I just returned tonight from a trip to the Middle East, primarily in a country that filters Internet access through a national proxy. None of the hotel rooms (that I stayed in) had in-room Internet… so it was Internet cafes for me in each stop. You’ve heard us say before on Brigada — the only way to safely access POP3 email at an Internet café is to shield your communication in a secure software tunnel referred to as a virtual private network (VPN). There *are* solutions for encrypted email (like Hushmail), but none of them allow you to use a simple POP3 box with a client like Outlook. For example, I *was* able to access my Hushmail account, but … it’s just not as quick and easy. Plus, it’s not very dependable off-line (I’ve had annoying glitches keeping the Outlook IMAP3 plug-in to stay in the running with Hushmail.) So… for convenient POP3 email *and* for secure web-browsing to the site of your choice, you really need a VPN in any country which would misunderstand your good intentions… or anytime you’re exchanging information about sensitive finances.
In the old days, a VPN might have raised your profile; not so any more. Every business man that passes financial information uses (or ought to use) a VPN. You usually wouldn’t have to carry around a hardware device to run a VPN. Many “software” versions are available, usually by running a “client-side” application on your laptop — which, in turn, talks to a VPN “server-side” mother-ship application, either on your own server back in your homeland, or, alternatively, via a server maintained by the company from which you buy or rent the VPN service. Some companies will offer a VPN for free (usually with other, more powerful services sold for pay), while other charge a nominal fee per month.
One thing I noticed was that it seemed there was no consistent result with the VPN that we hand out to our workers going to sensitive fields. We use Cisco and we oversee the “dashboard” for this VPN ourselves, so it’s really easy to maintain. But, not in this particular land. For example, at the first Internet café I visited on the opening day of this trip, every time I logged on to the VPN, the connectivity to the Internet would vanish. (Have you encountered something similar to that in other instances? If so, please click on “comment” below this item and give your testimony — completely anonymously if you desire.) That night, I tried Wytopia, HotSpotVPN, PublicVPN, and a handful of other VPN suppliers. *Hushmail* worked (without the VPN), but, as for my POP3 mail, I left empty-handed that night. I wasn’t willing to download it into the open. Now later in the week, I went back to that same café and tried again — and this time it worked! (Have you experienced that too?) I wondered later… if I had rebooted, would it have reset some routine that allowed it to connect? Either way, let’s start a list below of our favorite vendors for VPNs, along with anything to beat the problems. Here are the issues we seem to be battling, in the “real-world testing” department:
*** Some internet cafes seem to have blocked the port that the VPN uses?
*** It seems inconsistent; it’ll work sometimes and not work other times.
*** The VPN would sometimes just drop… like… if the wireless radio in the coffee shop had a hiccup, the secure-conduit would drop. (Sometimes when I’d try to launch it again, it wouldn’t have exited cleanly, so I’d have to reboot first. Hassle. Don’t get me wrong; I don’t mind all the hassles in the world, if they help us do this stuff securely. I’m just wondering if there’s a better way out there.)
Maybe we’ll find an obvious lay-down best VPN in the world? :-) Or maybe a satellite solution has leap-frogged the old technology and now we don’t even need internet cafes anymore?
One thing I found out just last week, is that Google mail (gmail.com) is now offering https (secure) connections.
Previously they only used the https for the login process, then reverted back to http. Now, in your settings, you can ask for https always. This encrypts your communications going and coming, so no one else can see your email content.
Uhmmmm… just wondering… if that password is going to tell you that we’re legitimate — should we be posting this on the open web? :-)
David addressed a lot of the questions that I saw that Doug might be having. However, one of the questions that could have been playing into the mix:
Was there another IPSEC VPN user on the same network and the router used by the internet cafe was a SOHO (Small Office/Home Office) level router that only supported one IPSEC connection at a time?
These pieces of hardware are great when you are at home, but can cause issues just like the one described when used in a public environment. (Or a home with multiple laptops/computers that are trying to use multiple IPSEC accounts.)
Just to play devil’s advocate, what makes the satellite connection more trustworthy? Is your VPN provider that trustworthy?
Many thanks to guys like David that are doing their best to keep Kingdom works safe and secure.
And just like the password that David is using, NEVER rely on just one layer of protection.
OK Dave. It just seems odd to think that that link is *any* form of security at all now — now that it’s freely visible on the open web, you know? Basically, I think our users should just view it as if it’s a kind of coupon to help them become engaged with your service. Everything else will happen internally with their VPN. But there’s *nothing* secret or secure about that “code” now.