Fair point. I do think that critical infrastructure engineers and sysadmins remoting into their control stations should be using 2-factor and a VPN.
-
-
Replying to @KimZetter @martijn_grooten
What's the attack you're imagining that's mitigated with VPN?
6 replies 0 retweets 4 likes -
I think normal users would click through SSL errors for expired/invalid certs, so an SSL MITM could be possible. Some sites don't pin certs and users re-use passwords. Yes VPNs can be MITMd but users face less VPN error fatigue When did we stop believing in defense in depth?
2 replies 0 retweets 0 likes -
You understand what a VPN does, right? Your traffic is passing across the hostile public internet, and your solution is to.... pass it slightly differently?
1 reply 0 retweets 0 likes -
The best argument you can come up with for this is, "well... users don't see vpn errors as often, so maybe they won't dismiss them", but they now have to deal with vpn errors *and* ssl errors. That is not "defense in depth".
1 reply 0 retweets 1 like -
VPNs don't normally have a clickthrough that folks can easily use. SSL error fatigue is (at least was) very real https://www.usenix.org/conference/usenixsecurity13/technical-sessions/presentation/akhawe … . If VPNs had an "ignore" button, it'd be more comparable. Additionally there are open source SSL MITM tools, probably not for VPNs?
2 replies 0 retweets 0 likes -
You totally ignored the point. You want to communicate privately with host over untrusted hops You->A->B->C->Host. TLS Let's you do this, but you're scared you might click through a warning, so you instead send all your traffic to sketchy host F, now You->F->A->B->C->Host.
1 reply 0 retweets 0 likes -
You didn't solve anything, you just moved some bits around. Do not say "what about warning fatigue", when a VPN does not solve warning fatigue.
1 reply 0 retweets 0 likes -
The threat model I'd assume for an average user is "dumb attacker with a wifi pineapple or equivalent". That's easy for someone in a coffee shop. I don't expect a low-resource attacker to have the capability to MITM traffic out of a VPN server.
1 reply 0 retweets 1 like -
Your threat model is very confused, a physically nearby attacker willing to break the law who can only MITM one protocol (TLS) but not another (IPSEC, whatever). So you send all your bits to shady middleman instead?
2 replies 0 retweets 0 likes
This doesn't make sense, just use TLS.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.