type of solution wouldn't be free (unless you have the IT know how to DIY), but could easily be done for a couple hundred $ and a couple hours of time. And if you do this, especially to your work network, please consider using some form of 2 factor authentication.

If to your home network, you could also do something with SSH tunneling, but I don't want to confuse matters.
sscritic
Posts: 21853
Joined: Thu Sep 06, 2007 8:36 am

Re: ANY secure Internet access while traveling?

Post by sscritic »

killjoy2012 wrote: IPsec VPNs, which I would probably favor, normally requires client software to be installed. Windows laptop - no problem. But if you need iOS, Andriod, Linux, etc... that may quickly rule out providers.
My iOS device under settings General, VPN, add VPN configuration, has L2TP, PPTP, and IP Sec. The IP Sec is Cisco, and I had no trouble setting mine up. I guess you could have a provider that doesn't support Cisco, but I would think that would be rare (unless there are different versions of the Cisco server that don't match some versions of the Cisco client - I am no expert, I just know that my Cisco works).

Cisco AnyConnect is also available on the iTunes store, and here is the guide with a list of supported devices.
http://www.cisco.com/c/en/us/td/docs/se ... l#wp137105

The Cisco client I have is the default as far as I know, not AnyConnect

Edit added: the default goes back to the iPhone 2 and 2008.
Beginning with the iPhone 2.0 software (available July 2008), Apple offers an advanced VPN connectivity option for communicating with Cisco security appliances, including the ASA 5500 Series and the PIX Firewall. While Apple still supports access using L2TP/IPSec, end users attain superior connectivity by selecting Apple's new IPSec option on their iPhone.
killjoy2012
Posts: 1329
Joined: Wed Sep 26, 2012 5:30 pm

Re: ANY secure Internet access while traveling?

Post by killjoy2012 »

ourbrooks wrote:... also known as HTTPS. Most bank connections automatically are made that way; you can tell because a little lock symbol appears where you typed in the address of the web site. Anyone listening on the connection will see just nonsense encrypted data so it doesn't matter if there are open links on the way.

...

VPNs and HTTPs both use the same basic encryption technology underneath so one isn't necessarily more secure than the other.
I'm not going to write a dissertation here, but please be aware there are ways to defeat SSL (HTTPS). Almost all depend on requiring the user to click "OK" to accept a non-trusted certificate on the client. If you're a person of interest visiting certain countries, it's not that outlandish to think that someone may enter your hotel room while you're out and click "OK" for you. If you want more info, just google "transparent SSL interception" or "HTTPs interception". Corporations do this all the time.

IPsec works at layer 3. SSL VPN at layer 6'ish. I prefer IPsec, but SSL VPN is likely to work from more places since it only needs outbound 443/tcp.
User avatar
ThereAreNoGurus
Posts: 970
Joined: Fri Jan 24, 2014 10:41 pm

Re: ANY secure Internet access while traveling?

Post by ThereAreNoGurus »

LazyNihilist wrote:
ThereAreNoGurus wrote:The answer is probably no, but I'll ask anyways...

If I have Hamachi Logmein installed on a PC acting as the server, can a Nexus 7 tablet running OpenVPN connect to the VPN network I setup on the Hamachi based PC?
Not sure how logmein works. But I have an OpenVPN server setup @ home and can connect to it from my Android phone and other computers. It's a secure way of using public wifi and hotspots.
I know with an OpenVPN server on my PC I could use a Nexus 7 tablet to connect to it, but I was wondering whether I could do same with the Hamachi server. It was very easy to install.

My home PC uses a router. To install OpenVPN apparently requires a static IP. To get that static IP seems like a bit of a hassle based on the instructions from this page: https://community.openvpn.net/openvpn/w ... ingOpenVPN.
Trade the news and you will lose.
ccieemeritus
Posts: 714
Joined: Thu Mar 06, 2014 9:43 pm

Re: ANY secure Internet access while traveling?

Post by ccieemeritus »

I'm all for VPN if you find one you can trust (references from other Bogleheads are your best bet there- I get my VPN from work).

What really helps me sleep at night is to avoid using reusable passwords for accounts with money in them.

Bank of America sends me a text message with a random password each time I log in. That, plus a static password, means even if a hacker gets my password, it's not useful to them.

I have tokens from Etrade and Schwab which provide random one-time use passwords (which are also used with a static password).

I don't know if vanguard or fidelity have this feature.

Sadly, credit cards are another form of static reusable password and the credit card companies expect you to use this same "password" every place you shop. So for credit card shopping never trust a unverified certificate and, if on an untrusted network, use VPN. For this reason when I buy online I use amazon 90%+ to avoid spreading around my card ###

Darrell
User avatar
ogd
Posts: 4876
Joined: Thu Jun 14, 2012 11:43 pm

Re: ANY secure Internet access while traveling?

Post by ogd »

killjoy2012 wrote:I'm not going to write a dissertation here, but please be aware there are ways to defeat SSL (HTTPS). Almost all depend on requiring the user to click "OK" to accept a non-trusted certificate on the client. If you're a person of interest visiting certain countries, it's not that outlandish to think that someone may enter your hotel room while you're out and click "OK" for you. If you want more info, just google "transparent SSL interception" or "HTTPs interception". Corporations do this all the time.

IPsec works at layer 3. SSL VPN at layer 6'ish. I prefer IPsec, but SSL VPN is likely to work from more places since it only needs outbound 443/tcp.
Another security professional here :) So for all intents and purposes, SSL is actually secure. If someone gets their hands on your computer, the so called evil maid attack, then there's pretty much nothing that can keep you safe. For example, if you are a high-value target, a computer that's been to China should be considered tainted and thrown away. Your work computer might also betray you to your employer in a number of ways, one of which is SSL trust. So it's worth perhaps putting it this way: SSL is more secure than your computer, which is extremely likely to be the weakest link.

The real problem with relying on HTTPs is that you have to carefully check that you are in fact using it for everything. While big names like Google and Facebook, banks, and probably your employer, have it always on, it might be easy to miss something important, like a contact form with an account number. Or even have a community account that you care about stolen and used for spam (bogleheads? blog?). So if I was on a network I suspected to be hostile I'd probably use VPN. Most of the time, laziness wins.

The other, possibly bigger problem that you have when dealing with hostile networks is keeping your computer safe. Note that this is a problem that doesn't end when you come back home -- if you accessed no financial info while you were away, but your computer got infected, you're still in trouble. VPN partially helps with this, as it may prevent the hostiles from replacing content you normally trust like application downloads or PDF documents that exploit the Adobe bug of the day.

What helps even more is a secure, up to date computer and browser, and good habits wrt browsing, attachments, downloads. This is an ongoing quest, isn't it, and most of it applies always not just when away. Be careful out there!

As for how to set up a VPN for free, the easiest way I know of is with a home router that has it built in. I have an Asus and it works just fine with both phone and computer and security seems okay. I'll admit that these days when it comes to personal stuff I go for ease of use more often than not, within some limits.
User avatar
ThereAreNoGurus
Posts: 970
Joined: Fri Jan 24, 2014 10:41 pm

Re: ANY secure Internet access while traveling?

Post by ThereAreNoGurus »

ogd wrote:
killjoy2012 wrote: As for how to set up a VPN for free, the easiest way I know of is with a home router that has it built in. I have an Asus and it works just fine with both phone and computer and security seems okay. I'll admit that these days when it comes to personal stuff I go for ease of use more often than not, within some limits.
Thanks for mentioning this. I will look for a router that supports VPN.

Is it easy to connect an android tablet or windows PC to the VPN?

I assume this allows one to connect to the VPN from virtually anywhere as long as the router is on, right?
Trade the news and you will lose.
brianH
Posts: 666
Joined: Wed Aug 12, 2009 12:21 pm

Re: ANY secure Internet access while traveling?

Post by brianH »

ThereAreNoGurus wrote:
LazyNihilist wrote:
ThereAreNoGurus wrote: My home PC uses a router. To install OpenVPN apparently requires a static IP. To get that static IP seems like a bit of a hassle based on the instructions from this page: https://community.openvpn.net/openvpn/w ... ingOpenVPN.
Well, there's an important *or* in the requirement there: you can also setup a VPN server using a domain name. The problem that is being solved is that home internet is typically provided with a dynamic IP address, that is, it can change at any random time. This poses a problem if you need to connect to your home computer/router, because you don't know what the IP address might be right now.

Another way around this (besides getting a static IP - which usually requires business internet +fees) is to use a service that provides 'dynamic DNS'. These services have an application that sits on your computer or built-in to the router software that would communicate your current IP address to a domain name (e.g. mydomain.dynamicdns.com) so that putting that domain name in the VPN configuration would allow the VPN to always 'find' your home machine.

There are a number of free providers: No-IP and DynDns come to mind. I've used both for years, but recently they started to get annoying with requiring me to login to their site every 30 days to keep my domain active. I actually moved to using a sub-domain of my personal domain (e.g. home.myfullname.com) that I host through NameCheap. They offer dynamic DNS on any address you own for free (the address costs $12/year)

http://www.noip.com/free/
https://freedns.afraid.org/
User avatar
ThereAreNoGurus
Posts: 970
Joined: Fri Jan 24, 2014 10:41 pm

Re: ANY secure Internet access while traveling?

Post by ThereAreNoGurus »

Thanks for the info BrianH.

So even if I obtain a router with VPN software built in, I'd still need to use a service such as NameCheap or the free providers you mentioned, right?
Trade the news and you will lose.
User avatar
BrandonBogle
Posts: 4467
Joined: Mon Jan 28, 2013 10:19 pm

Re: ANY secure Internet access while traveling?

Post by BrandonBogle »

ThereAreNoGurus wrote:Thanks for the info BrianH.

So even if I obtain a router with VPN software built in, I'd still need to use a service such as NameCheap or the free providers you mentioned, right?
Yes. Otherwise you will always have to remember a number like 205.152.16.20 to represent your router instead of router.brandonbogle.com. And remember, unless you are paying for a static IP from your internet provider, that # changes often as you are part of a pool of #s for all users rather than one assigned specifically to you (static IP).

On a side note, from this thread, I've installed TunnelBear on my phone (it can work on my laptop too) and I'm trying it out before flying out of the country next week. Thought this would be good when I hit the wifi hotspots where I'm going.
brianH
Posts: 666
Joined: Wed Aug 12, 2009 12:21 pm

Re: ANY secure Internet access while traveling?

Post by brianH »

ThereAreNoGurus wrote:Thanks for the info BrianH.

So even if I obtain a router with VPN software built in, I'd still need to use a service such as NameCheap or the free providers you mentioned, right?
Correct, if you have a dynamically assigned IP address - which you probably do with home internet service. I should add that setting up and configuring OpenVPN is not a super easy thing to do. It's doable, but you may encounter some issues that require doing some research online to figure out.
User avatar
ThereAreNoGurus
Posts: 970
Joined: Fri Jan 24, 2014 10:41 pm

Re: ANY secure Internet access while traveling?

Post by ThereAreNoGurus »

BrandonBogle,

Hmmm... I don't mind having to remember the router's IP address (at least initially, until everything else is working).

So that IP remains static? (I guess it'd have to be so the internet provider can find me.)

Also, once I set-up a router based VPN, I can then connect to it regardless of whether I've got a tablet using an Android OS or MS WIndows OS on a PC?

BrianH,

Thanks again! Yes I would love to avoid using OpenVPN. The task seemed a bit daunting and this isn't something I want to spend a lot of time on.
Trade the news and you will lose.
User avatar
BrandonBogle
Posts: 4467
Joined: Mon Jan 28, 2013 10:19 pm

Re: ANY secure Internet access while traveling?

Post by BrandonBogle »

ThereAreNoGurus wrote:So that IP remains static? (I guess it'd have to be so the internet provider can find me.)
No, it does not remain static unless you are specifically contracted to (and thus, paying for it). How often it changes vary from provider to provider and geographic region to geographic region, but it does change and can change at any time. If it changes while you are out of the country, unless you have a dynamic DNS setup, how are you planning to find out the new value?

As for your internet provider, they know they hardware address of your "modem" and can find you that way whenever they want.
User avatar
ThereAreNoGurus
Posts: 970
Joined: Fri Jan 24, 2014 10:41 pm

Re: ANY secure Internet access while traveling?

Post by ThereAreNoGurus »

Got it. Thanks.

So hopefully this is my last question...

To access the VPN from an Android tablet or MS PC do I need to download client VPN software or, from the browser, after entering the domain name, just enter a userid and password?
Trade the news and you will lose.
Mudpuppy
Posts: 7409
Joined: Sat Aug 27, 2011 2:26 am
Location: Sunny California

Re: ANY secure Internet access while traveling?

Post by Mudpuppy »

ThereAreNoGurus wrote:Got it. Thanks.

So hopefully this is my last question...

To access the VPN from an Android tablet or MS PC do I need to download client VPN software or, from the browser, after entering the domain name, just enter a userid and password?
As long as the VPN software on your phone, tablet or PC supports the same protocols, algorithms, and modes as the VPN server, then theoretically it's as simple as logging in to the VPN with your userid and password, then using the browser. Android is a bit more complex in that it depends specifically on the version of Android you have and the protocols/algorithms/modes supported by the VPN server.
User avatar
ThereAreNoGurus
Posts: 970
Joined: Fri Jan 24, 2014 10:41 pm

Re: ANY secure Internet access while traveling?

Post by ThereAreNoGurus »

Okay, thanks. So before buying a VPN router I'll check to make sure it supports the same protocols as the PC's and tablets I plan to use.

Thanks to everybody for their responses!

Never thought I'd get such helpful/informative tech advice on a financial forum!

I did google searches on VPN's but never came across an article mentioning that routers can come equipped with VPN software. For what I want to do, that solution appeals to me.
Trade the news and you will lose.
User avatar
BrandonBogle
Posts: 4467
Joined: Mon Jan 28, 2013 10:19 pm

Re: ANY secure Internet access while traveling?

Post by BrandonBogle »

ThereAreNoGurus wrote:I did google searches on VPN's but never came across an article mentioning that routers can come equipped with VPN software. For what I want to do, that solution appeals to me.
While some of us technically minded people can do this "relatively easily", I would seriously considering hiring a VPN provider you can trust. I do not view it as hard, but it may take some time for you to get used to this process and get it set up correctly -- which may be more time than you care to spend on it.

But, in the long run, once you got it going and are comfortable with it, you own all the equipment, so you would not need to worry about companies changing prices, stopping services, etc. Always a tradeoff.
User avatar
ogd
Posts: 4876
Joined: Thu Jun 14, 2012 11:43 pm

Re: ANY secure Internet access while traveling?

Post by ogd »

ThereAreNoGurus wrote:Thanks for mentioning this. I will look for a router that supports VPN.

Is it easy to connect an android tablet or windows PC to the VPN?

I assume this allows one to connect to the VPN from virtually anywhere as long as the router is on, right?
Setting it up on both my Android and my Macbook was indeed very straightforward, from the network settings directly without any additional software.

The home VPN has the upside that you can connect to your home network, if that's worth it to you. For example, you can plug a large USB drive into your router and use it as backup for pictures you take on the road. The other upside is that it's as secure as your home connection, which you might trust more than a VPN provider.

It does have two downsides that I forgot to mention:

1) Like other have said, you need to be able to find your home network with either a static IP or a dynamic DNS service. For what it's worth, the latter is also built into my Asus router and you get a something.asuscomm.com address.
2) You are limited by your upload bandwidth, since the home router has to forward all content to you. This may or may not be a problem in practice. Upload rates are generally smaller than download, but on the other hand the wifi you're connecting to might not deliver much more than that anyway.

I should also say that my ISP offers a VPN service, but this is rare. Using it would get around both of the downsides, but you'd lose access to the home network.
Post Reply