How-to Guide Protect Yourself Against MITM Attacks

Discussion in 'Tutorials & Guides' started by Umbra, Oct 28, 2016.

  1. simmerskool

    simmerskool Level 4

    Apr 16, 2017
    170
    329
    non-profit corporate consultant
    USA
    Windows 7
    Emsisoft
    Sunshine-boy likes this.
  2. simmerskool

    simmerskool Level 4

    Apr 16, 2017
    170
    329
    non-profit corporate consultant
    USA
    Windows 7
    Emsisoft
    #82 simmerskool, Jul 20, 2017
    Last edited: Jul 27, 2017
    I vaguely recall trying ivpn a few months ago, and there was some issue...(?) but don't recall what it was. (maybe I kept notes). I'm testing vyprvpn and bought just one month and it was $12.95 (IIRC) so if I keep doing that, it will add up big time. Protonvpn ($77/yr IIRC). I think I need the excel sheet. :D
    PS vypr seems to have fast throughput here. (& proton has tor, surprisingly fast the other day)

    EDIT: worked out the kinks on my end and I'm now very happy with ivpn. secure private and fast, with good support. protonvpn also runs aok with ivpn installed, of course not running them at the same time. I removed vyprvpn because it conflicted with ivpn.
     
  3. Lockdown

    Lockdown From AppGuard
    Developer

    Oct 24, 2016
    2,705
    11,851
    AppGuard LLC Virginia, U.S.
    IVPN client uses a firewall. I have had fewest problems with the IVPN client and servers.

    Mullvad, I've had problems with the client. It was a pain. I tried their service twice and the client and support just never worked out. Some have no problems whatsoever. Go figure.

    The VPNs that have clients that work without problems also seem to be the ones with most lax security or other issues.
     
    Sunshine-boy and simmerskool like this.
  4. simmerskool

    simmerskool Level 4

    Apr 16, 2017
    170
    329
    non-profit corporate consultant
    USA
    Windows 7
    Emsisoft
    Thanks, I found my ivpn notes from March_2017, installed but was using chrome it was not loading webpages, perhaps some conflict, never figured it out. I'll try it again, tonight or tomorrow, starting to get late (for me). Also just downloaded the mullvad client, it was not signed?? so not installed here until clarification. ivpn that one privacy place notes that Gibraltar is part of UK, so perhaps not best jurisdiction??
     
  5. Lockdown

    Lockdown From AppGuard
    Developer

    Oct 24, 2016
    2,705
    11,851
    AppGuard LLC Virginia, U.S.
    Who in one of the 14 eyes nations is going to go through all the trouble to pester UK GCHQ or whatever government agencies to do whatever to get your whatever infos from a business in Gibraltar and whatever other international rigmarole is involved to get infos ?

    I mean, are you hacking nation-states-agencies via VPN ? If no, then you have no worries.

    While it is theoretically possible that the UK can just go to Gibraltar and seize IVPN's "stuff" there or force them to give up whatever data they might have - somebody please tell me how realistic that such a thing would ever happen. Not...
     
  6. simmerskool

    simmerskool Level 4

    Apr 16, 2017
    170
    329
    non-profit corporate consultant
    USA
    Windows 7
    Emsisoft
    ok, see your point :)
     
  7. Lockdown

    Lockdown From AppGuard
    Developer

    Oct 24, 2016
    2,705
    11,851
    AppGuard LLC Virginia, U.S.
    For your intended purposes under your specific computing conditions, most any reputable VPN will work. Now if you have the need to be super-secret squirrel no matter what, then you have to get into the paranoid, super-paranoid, and ultra-paranoid guides posted by mirimir on the IVPN site. Those anonymity\privacy configurations look like full-time occupations to me.
     
    simmerskool and Sunshine-boy like this.
  8. Arequire

    Arequire Level 18

    Feb 10, 2017
    898
    2,803
    United Kingdom
    Windows 7
    Default-Deny
    Pretty much the same reason I'm not concerned about using a VPN from a five eyes nation (Canada). I keep it permanently connected so I may be noticed by my slowly-turning-authoritarian government (UK) but I'm not doing anything that would justify them taking a closer look. That is until sometime in the near future when my government forces ISPs to introduce backdoors into their system for real-time monitoring and makes end-to-end encryption illegal.
    The world we live in, right? :rolleyes:
     
  9. Lockdown

    Lockdown From AppGuard
    Developer

    Oct 24, 2016
    2,705
    11,851
    AppGuard LLC Virginia, U.S.
    American and Canadian lawmakers think alike... I guess.
     
  10. Arequire

    Arequire Level 18

    Feb 10, 2017
    898
    2,803
    United Kingdom
    Windows 7
    Default-Deny
    Maybe. Either way unless Canada introduces a data retention law directed at VPNs or the UK government makes the use of anonymizing software illegal for private citizens I probably shouldn't care. Full-time data encryption probably ain't a bad thing either.
     
  11. Maxwell Sien

    Maxwell Sien Level 2

    Nov 15, 2016
    95
    298
    Indonesia
    Windows 10
    Default-Deny
    Does VPN can help us in case MITM?
     
  12. Arequire

    Arequire Level 18

    Feb 10, 2017
    898
    2,803
    United Kingdom
    Windows 7
    Default-Deny
     
  13. Maxwell Sien

    Maxwell Sien Level 2

    Nov 15, 2016
    95
    298
    Indonesia
    Windows 10
    Default-Deny
    Thank you, Buddy.. :)
     
  14. Maxwell Sien

    Maxwell Sien Level 2

    Nov 15, 2016
    95
    298
    Indonesia
    Windows 10
    Default-Deny
    #94 Maxwell Sien, Jul 26, 2017
    Last edited: Jan 16, 2018 at 8:16 AM
    Does it mean that DNSCrypt is more safe than VPN?

    HTTPS Everywhere, Proxy, VPN, DNSCrypt

    Which one is the best in case MITM?
     
  15. Arequire

    Arequire Level 18

    Feb 10, 2017
    898
    2,803
    United Kingdom
    Windows 7
    Default-Deny
    #95 Arequire, Jul 26, 2017
    Last edited: Jul 27, 2017
    No. With a VPN you'll be using the VPN providers' own DNS servers (hopefully) and all your network traffic - including your DNS requests - will be encrypted.

    Assuming you don't keep a VPN connected 24/7 your best bet is to add HTTPS Everywhere to all your browsers and select a DNS provider that supports DNSCrypt and uses DNSSEC. This prevents snooping or manipulation of DNS data through encryption and authentication. I'd suggest using DNS provider with a no logging policy too.
    When using a VPN, DNSCrypt become irrelevant as you'll be using your VPN providers' DNS servers. HTTPS Everywhere is still relevant as it encrypts the traffic from the VPN to its destination.
     
    HarborFront and simmerskool like this.
  16. HarborFront

    HarborFront Level 34
    Content Creator

    Oct 9, 2016
    2,300
    5,763
    Far East
    #96 HarborFront, Jul 26, 2017
    Last edited: Jul 26, 2017
    In addition to what @Arequire suggested it is best to add NetCut Defender if you are a laptop user when using public WiFi networks and that's because

    At home, you have to worry of MITM attacks at the router, switch and PC
    In public, you have only your laptop to worry against MITM attack
     
  17. Maxwell Sien

    Maxwell Sien Level 2

    Nov 15, 2016
    95
    298
    Indonesia
    Windows 10
    Default-Deny
  18. rockstarrocks

    rockstarrocks Level 14

    Apr 16, 2017
    686
    6,786
    Civil Engineer
    Delhi>India>Asia>Earth>S.S.>Milky way>Our Universe
    Windows 10
    Emsisoft
    #98 rockstarrocks, Jul 27, 2017
    Last edited: Jul 28, 2017
    Does anyone use Comodo's Internet Security Essentials? My ISP doesn't allow changing DNS, will it work even then?
     
  19. Umbra

    Umbra From Emsisoft
    Developer

    May 16, 2011
    17,163
    29,653
    Community manager
    Vietnam & France
    Windows 10
    Emsisoft
    comodo DNS sucks anyway :D
     
    DeepWeb and rockstarrocks like this.
  20. DeepWeb

    DeepWeb Level 9

    Jul 1, 2017
    439
    1,422
    Nurse
    On a journey
    Windows 10
    Emsisoft
    If you have Windows DNS Client and its cache disabled, do you still have to worry about DNS cache poisoning?
     
    rockstarrocks likes this.
Loading...
Similar Threads Forum Date
3 Practical Tips to protect yourself against anti-ransomware Backup, Sync and Encryption Mar 24, 2017
Hacking Alert Protect Yourself from KRACK WiFi Vulnerability Security News Oct 19, 2017
Cloudbleed: How to Protect Yourself After the Data Leak News Archive Feb 25, 2017