Internet security and vpn

Questions on how we spend our money and our time - consumer goods and services, home and vehicle, leisure and recreational activities
Post Reply
Topic Author
dave1054
Posts: 128
Joined: Wed Apr 01, 2009 7:50 am

Internet security and vpn

Post by dave1054 » Sun Sep 01, 2019 6:55 pm

I have windows 10 and password secured wireless.I am
probably too paranoid but thinking about getting a vpn for Internet banking. I use 2 step authentication for Vanguard.
Any comments about vpn? Any recommendations on purchase of vpn. Would love one with easy setup and
ease of use.

mancich
Posts: 722
Joined: Fri Sep 05, 2014 2:05 pm

Re: Internet security and vpn

Post by mancich » Sun Sep 01, 2019 7:09 pm

I wouldn’t bother if you’re accessing banking and Vanguard from home, using 2FA. You may also want to look at using a wired connection if you’re really concerned.

mhalley
Posts: 7646
Joined: Tue Nov 20, 2007 6:02 am

Re: Internet security and vpn

Post by mhalley » Sun Sep 01, 2019 7:16 pm

I don't think you need it, but have heard Leo Laporte recommend Nord. It happens to be on sale for 9 hours from this post. Nordvpn.com

typical.investor
Posts: 1257
Joined: Mon Jun 11, 2018 3:17 am

Re: Internet security and vpn

Post by typical.investor » Sun Sep 01, 2019 7:18 pm

dave1054 wrote:
Sun Sep 01, 2019 6:55 pm
I have windows 10 and password secured wireless.I am
probably too paranoid but thinking about getting a vpn for Internet banking. I use 2 step authentication for Vanguard.
Any comments about vpn? Any recommendations on purchase of vpn. Would love one with easy setup and
ease of use.
I recommend NordVPN.

To get the cheapest deal, it seems like the best offer comes up after you browse competitors and search the topic and go to their site, and then go back.

I'm overseas and sometimes it's a necessity for it to look like my computer is in the States or various sites won't even let you access them (such as health care for a child studying there). So for me, it's very worth it.

I'd check if you bank has some type of internet guarantee. Brokers typically do. Making sure you are compliant with their requirements might be the first thing to do.
Last edited by typical.investor on Sun Sep 01, 2019 7:30 pm, edited 1 time in total.

Beck49
Posts: 156
Joined: Sun Nov 24, 2013 8:15 pm

Re: Internet security and vpn

Post by Beck49 » Sun Sep 01, 2019 7:26 pm

In a 2 for 1 for internet security, some password managers (Dashlane premium) come with a vpn connection tool.

User avatar
pokebowl
Posts: 317
Joined: Sat Dec 17, 2016 7:22 pm
Location: The Orion Spur of the Milky Way galaxy.

Re: Internet security and vpn

Post by pokebowl » Sun Sep 01, 2019 7:41 pm

dave1054 wrote:
Sun Sep 01, 2019 6:55 pm
I have windows 10 and password secured wireless.I am
probably too paranoid but thinking about getting a vpn for Internet banking. I use 2 step authentication for Vanguard.
Any comments about vpn? Any recommendations on purchase of vpn. Would love one with easy setup and
ease of use.
Is there a reason you would not trust your encrypted wireless network? I honestly feel the cheaper and less complex solution would be to do banking over a wired connection if your wireless is insecure.

Where I would recommend a VPN for banking:

- Open/Unsecure wireless network

- Untrusted wireless network (Your local coffee shop or the guy next door who refuses to configure their router)

- For whatever reasons you need to appear to a bank as accessing their site from a specific country or location.

Other than that I do not see its value. The rest of the transaction occurs between you and the banking website which is encrypted over SSL/TLS, and whatever secondary authentication methods you use.
Nullius in verba.

orlandoman
Posts: 491
Joined: Tue Oct 19, 2010 7:27 am

Re: Internet security and vpn

Post by orlandoman » Sun Sep 01, 2019 9:36 pm

The free Opera Web Browser includes a VPN https://www.opera.com/.

Opera has been in use since 1994 https://en.wikipedia.org/wiki/Opera_(web_browser)
"Don't Believe Everything You Think"

spooky105
Posts: 133
Joined: Fri Aug 14, 2015 11:38 pm

Re: Internet security and vpn

Post by spooky105 » Mon Sep 02, 2019 11:15 am

For home-based access of your financial accounts, you're being too paranoid.

A VPN creates an encrypted connection between your computer and the VPN server. This is useful on unsecured WiFi such as at coffee shops, hotels, or airports where the integrity of the network is questionable. The successful connection to your VPN provider prevents someone from intercepting your unencrypted traffic or redirecting you to a false site (such as a replica of your bank) that functions to gather your credentials or other sensitive data based on an unencrypted web query you sent. If you suspect your internet service provider of attempting the above, then a better solution would be to find a different provider. That said, a certain degree of trust is involved in this whole process. Unless you are connecting to a VPN you (or your company) have set up, you have to trust that your VPN provider isn't monitoring your traffic as it comes out of their servers or otherwise performing any shenanigans (in the same way you have to trust your Internet Service Provider isn't doing the same at home). Ultimately, you have to figure out where and with whom you want to draw the line.

A more appropriate use case for a VPN at home is to create the illusion of being elsewhere, such as for the purpose of accessing websites or services that are geographically controlled. For instance, you can pay to live stream NFL games if you live abroad, but licensing restrictions drive you to have a cable subscription to watch the same games live in the U.S. By using a VPN, you can create the illusion that you are located in a foreign country, pay the annual subscription fee, and watch the games live without the added cost of a full cable subscription.

I used to use NordVPN, but attitudes seem to be souring towards the company due to its opaque ownership structure based out of Panama. I've seen at least one conspiracy theory that says NordVPN is operated by <insert intelligence agency> for the purpose of espionage / data gathering. But you could probably apply that story to any number of VPN providers out there.

Recommendations if you want to go the VPN route:
https://thewirecutter.com/reviews/best-vpn-service/

nordsteve
Posts: 727
Joined: Sun Oct 05, 2008 9:23 am

Re: Internet security and vpn

Post by nordsteve » Mon Sep 02, 2019 12:21 pm

What is the nature of the threat that you're trying to address?

I have Comcast at my house. If I think about threat actors trying to get control of my financial information, Comcast leaking my (already encrypted) traffic is pretty low on my list.

mac2019
Posts: 12
Joined: Thu Dec 28, 2017 10:26 am

Re: Internet security and vpn

Post by mac2019 » Mon Sep 02, 2019 12:52 pm

I understand Dave's concern. I have a Chromebook that is dedicated to just online banking and investments. I do no internet surfing on it. The Chromebook has a wireless connection to an Apple Airport Extreme that requires a password to join. My bank and 401k manager both use 2 step authentication. Even so I still worry about security thanks to all the reported hacks (governments & businesses) that have occurred over the past 10 years. I worry about how secure the wireless connection is between the Chromebook and the Airport Extreme. I'm also considering replacing my Apple Extreme with a newer router.

Topic Author
dave1054
Posts: 128
Joined: Wed Apr 01, 2009 7:50 am

Re: Internet security and vpn

Post by dave1054 » Mon Sep 02, 2019 5:53 pm

Yes I am paranoid or maybe just cautious.

What about hard wiring directly into router/modem. Does that make any difference in level of security?

User avatar
LadyGeek
Site Admin
Posts: 57716
Joined: Sat Dec 20, 2008 5:34 pm
Location: Philadelphia
Contact:

Re: Internet security and vpn

Post by LadyGeek » Mon Sep 02, 2019 6:28 pm

This thread is now in the Personal Consumer Issues forum (internet).
Wiki To some, the glass is half full. To others, the glass is half empty. To an engineer, it's twice the size it needs to be.

gtd98765
Posts: 444
Joined: Sun Jan 08, 2017 4:15 am

Re: Internet security and vpn

Post by gtd98765 » Mon Sep 02, 2019 6:39 pm

What about hard wiring directly into router/modem. Does that make any difference in level of security?
Not if you use encrypted wifi with WPA2 encryption (the most common version today). That has not been broken.

What threat are you concerned about? Does the NSA have a van parked on your street to sniff your wifi?

User avatar
Rob5TCP
Posts: 3383
Joined: Tue Jun 05, 2007 7:34 pm
Location: New York, NY

Re: Internet security and vpn

Post by Rob5TCP » Mon Sep 02, 2019 7:33 pm

gtd98765 wrote:
Mon Sep 02, 2019 6:39 pm
What about hard wiring directly into router/modem. Does that make any difference in level of security?
Not if you use encrypted wifi with WPA2 encryption (the most common version today). That has not been broken.

What threat are you concerned about? Does the NSA have a van parked on your street to sniff your wifi?

Not true - WPA2 was broken several years ago. For most, that is not the major concern (provided your password
is long and complex).

https://www.theguardian.com/technology/ ... ment-warns

https://www.zdnet.com/article/wpa2-secu ... fi-device/

https://security.berkeley.edu/news/krac ... esses-wpa2

User avatar
LadyGeek
Site Admin
Posts: 57716
Joined: Sat Dec 20, 2008 5:34 pm
Location: Philadelphia
Contact:

Re: Internet security and vpn

Post by LadyGeek » Mon Sep 02, 2019 8:03 pm

If you have Verizon FiOS, Verizon will show you your router's password when you login to your Verizon account.

How do they know what you set it to? The router tells them. Their equipment, their rules.
Wiki To some, the glass is half full. To others, the glass is half empty. To an engineer, it's twice the size it needs to be.

gtd98765
Posts: 444
Joined: Sun Jan 08, 2017 4:15 am

Re: Internet security and vpn

Post by gtd98765 » Tue Sep 03, 2019 6:53 am

Not true - WPA2 was broken several years ago. For most, that is not the major concern (provided your password
is long and complex).
As described in this article: https://en.wikipedia.org/wiki/KRACK, all major operating systems have been updated, as have many routers. There are no reports of KRACK attacks in the wild. WPA2 is safe to use.

Edit: quoting fixed
Last edited by gtd98765 on Tue Sep 03, 2019 3:09 pm, edited 1 time in total.

abracadabra11
Posts: 130
Joined: Sat May 01, 2010 2:09 pm

Re: Internet security and vpn

Post by abracadabra11 » Tue Sep 03, 2019 8:13 am

mhalley wrote:
Sun Sep 01, 2019 7:16 pm
I don't think you need it, but have heard Leo Laporte recommend Nord. It happens to be on sale for 9 hours from this post. Nordvpn.com
Quick note on Nord 'sale'. They've been doing their best to harness the power of scarcity with these supposed limited sales, when it fact it appears to be a perpetual marketing tactic.

So don't feel rushed and do your research. It will still be on 'sale' once you're ready.

TN_Boy
Posts: 1254
Joined: Sat Jan 17, 2009 12:51 pm

Re: Internet security and vpn

Post by TN_Boy » Tue Sep 03, 2019 8:31 am

orlandoman wrote:
Sun Sep 01, 2019 9:36 pm
The free Opera Web Browser includes a VPN https://www.opera.com/.

Opera has been in use since 1994 https://en.wikipedia.org/wiki/Opera_(web_browser)
It's not a full blown vpn service:

https://thebestvpn.com/reviews/opera-vpn/

It is free. But if you are really paranoid, it might not offer the protection you want.

TN_Boy
Posts: 1254
Joined: Sat Jan 17, 2009 12:51 pm

Re: Internet security and vpn

Post by TN_Boy » Tue Sep 03, 2019 8:47 am

dave1054 wrote:
Mon Sep 02, 2019 5:53 pm
Yes I am paranoid or maybe just cautious.

What about hard wiring directly into router/modem. Does that make any difference in level of security?
Wired is probably a bit more secure. Though, if you have your wireless turned on (for other devices) and those devices are on the same network as your wired computer, you still could have problems if your wireless network is hacked.

But if you have updated software on your computers and router, and a good wireless password, wireless via WPA2 should be plenty secure unless you have a nation-state trying to hack you.

We do have a vpn account which is used when traveling. At home I don't bother with it.

orlandoman
Posts: 491
Joined: Tue Oct 19, 2010 7:27 am

Re: Internet security and vpn

Post by orlandoman » Tue Sep 03, 2019 8:53 am

TN_Boy wrote:
Tue Sep 03, 2019 8:31 am
orlandoman wrote:
Sun Sep 01, 2019 9:36 pm
The free Opera Web Browser includes a VPN https://www.opera.com/.

Opera has been in use since 1994 https://en.wikipedia.org/wiki/Opera_(web_browser)
It's not a full blown vpn service:

https://thebestvpn.com/reviews/opera-vpn/

It is free. But if you are really paranoid, it might not offer the protection you want.
Thanks, was not aware of the details.
"Don't Believe Everything You Think"

User avatar
ThereAreNoGurus
Posts: 331
Joined: Fri Jan 24, 2014 11:41 pm

Re: Internet security and vpn

Post by ThereAreNoGurus » Tue Sep 03, 2019 9:29 am

This is the best, most thorough and honest review of VPNs I've seen: https://thatoneprivacysite.net/

After reviewing that site, I chose Mullvad VPN for my needs.
Trade the news and you will lose.

3-20Characters
Posts: 683
Joined: Tue Jun 19, 2018 2:20 pm

Re: Internet security and vpn

Post by 3-20Characters » Tue Sep 03, 2019 10:33 am

OP, I have a related question but will start my own thread so as not to hijack. This may or may not apply to you, but it does involve VPN. Look for title “Does cloudflare 1.1.1.1 app include VPN—and if so, what is Warp?”

_Bacchus_
Posts: 14
Joined: Tue Jun 21, 2016 12:25 pm

Re: Internet security and vpn

Post by _Bacchus_ » Tue Sep 03, 2019 12:42 pm

I always use a VPN for both home and mobile devices. Not doing so opens up all your web traffic to your ISP.

I use proton; they're a little pricey but they're outside the 14 eyes countries.

rich126
Posts: 931
Joined: Thu Mar 01, 2018 4:56 pm

Re: Internet security and vpn

Post by rich126 » Tue Sep 03, 2019 12:53 pm

A VPN really should be used with any public wifi access point.

For those curious, the first article talks about a wifi product called Pineapple. Pentesters and hackers may use it. The second article talks about trying to break WPA2. Like anything involved with passwords, if it is short it is pretty hackable. Also the reason WPA3 is coming out (whenever) is due to issues with the 4 way handshake that is used in initiating WPA2.

My worry would be a "curious" neighbor who likes the "challenge" of trying to do "things". I'm currently in a 2,000 sq ft SFH and can easily pick up neighbors wifi signals. Even in my previous house on 1/2 acre lot I could see a number of wifi signals. They tend to travel further than you think.

I'm too lazy to use a VPN for home use and would agree it is unlikely to be necessary.

https://www.vice.com/en_us/article/pa39 ... -mitm-hack

https://www.howtogeek.com/202441/your-w ... 0%99s-how/

User avatar
ThereAreNoGurus
Posts: 331
Joined: Fri Jan 24, 2014 11:41 pm

Re: Internet security and vpn

Post by ThereAreNoGurus » Tue Sep 03, 2019 12:56 pm

_Bacchus_ wrote:
Tue Sep 03, 2019 12:42 pm
I always use a VPN for both home and mobile devices. Not doing so opens up all your web traffic to your ISP.

I use proton; they're a little pricey but they're outside the 14 eyes countries.
Many sites nowadays use https protocol which encrypts your data. All your ISP provider can see (or a "hacker" peeking at your network traffic), under those circumstances, is which sites you visit. So, for example, if you do an online banking transaction, your provider can only see that you visited the bank. They cannot see your login data, bank balance, account numbers, etc. (Any banking or financial site, that requires login, better be using https protocol!)
Trade the news and you will lose.

User avatar
pokebowl
Posts: 317
Joined: Sat Dec 17, 2016 7:22 pm
Location: The Orion Spur of the Milky Way galaxy.

Re: Internet security and vpn

Post by pokebowl » Tue Sep 03, 2019 2:17 pm

I'll just throw my hat into the ring again and state WPA2 is indeed crackable it is just if you use a sufficiently long and complex passphrase, someone would have to be very very motivated to crack it. Most of us are not that important.

Source: Former pen tester and information security practitioner with over 15 years in the field. :beer
Nullius in verba.

killjoy2012
Posts: 1094
Joined: Wed Sep 26, 2012 5:30 pm

Re: Internet security and vpn

Post by killjoy2012 » Tue Sep 03, 2019 8:16 pm

The elephant in the room is why you trust a lost cost $1.99 offshore VPN provider more than your local ISP, but I guess it depends on what your true concern is. Too many people treat these VPN services as some magical creature that just makes everything right with the world.

rj342
Posts: 560
Joined: Tue Apr 30, 2019 12:21 pm

Re: Internet security and vpn

Post by rj342 » Tue Sep 03, 2019 9:03 pm

What the above post says +1000.

The VPN is not magic, as the VPN provider itself potentially has access to everything you are sending!
How do you determine whom to trust?

There was a recent story, maybe in Bloomberg?, About a majority of VPNs being owbned by tbe Chinese through layers of various shell/holding companies.

User avatar
yangtui
Posts: 244
Joined: Sun Mar 30, 2014 1:32 pm
Contact:

Re: Internet security and vpn

Post by yangtui » Tue Sep 03, 2019 9:11 pm

killjoy2012 wrote:
Tue Sep 03, 2019 8:16 pm
The elephant in the room is why you trust a lost cost $1.99 offshore VPN provider more than your local ISP, but I guess it depends on what your true concern is. Too many people treat these VPN services as some magical creature that just makes everything right with the world.
+1

Yea, I trust VPN providers less than my ISP. They are useful if you are planning on using public/semi-public wifi though.

mjb
Posts: 128
Joined: Sat Nov 30, 2013 11:43 am

Re: Internet security and vpn

Post by mjb » Wed Sep 04, 2019 1:44 pm

My suggestion for security when home a well encrypted wifi router or wired connection is the best bet. When on an untrusted or open network, use a VPN. I use Nordvpn.

I do use a VPN when I travel outside the country to look like I am in the U.S. so I can access my netflix account while on travel.

User avatar
samsoes
Posts: 1360
Joined: Tue Mar 05, 2013 9:12 am
Location: Northeast Rat Race

Re: Internet security and vpn

Post by samsoes » Wed Sep 04, 2019 6:24 pm

For a comprehensive review of VPN providers, please see https://restoreprivacy.com/vpn-reviews/ for all the details. I personally use Perfect Privacy (www.perfect-privacy.com).

Also - the pitfalls of "free" VPNs: https://restoreprivacy.com/free-vpn/
"Happiness Is Not My Companion" - Gen. Gouverneur K. Warren. | (Avatar is the statue of Gen. Warren atop Little Round Top @ Gettysburg National Military Park.)

bac
Posts: 62
Joined: Sun Apr 01, 2018 6:19 pm

Re: Internet security and vpn

Post by bac » Wed Sep 04, 2019 7:10 pm

LadyGeek wrote:
Mon Sep 02, 2019 8:03 pm
If you have Verizon FiOS, Verizon will show you your router's password when you login to your Verizon account.

How do they know what you set it to? The router tells them. Their equipment, their rules.
This is why I use my own router (and its wireless) behind the FiOS router. I use the latter wireless for devices such as my Nest thermostat don't need to be on my own network.

I would prefer to use only my own router but it would mess up video services.

HawkeyePierce
Posts: 726
Joined: Tue Mar 05, 2019 10:29 pm
Location: Colorado

Re: Internet security and vpn

Post by HawkeyePierce » Wed Sep 04, 2019 8:09 pm

I see no reason to trust the often-anonymous VPN provider over your ISP.

A VPN virtually never improves security. You are far more likely to leave yourself more exposed by using a VPN.

Yes, I include public wifi in this. Hacks over wifi are not even remotely common. It’s not a practical threat. Phishing and malware are much more likely and a VPN does nothing to address either. If your VPN provider is a nefarious actor it only increases your threat.

Comcast isn’t a shining beacon of ethics but they also aren’t trying to phish you.

For regular people, a password manager + 2FA + the HTTPS Everywhere extension provide the security you’re actually looking for without all the risks of a VPN.

mrb55
Posts: 21
Joined: Sun Oct 25, 2015 1:28 pm

Re: Internet security and vpn

Post by mrb55 » Wed Sep 04, 2019 8:26 pm

mac2019 wrote:
Mon Sep 02, 2019 12:52 pm
I understand Dave's concern. I have a Chromebook that is dedicated to just online banking and investments. I do no internet surfing on it. The Chromebook has a wireless connection to an Apple Airport Extreme that requires a password to join. My bank and 401k manager both use 2 step authentication. Even so I still worry about security thanks to all the reported hacks (governments & businesses) that have occurred over the past 10 years. I worry about how secure the wireless connection is between the Chromebook and the Airport Extreme. I'm also considering replacing my Apple Extreme with a newer router.

+1.

I work in Information Security. If you truly want to be secure, buy a low power (Intel I3 Chip) dedicated laptop that "does nothing but" access your banking and investment sites. Use two factor authentication, preferably yubikeys if they are supported by the site (as Vanguard is).

Also do not use wireless unless you have to. It is much better to use a wired connection. WPA2 wireless can be hacked with a little time.

crumbone
Posts: 88
Joined: Thu Oct 12, 2017 11:50 pm

Re: Internet security and vpn

Post by crumbone » Thu Sep 05, 2019 1:24 am

mrb55 wrote:
Wed Sep 04, 2019 8:26 pm
mac2019 wrote:
Mon Sep 02, 2019 12:52 pm
I understand Dave's concern. I have a Chromebook that is dedicated to just online banking and investments. I do no internet surfing on it. The Chromebook has a wireless connection to an Apple Airport Extreme that requires a password to join. My bank and 401k manager both use 2 step authentication. Even so I still worry about security thanks to all the reported hacks (governments & businesses) that have occurred over the past 10 years. I worry about how secure the wireless connection is between the Chromebook and the Airport Extreme. I'm also considering replacing my Apple Extreme with a newer router.

+1.

I work in Information Security. If you truly want to be secure, buy a low power (Intel I3 Chip) dedicated laptop that "does nothing but" access your banking and investment sites. Use two factor authentication, preferably yubikeys if they are supported by the site (as Vanguard is).

Also do not use wireless unless you have to. It is much better to use a wired connection. WPA2 wireless can be hacked with a little time.
This is all excellent advice. Good security practices mostly come down to keeping your risks as separate as possible, so that if one thing is compromised it won’t affect the others. How many other sites did you use that password from the company that just had a big data breach? When someone finds your “Smart” plug and fridge and DVR on SHODAN and breaches them, can they get to your PC with sensitive documents and banking information?

Unless you are using an insecure network or have a weird threat model (ISP spying on you, rogue access point, state mass censorship), a VPN isn’t really a security measure for a home network. VPNs are largely used either for secure remote access or for privacy— usefulness for the latter is debatable depending on the VPN provider.

Useful security measures at home:
1. Password manager. Long, unique passwords. Long, unique usernames. When feasible, unique per-account e-mail addresses.

2. 2FA on all the things (preferably hardware 2FA.) If you have to use SMS 2FA (thanks, banks), use a VoIP number that is only used for 2FA.

3. Sensitive activities only over wired connections. A separate computer (or VM) used only for this purpose adds another layer of security.

4. Use full-disk encryption.

5. Regular, encrypted backups.

6. No default passwords on anything. Keep all firmware up to date.

7. Network segmentation (advanced.)
-Put your banking computer on a separate VLAN from your WiFi. If you have to own “smart devices” (sadly these days we have less and less ability to avoid them), put them on their own segregated VLAN.
-Set up your router to block inter-VLAN traffic.
-Set up your firewall to drop all WAN traffic that isn’t established/related.
-Consider egress firewall rules (or simply blocking internet access if feasible) for the “smart devices.” They are little spies and largely insecure by design.
This setup requires an enterprise-type router and a managed switch and the knowledge to configure them— not for everyone, to be sure.

Northern Flicker
Posts: 4914
Joined: Fri Apr 10, 2015 12:29 am

Re: Internet security and vpn

Post by Northern Flicker » Thu Sep 05, 2019 1:53 am

dave1054 wrote:
Sun Sep 01, 2019 6:55 pm
I have windows 10 and password secured wireless.I am
probably too paranoid but thinking about getting a vpn for Internet banking. I use 2 step authentication for Vanguard.
Any comments about vpn? Any recommendations on purchase of vpn. Would love one with easy setup and
ease of use.
What specific threat(s) to logging into and using online financial accounts does a 3rd party VPN service address or eliminate?
Index fund investor since 1987.

Post Reply