Hey Bob!
What I meant was not if VPN over a specific connection vs.cleartext on
another one,but on the SAME kinda connection.
Again...physically it's the SAME infrustructure-cables.Same cable Co.Unlike
in the US (where from what I know every broadband cable modem user gets
automatically valid ext.IP address from cable Co.,that basically gets a pool
of addresses from ISPs)...Here there's a choice...Either you get a Dial Up
VPN connection to ISP and from ISP you get ext.IP address and you get an
internal 172.2x.xx.xx address from cable Co. OR...you use the "american"
way. It's a BIG issue now here,'cos local ISPs try to B.S. the customers to
switch to Open access VPN Dial up connection from the "american" one.From
ISP' s point of you-it saves them pool of IP addresses.
Plus gives a CONTROL over what their custs do.Otherwise the Cable Co. has
that control.
What we- ISP tell the people that it's safer for THEM to have Open Access
VPN connection,'cos in this case they would get a temp.IP address and
hackers would less likely to get a control over their PC's.
Here I agree with the policy (more or less).What is unclear to me is:from a
connection standpoint locally...is there any difference...
--
Thanks in advance,
Yours truly,
Alon Brodski
"Bob Willard" <(E-Mail Removed)> wrote in message
news:u%(E-Mail Removed)...
> Alon Brodski wrote:
>
> > hey!
> >
> > Thanks for your explanation!
> > Here in Israel I'm not too worried about american government
agencies...I
> > had to f*ck around with one (INS) for over 5 years by being an illegal
alien
> > (who never took flying lessons :-) ).
> >
> > So if I understood it right...Having PPTP/L2TP (VPN) connection between
me
> > and my ISP is actually safer on that part of Interne traffic here
locally?So
> > it means that regular (Not Dial Up-VPN) MPLS connections where you get
an
> > external IP address directly from a cable company is less secure? Here I
get
> > first a 172.xx.xx.xx address from a local cable company and then when I
> > connect to ISP I get also a 80.xx.xx.xx that I use to get online
> >
> > And you meant that the only way to provide a really SECURE Internet
> > connection is by using SSL (port 443)?
> > And the rest is basically a naked info?
> >
> > Alon
> >
> > "Bob Willard" <(E-Mail Removed)> wrote in message
> > news:(E-Mail Removed)...
> >
> >>Alon Brodski wrote:
> >>
> >>
> >>>Hey!
> >>>
> >>>Thanks for your help!
> >>>
> >>>Well,to be honest I'm not worried about Internet at very least.I have
> >
> > real
> >
> >>>life worries to worry about....
> >>>My little baby girl half the globe away from me and my kidney stones
:-)
> >>>And also in my immidiate neighborhood noone has cable Internet...Buying
> >
> > and
> >
> >>>selling drugs here is what most people do in their free time :-)
> >>>I was just curious purely from technological point of view.
> >>>What do you mean by "cleartext"? Unencrypted? And how I can encrypt
> >
> > every
> >
> >>>transaction over the Internet.
> >>>Like what I download and what sites I visit....I do use VPN to access
my
> >
> > ISP
> >
> >>>(that I also work for)...Meaning that here in Israel those who use
cable
> >
> > to
> >
> >>>access Internet have Open Access Dial up VPN connection (PPTP or
> >
> > L2TP).And
> >
> >>>no IPSec 'cos ISP doesn't support it.So in this case...what could be
> >
> > done,
> >
> >>>if anything?
> >>>
> >>>
> >>
> >>Cleartext is another word for unencrypted.
> >>
> >>There is no way to encrypt everything that goes over the net, because
> >>encryption relies on having the source node and the target node have
> >>an agreement about the encryption mechanism before the encrypted
> >>message is sent. But, since many nodes do not support encryption at
> >>all, there is no way to get them to understand encrypted messages
> >>that you send and no way to get them to send encrypted messages to
> >>your node.
> >>
> >>Using VPN between your PC and your ISP is a good start since that
> >>protects your data over the "last mile". I don't think there is
> >>any general way to guarantee that nobody monitors traffic that is
> >>forwarded by your ISP between your PC and other internet nodes.
> >>
> >>In the USA, certain government groups are rumored (just a rumor,
> >>and you didn't hear it from me) to have the ability to monitor ISP
> >>traffic; but the only agencies with that ability are those with
> >>TLAs in which the last letter is a vowel, and the only departments
> >>with that ability are those with TLAs in which the first letter
> >>is "D".
> >>--
> >>Cheers, Bob
>
> Apparently, I failed the clarity test twice. Let me try again.
>
> 1. VPN encrypts data between the two ends of any logical connection.
> Using VPN between your PC and your ISP is much better than sending
> cleartext (unencrypted data), particularly if the data goes over
> some shared media, such as a broadband cable.
>
> I have no idea whether VPN over one specific connection is
> better than cleartext over another specific connection; I don't
> think there is any generic way to answer that question.
>
> 2. SSL (port 443) is certainly not the only way to provide a secure
> connection. SSL is just one such secure transport; albeit a standard.
> --
> Cheers, Bob
>
|
Similar Threads
