Virtual Private Network is a must to keep someone from stealing your data while traveling...
Note: This has three parts , for some people that travel and are thinking of setting up a NAS, with a Server OS of course.
Part # 1
Need to connect to your home or business computer across the internet?
Afraid someone (namely thieves) will hack in to your connection from a laptop a couple of feet away?
They can you know, hack your wireless network connection while you are connected to a 'wireless hot spot'.
And your Windows Firewall will not do a dang thing to stop them from doing it!
The Windows Firewall can only protect the computer not the signal to the receiver of the 'hot spot'.
What if you could connect securely to your home / business computer and it wouldn't cost you 30
to 100 bucks a month?
Who travels enough to pay that kind of money out of their own pocket?
We are not talking about corporations or medium sized businesses that send representatives to different cities all the time.
No we are talking about the occasional traveler, the vacationer, the people that save to go to Disneyland
once a year or so but still need to maintain contact with their business. Surly you don't read your email at an airport across a WiFi hot spot, or do you along with a hacker?
Consider this: Wireless is the least secure form of communication ever invented.
Quote the US Supreme Court about cell phones: "There is no expectation of privacy while using a cell phone."
Now why did they come to that conclusion?
- Cell phones are radio transmitters and receivers. Any radio transmission is open for any receiver to pick up, if your radio transmission is picked up by someone else then
they can listen to your conversation.
- Cell phones use radio towers to send and receive the signal. This means that anyone with the right equipment
can track your location at anytime any where.
Now you have a wireless device in your computer, the same rules apply to that device as a cell phone.
If someone has the right equipment they can receive your signal from your computer to the receiver that will transmit your data across the internet wires.
And according to the US Supreme Court they have every right to do so now that
the cell phone is open to public scrutiny ...
Troubleshoot, repair, maintain, upgrade & secure...
The area where you are the most concerned with will be from the computer's wireless transmitter/receiver to the hot spot transmitter/receiver. This is a wide open radio signal.
There are ways to encrypt your data from your computer to the receiving computer. Some incorporate software and hardware. Unfortunately these solutions are expensive and only large businesses and corporations
can afford to employ them.
But there is a way you can have your secure wireless and not worry about that guy in the suit with the laptop snooping on your actions.
What is it?
Virtual Private Network
Now you say how do I get one?
Well that is a good question and part of the answer is here:
Information about Virtual Private Network- VPN
If you have a
server (geezzz there he goes with the geek stuff again!) and you don't have to be a geek to have a server now days, small businesses have them, heck you could have one to store all those photo's you take at Disneyland.
Use a virtual private network to protect your data from a remote location or while traveling.
VPN Part # 2
Traveling? Need a secure connection to a remote computer?
Try a Virtual Private Network -VPN.
If you are connected right now to the internet through a WiFi in a local cafe' would the connection be secure?
I know it is not, you may have your firewall up and running but that only protects data on the computer,
it does not protect the data you are transmitting to the WiFi receiver.
In other words: You are broadcasting like a radio station anything that is sent or received by your computer!
It is not encrypted.
To have a secure transmission the transmitter (your computer) and the receiver (the other computer) must agree on a encryption protocol.
The protocol has three parts:
- The public key (this is a key that is known by both ends of the communication used to decrypt known keys).
- The private key (this is a key that is only known by the owner of the local computer used to encrypt with known public keys).
- The encryption algorithm (This is the software that encrypts the message so that either the sending or receiving computer can decrypt it
- which has it's own private key).
If you use a Virtual Private Network then part of the software to create the VPN is the encryption and the keys. With Windows Operating Systems the network protocol for creating a
Virtual Private Network is loaded with the OS. Nothing to buy, but there is a cleveite with this software - the encryption strength is only 16 bit. That is very weak considering that the best encryption you can buy (not military grade) is 2048 bit.
Unless you are using a Virtual Private Network - VPN for a long period of time from a fixed location to a fixed location then 16 bit will suffice.
Why do I say 16 bit is good enough for a Virtual Private Network?
Because if you are traveling from say city to city for a couple of weeks and you don't tell the world that you are traveling
(Putting your plans on Facebook or MySpace would be broadcasting that you are
traveling, tipping off the thieves before you go is not a good idea, is it?) and that you use a VPN to connect to your home computers to get email and conduct business
then it is hard to find a VPN.
It takes a special hardware and software to detect a VPN because of the way the data is created by the VPN protocol, to the normal hacker with out the specialized hardware and software the data would look like normal network traffic. The thief would have to collect a lot of data over a long period of time then analyze the data to find that it is a
VPN Tunnel and the data inside is encrypted.
So a VPN is a viable solution to getting your email, checking your bank account, and other sensitive data while traveling because you will not be connected for a long period of time say over two or three hours. Add to the fact that every time you connect to the internet you will be getting a different IP address for that location.
The main idea behind using a VPN to connect remotely is to confuse the thieves if there are any around collecting data from wireless.
Or you could pay a third party to use their software and go through their server to your home computer, the cheapest I have found is $15 a connection and $3 per minute. Quite expensive unless you are a big company.
Now where did I put that VPN key... :)
VPN Part # 3
How would you set up a Virtual Private Network anyway?
Well there are some prerequisites -
You will need a server with Remote Access (RA) service installed.
You might need a static IP for your internet connection (this would depend on how often the DHCP from your ISP changed you IP address on your cable/DSL modem).
Then you just setup the RA, set the protocols, write the connect rules, give access to the user id's that will need to connect to the server,
then test. Don't want to be at Disneyland and then find out you can't connect!
Instead of giving you a step by step run down on how to setup a RA service on your server how about I tell you that all the steps are done while installing the service and if you use the 'Help' (press F1) function you will have all the steps spelled out for you. (hummm,
this looks like a good checklist ...)
Next step is to setup your client computer(s) VPN, which is fairly easy to
- Open the Network Places properties, select New Connection, then next on the wizard, select 'Connect to the network at my workplace'. Click Next.
- Select 'Virtual Private Network connection', click next.
- Type in the name of your connection, click next
- Select 'Automatically dial this initial connection' if the name you typed in above isn't visible use the down arrow to select it. Click next.
- Now this is where a static IP comes in handy, you need the IP address of your Cable/DSL modem, type it in here. Click next.
- In the 'Create this connection for: My use only'. (This is what I use). This means if someone else uses your computer they can not use the VPN. Enhances security of your VPN and remote network. Click next.
- Click finish.
Once you have the VPN created your next step is to setup the protocols the same as with the server RA.
You need to match the protocols or the connection will not work. (See a checklist would be very handy).
That is all there is to a Virtual Private Network - VPN, ooppps don't forget to test it!
Piece of cake :)
Note: If you have an old computer that is still in good working condition you
could use it for your VPN Host Server (and a NAS!) however to build a VPN Host
you have to use a Server Operating System (Your Windows XP/Vista/Windows Seven
don't have the service nor can it be installed on it) so if you are going to
build a Server out of your old computer I have written a book as a
DIY for Server Owners.
In late January I needed my VPN while traveling, for some reason I
could not connect to the server.
Around the first of February I had time to explore why I could not
connect, something was wrong with the VPN service on my firewall / proxy server.
After doing some research I found out that an update by Microsoft has changed
how a VPN service and proxy react when both are on one server: The VPN will
not work, period. The article I read did not tell me what service pack
caused this problem. The solution or recommendation was to use a separate server
for your VPN service. To read how I set up my new VPN server
It is your data and only you can protect it! If you don't protect it, it
will not be yours for long...