Connecting to VPN over an unsecured network
Unsecured Network, VPN, VPN connectivity, VPN security, Wireless connection, Wireless in 2010, Wireless security
When connecting to a remote VPN over an unsecured network am I putting the VPN server at risk when transmitting credentials? What is the preferred method of connecting to VPN over unsecured network?
Software/Hardware used:
Software/Hardware used:
ASKED:
August 12, 2010 2:22 PM
UPDATED:
August 12, 2010 11:09 PM
Answer Wiki:
Most modern VPN systems will transmit credentials in a secured fashion. That is part of the session negotiation. I think you are more at risk of using a compromised system (e.g. password stealing trojan, keylogger).
To see all answers submitted to the Answer Wiki: View Answer History.
A great example of this (and the most common) is connecting to your corporate network using the internet as a transport.
The most secure way of doing this is to use a secure VPN client and IPSec as your transport. IPSec uses a 2 part process to secure communications. First of all both client and server agree on a method of communication and exchange information to verify each others identity.
The payloads are encrypted using that predetermined information between peers. Only when these secure channels are established does sensitive information pass, it does pass encrypted though over the unsecured network meaning means that you and the server are pretty safe.
A simple viewpoint might be that connecting to a VPN wouldn’t be worth much if credentials were at serious risk.
Tom