How to avoid an insecure initial connection on public Wi-Fi networks before the VPN is enabled?
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ height:90px;width:728px;box-sizing:border-box;
}
It’s a best practice to use VPN when you connect to public Wi-Fi networks. However, in the scenarios I am aware of, you first connect to the network and only then—after connected—switch to VPN. In that case there is time-window when your traffic goes on an insecure connection and you are vulnerable.
My concern is many programs/services/processes running on a PC execute a housekeeping/update check/status check as soon as a network connection is available. And all those activities would be performed via an insecure connection if they are triggered before the switch to the VPN connection.
Is it possible to avoid this?
wireless-networking security vpn
edited Aug 16 '15 at 16:45
G-Man
5,813112361
asked Apr 4 '15 at 14:38
peterfoldipeterfoldi
915
|
show 2 more comments
It’s a best practice to use VPN when you connect to public Wi-Fi networks. However, in the scenarios I am aware of, you first connect to the network and only then—after connected—switch to VPN. In that case there is time-window when your traffic goes on an insecure connection and you are vulnerable.
My concern is many programs/services/processes running on a PC execute a housekeeping/update check/status check as soon as a network connection is available. And all those activities would be performed via an insecure connection if they are triggered before the switch to the VPN connection.
Is it possible to avoid this?
wireless-networking security vpn
edited Aug 16 '15 at 16:45
G-Man
5,813112361
asked Apr 4 '15 at 14:38
peterfoldipeterfoldi
915
This is a non-issue because VPN connection will be encrypted from your client connection to the VPN anyway. Simply connecting to a public Wi-Fi network in and of itself won’t expose anything.
– JakeGould
Apr 4 '15 at 15:02
1
Yes it does: many programs/services/processes running on your pc execute housekeeping/update check/status check as soon as a network connection is available. And all those activities will be performed on insecure connection until you switch to VPN.
– peterfoldi
Apr 4 '15 at 15:14
Very fair reason and concern. I just edited your question to add that info since it clarifies the whole concern in my mind.
– JakeGould
Apr 4 '15 at 15:19
@peterfoldi: You beat me by 75 seconds!
– G-Man
Aug 16 '15 at 16:47
Use superuser.com/questions/262799/… to remove default route (route deleteon 0.0.0.0), add route (route add) to VPN network going through default gateway so you allow VPN to establish. Let VPN connection give you default route to 0.0.0.0
– ssnobody
Aug 18 '15 at 0:36
|
show 2 more comments
It’s a best practice to use VPN when you connect to public Wi-Fi networks. However, in the scenarios I am aware of, you first connect to the network and only then—after connected—switch to VPN. In that case there is time-window when your traffic goes on an insecure connection and you are vulnerable.
My concern is many programs/services/processes running on a PC execute a housekeeping/update check/status check as soon as a network connection is available. And all those activities would be performed via an insecure connection if they are triggered before the switch to the VPN connection.
Is it possible to avoid this?
wireless-networking security vpn
edited Aug 16 '15 at 16:45
G-Man
5,813112361
asked Apr 4 '15 at 14:38
peterfoldipeterfoldi
915
It’s a best practice to use VPN when you connect to public Wi-Fi networks. However, in the scenarios I am aware of, you first connect to the network and only then—after connected—switch to VPN. In that case there is time-window when your traffic goes on an insecure connection and you are vulnerable.
My concern is many programs/services/processes running on a PC execute a housekeeping/update check/status check as soon as a network connection is available. And all those activities would be performed via an insecure connection if they are triggered before the switch to the VPN connection.
Is it possible to avoid this?
wireless-networking security vpn
wireless-networking security vpn
edited Aug 16 '15 at 16:45
G-Man
5,813112361
asked Apr 4 '15 at 14:38
peterfoldipeterfoldi
915
edited Aug 16 '15 at 16:45
G-Man
5,813112361
asked Apr 4 '15 at 14:38
peterfoldipeterfoldi
915
edited Aug 16 '15 at 16:45
G-Man
5,813112361
edited Aug 16 '15 at 16:45
G-Man
5,813112361
edited Aug 16 '15 at 16:45
G-Man
5,813112361
5,813112361
asked Apr 4 '15 at 14:38
peterfoldipeterfoldi
915
asked Apr 4 '15 at 14:38
peterfoldipeterfoldi
915
asked Apr 4 '15 at 14:38
peterfoldipeterfoldi
915
915
This is a non-issue because VPN connection will be encrypted from your client connection to the VPN anyway. Simply connecting to a public Wi-Fi network in and of itself won’t expose anything.
– JakeGould
Apr 4 '15 at 15:02
1
Yes it does: many programs/services/processes running on your pc execute housekeeping/update check/status check as soon as a network connection is available. And all those activities will be performed on insecure connection until you switch to VPN.
– peterfoldi
Apr 4 '15 at 15:14
Very fair reason and concern. I just edited your question to add that info since it clarifies the whole concern in my mind.
– JakeGould
Apr 4 '15 at 15:19
@peterfoldi: You beat me by 75 seconds!
– G-Man
Aug 16 '15 at 16:47
Use superuser.com/questions/262799/… to remove default route (route deleteon 0.0.0.0), add route (route add) to VPN network going through default gateway so you allow VPN to establish. Let VPN connection give you default route to 0.0.0.0
– ssnobody
Aug 18 '15 at 0:36
|
show 2 more comments
This is a non-issue because VPN connection will be encrypted from your client connection to the VPN anyway. Simply connecting to a public Wi-Fi network in and of itself won’t expose anything.
– JakeGould
Apr 4 '15 at 15:02
1
Yes it does: many programs/services/processes running on your pc execute housekeeping/update check/status check as soon as a network connection is available. And all those activities will be performed on insecure connection until you switch to VPN.
– peterfoldi
Apr 4 '15 at 15:14
Very fair reason and concern. I just edited your question to add that info since it clarifies the whole concern in my mind.
– JakeGould
Apr 4 '15 at 15:19
@peterfoldi: You beat me by 75 seconds!
– G-Man
Aug 16 '15 at 16:47
Use superuser.com/questions/262799/… to remove default route (route deleteon 0.0.0.0), add route (route add) to VPN network going through default gateway so you allow VPN to establish. Let VPN connection give you default route to 0.0.0.0
– ssnobody
Aug 18 '15 at 0:36
This is a non-issue because VPN connection will be encrypted from your client connection to the VPN anyway. Simply connecting to a public Wi-Fi network in and of itself won’t expose anything.
– JakeGould
Apr 4 '15 at 15:02
This is a non-issue because VPN connection will be encrypted from your client connection to the VPN anyway. Simply connecting to a public Wi-Fi network in and of itself won’t expose anything.
– JakeGould
Apr 4 '15 at 15:02
1
1
Yes it does: many programs/services/processes running on your pc execute housekeeping/update check/status check as soon as a network connection is available. And all those activities will be performed on insecure connection until you switch to VPN.
– peterfoldi
Apr 4 '15 at 15:14
Yes it does: many programs/services/processes running on your pc execute housekeeping/update check/status check as soon as a network connection is available. And all those activities will be performed on insecure connection until you switch to VPN.
– peterfoldi
Apr 4 '15 at 15:14
Very fair reason and concern. I just edited your question to add that info since it clarifies the whole concern in my mind.
– JakeGould
Apr 4 '15 at 15:19
Very fair reason and concern. I just edited your question to add that info since it clarifies the whole concern in my mind.
– JakeGould
Apr 4 '15 at 15:19
@peterfoldi: You beat me by 75 seconds!
– G-Man
Aug 16 '15 at 16:47
@peterfoldi: You beat me by 75 seconds!
– G-Man
Aug 16 '15 at 16:47
Use superuser.com/questions/262799/… to remove default route (
route delete on 0.0.0.0), add route (route add) to VPN network going through default gateway so you allow VPN to establish. Let VPN connection give you default route to 0.0.0.0– ssnobody
Aug 18 '15 at 0:36
Use superuser.com/questions/262799/… to remove default route (
route delete on 0.0.0.0), add route (route add) to VPN network going through default gateway so you allow VPN to establish. Let VPN connection give you default route to 0.0.0.0– ssnobody
Aug 18 '15 at 0:36
|
show 2 more comments
2 Answers
2
active
oldest
votes
How you do this specifically depends on what OS you use and what firewall you use. The general rule is to set your firewall to block connections by default so nothing can access the internet at all, then manually add the required rules for the VPN to work.
In Windows for example, the built-in firewall rules can be changed to default block on outbound on a per profile basis. If you do this on the Public profile, then nothing can access the internet. Then, create an allow rule for your VPN client software, so nothing can access the internet other than the VPn client. Finally, either assign the VPN to a private profile or add additional rules to allow outbound access through the VPN interface alone.
On Linux for example, it is very similar, setting the default outbound rule to 'DROP' in iptables, add a specific allow rule to your VPN server, and then adding a specific allow rule for all outbound traffic via the VPN adapter.
answered Aug 18 '15 at 14:06
qasdfdsaqqasdfdsaq
5,37411734
add a comment |
It would take some time and effort on your part to do the set up, but if you are concerned enough about the security risk arising from automatic updates, then you can use your Firewall to block application access.
This post gives you the details on how to do this for Windows 7, but most firewalls have a similar concept where you can control the inflow and outflow to your computer.
edited Mar 20 '17 at 10:16
Community♦
1
answered Aug 16 '15 at 15:53
AMRAMR
4501316
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "3"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f897808%2fhow-to-avoid-an-insecure-initial-connection-on-public-wi-fi-networks-before-the%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
How you do this specifically depends on what OS you use and what firewall you use. The general rule is to set your firewall to block connections by default so nothing can access the internet at all, then manually add the required rules for the VPN to work.
In Windows for example, the built-in firewall rules can be changed to default block on outbound on a per profile basis. If you do this on the Public profile, then nothing can access the internet. Then, create an allow rule for your VPN client software, so nothing can access the internet other than the VPn client. Finally, either assign the VPN to a private profile or add additional rules to allow outbound access through the VPN interface alone.
On Linux for example, it is very similar, setting the default outbound rule to 'DROP' in iptables, add a specific allow rule to your VPN server, and then adding a specific allow rule for all outbound traffic via the VPN adapter.
answered Aug 18 '15 at 14:06
qasdfdsaqqasdfdsaq
5,37411734
add a comment |
How you do this specifically depends on what OS you use and what firewall you use. The general rule is to set your firewall to block connections by default so nothing can access the internet at all, then manually add the required rules for the VPN to work.
In Windows for example, the built-in firewall rules can be changed to default block on outbound on a per profile basis. If you do this on the Public profile, then nothing can access the internet. Then, create an allow rule for your VPN client software, so nothing can access the internet other than the VPn client. Finally, either assign the VPN to a private profile or add additional rules to allow outbound access through the VPN interface alone.
On Linux for example, it is very similar, setting the default outbound rule to 'DROP' in iptables, add a specific allow rule to your VPN server, and then adding a specific allow rule for all outbound traffic via the VPN adapter.
answered Aug 18 '15 at 14:06
qasdfdsaqqasdfdsaq
5,37411734
add a comment |
How you do this specifically depends on what OS you use and what firewall you use. The general rule is to set your firewall to block connections by default so nothing can access the internet at all, then manually add the required rules for the VPN to work.
In Windows for example, the built-in firewall rules can be changed to default block on outbound on a per profile basis. If you do this on the Public profile, then nothing can access the internet. Then, create an allow rule for your VPN client software, so nothing can access the internet other than the VPn client. Finally, either assign the VPN to a private profile or add additional rules to allow outbound access through the VPN interface alone.
On Linux for example, it is very similar, setting the default outbound rule to 'DROP' in iptables, add a specific allow rule to your VPN server, and then adding a specific allow rule for all outbound traffic via the VPN adapter.
answered Aug 18 '15 at 14:06
qasdfdsaqqasdfdsaq
5,37411734
How you do this specifically depends on what OS you use and what firewall you use. The general rule is to set your firewall to block connections by default so nothing can access the internet at all, then manually add the required rules for the VPN to work.
In Windows for example, the built-in firewall rules can be changed to default block on outbound on a per profile basis. If you do this on the Public profile, then nothing can access the internet. Then, create an allow rule for your VPN client software, so nothing can access the internet other than the VPn client. Finally, either assign the VPN to a private profile or add additional rules to allow outbound access through the VPN interface alone.
On Linux for example, it is very similar, setting the default outbound rule to 'DROP' in iptables, add a specific allow rule to your VPN server, and then adding a specific allow rule for all outbound traffic via the VPN adapter.
answered Aug 18 '15 at 14:06
qasdfdsaqqasdfdsaq
5,37411734
answered Aug 18 '15 at 14:06
qasdfdsaqqasdfdsaq
5,37411734
answered Aug 18 '15 at 14:06
qasdfdsaqqasdfdsaq
5,37411734
answered Aug 18 '15 at 14:06
qasdfdsaqqasdfdsaq
5,37411734
5,37411734
add a comment |
add a comment |
It would take some time and effort on your part to do the set up, but if you are concerned enough about the security risk arising from automatic updates, then you can use your Firewall to block application access.
This post gives you the details on how to do this for Windows 7, but most firewalls have a similar concept where you can control the inflow and outflow to your computer.
edited Mar 20 '17 at 10:16
Community♦
1
answered Aug 16 '15 at 15:53
AMRAMR
4501316
add a comment |
It would take some time and effort on your part to do the set up, but if you are concerned enough about the security risk arising from automatic updates, then you can use your Firewall to block application access.
This post gives you the details on how to do this for Windows 7, but most firewalls have a similar concept where you can control the inflow and outflow to your computer.
edited Mar 20 '17 at 10:16
Community♦
1
answered Aug 16 '15 at 15:53
AMRAMR
4501316
add a comment |
It would take some time and effort on your part to do the set up, but if you are concerned enough about the security risk arising from automatic updates, then you can use your Firewall to block application access.
This post gives you the details on how to do this for Windows 7, but most firewalls have a similar concept where you can control the inflow and outflow to your computer.
edited Mar 20 '17 at 10:16
Community♦
1
answered Aug 16 '15 at 15:53
AMRAMR
4501316
It would take some time and effort on your part to do the set up, but if you are concerned enough about the security risk arising from automatic updates, then you can use your Firewall to block application access.
This post gives you the details on how to do this for Windows 7, but most firewalls have a similar concept where you can control the inflow and outflow to your computer.
edited Mar 20 '17 at 10:16
Community♦
1
answered Aug 16 '15 at 15:53
AMRAMR
4501316
edited Mar 20 '17 at 10:16
Community♦
1
edited Mar 20 '17 at 10:16
Community♦
1
edited Mar 20 '17 at 10:16
Community♦
1
1
answered Aug 16 '15 at 15:53
AMRAMR
4501316
answered Aug 16 '15 at 15:53
AMRAMR
4501316
answered Aug 16 '15 at 15:53
AMRAMR
4501316
4501316
add a comment |
add a comment |
Thanks for contributing an answer to Super User!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f897808%2fhow-to-avoid-an-insecure-initial-connection-on-public-wi-fi-networks-before-the%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
This is a non-issue because VPN connection will be encrypted from your client connection to the VPN anyway. Simply connecting to a public Wi-Fi network in and of itself won’t expose anything.
– JakeGould
Apr 4 '15 at 15:02
1
Yes it does: many programs/services/processes running on your pc execute housekeeping/update check/status check as soon as a network connection is available. And all those activities will be performed on insecure connection until you switch to VPN.
– peterfoldi
Apr 4 '15 at 15:14
Very fair reason and concern. I just edited your question to add that info since it clarifies the whole concern in my mind.
– JakeGould
Apr 4 '15 at 15:19
@peterfoldi: You beat me by 75 seconds!
– G-Man
Aug 16 '15 at 16:47
Use superuser.com/questions/262799/… to remove default route (
route deleteon 0.0.0.0), add route (route add) to VPN network going through default gateway so you allow VPN to establish. Let VPN connection give you default route to 0.0.0.0– ssnobody
Aug 18 '15 at 0:36