ipsec
Latest
Here are the security measures NSA spies hate the most
It's tempting to imagine that few online safeguards will stop NSA surveillance in its tracks, but that's not true. A new leak from Edward Snowden's files reveals that there's a surprising number of ways to thwart these snoops, at least as of 2012. While you may already know that the NSA sees Tor's anonymity network as a problem, it hates the heavy encryption on chat protocols like CSpace or Off-the-Record, internet calling systems like ZRTP or highly secure email systems like Zoho. Use two or more of these services in tandem and you may as well disappear completely -- the NSA considers the combination a "near-total loss."
Hotspot Shield adds iOS connection protection with inexpensive VPN
If you're a security-conscious web surfer -- or an international traveler who likes to maintain access to US-based video streaming or voice services -- you may already be one of the millions of users of AnchorFree's Hotspot Shield, one of the leading consumer virtual private network (VPN) services. VPNs have been a mainstay of distributed corporate workforces for years, but recently they've gained traction with everyday folk as well. This week, the company launched an iOS app that streamlines the connection process and adds bandwidth-saving compression on top of that, with a modest $9.99 yearly fee. The principles of a VPN are pretty straightforward. Normally, when you connect your computer to an unfamiliar network (wired or wireless), all your traffic back and forth is readily visible to anyone sitting on the same network segment; in the case of a public hotspot in a coffee shop, library or hotel, you might be sharing way more than you mean to. While many websites guard against snoopers by digitally protecting the login process with SSL encryption (that's the "S" in https://, indicating that the conversation between you and the remote site is protected), even that may not be enough to cover the bases. Last year, the Firesheep extension for Firefox demonstrated quite convincingly that on 'open' WiFi networks, even a secure web login might not be secure if the site drops the SSL encryption after the login process is done. VPNs protect against Firesheep and other eavesdropping as a side effect of their original intended purpose: creating a secure 'tunnel' between corporate or institutional networks and machines on outside networks like the Internet. The 'virtual private' part of VPN means that when you launch a VPN client, your computer is setting up an end-to-end encrypted connection with another computer someplace else, so you can access resources on that computer's remote network (printers, servers and such). All the traffic between point A and point B is incomprehensible to any other computers on those network segments, and assuming your VPN client is set up to route all your traffic through the remote server, you're protected from prying eyes at the next Starbucks table. While you might take a slight network performance hit from running a VPN, there are benefits beyond the security improvements. Since your tunnel is carrying all the Internet traffic to and from your machine, your VPN is acting like a network ventriloquist; it makes your 'voice' appear to be coming from somewhere else (in this case, the location of the remote VPN host). The advantages of this relocation range from the entertaining -- enabling sites like Hulu or Netflix to work for non-US users, or unlocking access to social sites like Facebook or MySpace from academic/business networks that block them -- to life-and-death, change-history important. If you're living in a country where control of the Internet is used as a tool of political repression, the opportunity to get access to the outside world via a VPN may make a huge difference. There's already a VPN client connection tool built into both iOS and OS X, so you're free to use most available VPN services with your Mac or your iPhone/iPad. The relevant acronyms are IPSec, PPTP and L2TP over IPSec; if your VPN host supports one of these protocols, you should be fine. You can check with your employer or school IT department to see if you already have VPN access that you can use for free. Going with a service like Hotspot Shield, however, means you don't need to think about that alphabet soup when you want to connect securely. Hotspot Shield's desktop offering is known for being dead easy to set up and use, so no surprise that the iOS app would aim for the same simplicity. Pick your plan (free seven-day trial, $0.99 monthly or $9.99 annual) and connect -- you can also adjust the image compression level that the app will apply to your browsing sessions, saving you room on your data plan in similar fashion to Onavo's app. The app runs gracefully in the background, protecting all your traffic (the app press release even cites iMessage exchanges as being guarded, but those already are covered by TLS encryption). If you're concerned about your mobile network security while using possibly un-guarded apps or websites, or you need to virtually relocate your connection, the seven-day trial of Hotspot Shield may be just the thing for you.
