Please register to participate in our discussions with 2 million other members - it's free and quick! Some forums can only be seen by registered members. After you create your account, you'll be able to customize options and access all our 15,000 new posts/day with fewer ads.
My friend uses this security software. Anyone heard of it or have experience with it? When I clicked the link it showed me my IP address and ISP brand "unprotected". Too bad I just renewed with ESET
Perhaps someone can enlighten me. Are these services glorified proxy servers or do they have true end to end encryption between your computer and the domain using the domain's SSL certificate preventing the VPN from viewing the content of your traffic.
That would largely depend on the answer to my question. A typical proxy server uses a encrypted connection but it is using their SSL cert. the traffic is decrypted on their server and then resubmitted to the target server using the domains SSL. This vulnerable to a man in the middle attack since you need to trust they are not doing anything with that data, your banking login data for example would be exposed to them.
If that is the case with these VPN's it's a huge security risk and I wouldn't touch one with a ten foot pole.
Perhaps someone can enlighten me. Are these services glorified proxy servers or do they have true end to end encryption between your computer and the domain using the domain's SSL certificate preventing the VPN from viewing the content of your traffic.
Nord VPN virtualizes your location only. Thus, your SSL (or TLS) traffic is from your application, into their tunnel, where it is encrypted again, and out at some other location. Your comms are still encrypted with your, and your destination's certificate, all the way through. The only thing the VPN provider can see is the address headers, since SSL doesn't encrypt those.
Nord VPN virtualizes your location only. Thus, your SSL (or TLS) traffic is from your application, into their tunnel, where it is encrypted again, and out at some other location. Your comms are still encrypted with your, and your destination's certificate, all the way through. The only thing the VPN provider can see is the address headers, since SSL doesn't encrypt those.
Correct, thus how they can get around geo locations filters. vpn doesnt know what traffic is going through it, as the A-B connection on both ends are SSL.
Correct, thus how they can get around geo locations filters. vpn doesnt know what traffic is going through it, as the A-B connection on both ends are SSL.
I did forget to mention, that the VPN does change the IP "origin" address so that the return traffic gets routed back through the tunnel. I don't know how TLS handles addressing, but I know SSL neither encrypts it, nor verifies it (which is why it has always be vulnerable to man in the middle attacks).
Thus, your SSL (or TLS) traffic is from your application, into their tunnel, where it is encrypted again,
Just so I'm clear on this, the browser is obtaining the domains public key through the VPN and the hand shake process begins between the browser and the domains server itself?
Quote:
where it is encrypted again
This makes no sense, how is that supposed to work? The first encrypted response the server is expecting from the browser is a message using that public key. Any other communications past that point would be sent using the agreed upon key, that key would only be known to the browser and the domain/domains server.
Last edited by thecoalman; 06-22-2018 at 01:25 PM..
Just so I'm clear on this, the browser is obtaining the domains public key through the VPN and the hand shake process begins between the browser and the domains server itself?
Yes.
Quote:
Quote:
Quote:
where it is encrypted again
This makes no sense, how is that supposed to work? The first response the server is expecting from the browser is a message using the domains public key.
Scan down to the heading "Open VPN" (which is what most people on Nord are using) and look at the picture. Everything entering the first router is encrypted, and sent to the second router. There, the traffic is decrypted and the origin address is replaced with the second router's IP address (so that return packet are routed back through the tunnel), and sent to the destination. The only difference with Nord VPN is that, for most of us, the first router is a software router that is part of your PC's software firewall. Hardware VPN-routers are available, but that would cost more.
Please register to post and access all features of our very popular forum. It is free and quick. Over $68,000 in prizes has already been given out to active posters on our forum. Additional giveaways are planned.
Detailed information about all U.S. cities, counties, and zip codes on our site: City-data.com.
Please register to participate in our discussions with 2 million other members - it's free and quick! Some forums can only be seen by registered members. After you create your account, you'll be able to customize options and access all our 15,000 new posts/day with fewer ads.
