In the early days of computers, one of the very first things we were all supposed to of learned was to never insert a floppy disk into our computers. There were and still are multiple good reasons to never insert a floppy, but because everybody wanted to share files anyways the game was on for all sorts of evil computer things. Anti-virus programs were developed by a variety of companies like “central point software” and “IBM” that users would install on their computers in hopes of protecting themselves. Today that is still a nice thought but unfortunately, it falls short of the multiple reasons it was bad to insert a floppy disk.

Since the beginning of computers the policy has been to never insert a floppy or run an unknown program.

There was another reason not to insert that floppy besides the very possible and automatic virus threat, and that was the programs that resided on it. Unless you purchased the software package in brand new condition from your local store, there was no way to know if someone installed “a virus” on it. In those days before the internet, computer programs were distributed via a network of “Interactive Media Companies” that allowed users to both upload and download programs. Now only your virus scanner could save you, but since a program that preformed an evil task wasn’t a virus, they could get through.

Today’s Cyber Security is even more complicated, Your computer has never been targeted more than ever in the history of computers.

A new era of lawmaking and defending intellectual property rights ushered in a variety of problems that resulted in the creation of multiple “VPN” services that use an optional traffic management feature that was outside of the original design goals of “Virtual Private Network” technologies, but later created per the demand for it. These new VPN services initially became popular because they offered privacy and protection from Law Enforcement and the RIAA, both of which were in the business of making court dates for American citizens for various reasons, none of which a law-abiding citizen would ever need to worry about.

VPN to the rescue!

The “VPN” services did a couple of things to protect “the Americans” and help them gamble, download music, porn, and hide whatever else it was they wanted to do in fear of being caught. All of them based themselves outside of the United States and in places where the United States could not subpoena the companies logs. As if that wasn’t good enough they like to say that they don’t log anything.

My favorite is the company that displays their configuration file logging section set to none.

Logging is something programs do for various reasons including logins, warnings, errors, and debugging. In general, these are single lines of text that include various pieces of information depending on the event that generated the log entry. Log files can grow to huge sizes and usually require the need to be rotated as they grow larger then they can be reasonably managed. This presents a problem in that the program often needs to be restarted or reloaded in order to empty the log file and start fresh. Most programs do this once a day. In the case of a running VPN for literally thousands of connections and users, this could result in dropped connections and angry customers and so it becomes important to shut logging off and skip the log rotation altogether.

If you are not monitoring your network your hacker bait.

The problem then becomes how to monitor the server for attacks and other abuse that could cause degraded services for the customers. There are several ways to monitor this mostly including login log’s but without those logs, the administrator is left looking at the network traffic using traffic monitoring programs. These programs TAP the only network interface and listen for “failure” messages and might be followed by a response to block the offender(s).

At this point, the actual traffic has not been mentioned. That’s because a log entry only supplies a tiny bit of information. basically, time, IP, and maybe destination and not things like the username and password used to login to a website with. The “VPN service” might get log entries of what URLs your computer requested but not the details you want to protect. The bad news is that there are plausible ways to work around this.

The complete solution is to install a “TAP” on the network connection to process and optionally record everything passing through for future processing.

There are a variety of ways to do this and most of them are as old as the Internet itself. Without going into all the different programs that network and system administrators, cybersecurity threat hunters, and the kid’s in-school use, there is a complete distribution that showcases all the basic programs used to investigate network traffic. This distribution is called the Security Onion and it has nothing to do with the Tor network. The Security Onion can be found here. The programs contained in this system allow for the recording of all traffic passing by its sensor exactly as it happened, such that a person can recreate and examine exactly what happened and so on. These types of programs don’t make log’s they make records in databases. Little fun with words huh?

It’s important to note here that monitoring and recording network traffic is an accepted best practice for businesses that need the ability to evaluate cyber incidents, protect their network, or just want to maintain a record of all transactions for future processing. This is a normal thing to do when needed.

With every bit and byte that you sent, things like usernames and passwords can be sniffed as well as everything you did online.

Network sniffing is not new, and now that we have a way to record the network traffic there are multiple ways to replay that traffic and sniff it for things like usernames, passwords, and URLs they were used at. This presented all of us with a new problem and the answer would be SSL or https webpages that would encrypt our data using our top-secret private key on our devices and hide our data from anybody sniffing the network connection. You always want to protect your computer’s private keys just like your car or house keys.

Information is king and the data broker is born. They want your data to sell, over and over…

As the userbase of the Internet grew to nearly every man, woman, child, and light bulb, the need to manage and sell them products also grew. Advertizers and the media needed to know not just the traffic to their website, but the age, sex, location, and everything else they can find out. This lead to the creation of Data Brokers who keep track of all the “likes” and “follows” and have defined who we are to marking companies and media groups. This can also affect anything from our pricing on websites to our ability to post and be seen in various online forums, or even our ability to hire a brick and mortar services like apartments, contractors, lawyers, and sales agents.

Because of the DMCA, Americans are not allowed to disassemble and evaluate applications for security problems. Americans can only speak about what is plausible from their perspective of a professional security consultant and are not allowed to review commonly available technology. with that, this entire document is “in my opinion”.

SSL certainly does make things more difficult but not impossible to read all the user’s traffic. Suffice it to say that if you installed a VPN package it becomes plausible that your private key was taken, an additional one installed, and every bit and byte of your data can be decrypted. This can be a standard practice to improve network quality for a group of users, to record their activities, or even done maliciously. We don’t know and we aren’t allowed to look because of the DMCA.

The worst-case scenario is if a user signed up to a “VPN” service without using an install package and then later used the install package. The package plausibly could retrieve the user’s private keys, and send them to the “VPN” company in order to process the user’s previous traffic. At the same time, they could have installed their own “Certificate Authority” which allows them to proxy all your SSL requests.

While this is a legitimate thing to do when setting up a proxy for a large service, it would also give the “VPN” service the ability to database all the user’s network traffic and process it in realtime. Unfortunately, it has the effect of allowing the “VPN” service to make SSL sites look secure when in fact they are not. It’s also important to note that the private key used to create the VPN connection in the first place, can also decrypt it as well, and the “VPN” service needs to save and protect this key so they can add new users, thus leaving yet another problematic issue for the user.

Don’t install programs from the internet expecting anything but malware, viruses, trojans, and the loss of something.

The first thing we learned was not to insert a floppy into a computer without expecting a problem. Today the problems are attacking us from all directions. It doesn’t matter if it’s a CDROM, a keyboard, a USB drive, or even a light bulb, these devices can contain malicious code. With the power of the internet, we have access to downloadable programs for all our likes and needs, and very little of it is reviewed, and even less safe for our security. just say no.

Using a VPN with a firewall that includes threat protection is still a very important thing to do for internet security

These days just surfing the internet can be dangerous even on big-name sites. Things like advertising can be a popular place for bad guys to inject code that reaches your browser is just one of the many examples that call for a need to reduce your exposure to evil third party websites. There have been many unsafe and unpopular solutions that have tried to address this problem but the answer is the same as it was in the beginning.

If you are a law-abiding citizen that just wants to protect themselves from bad actors there are some basic things you should be doing. Firewalls that respond to potential threats should be installed wherever you use your devices. If you are going to be using WIFI then you will want to avoid WIFI attacks by using a VPN. Your endpoint can be as easy as your local router, or to reduce information selling by your Internet Service Provider, a local data center, and not “the cloud”.

One Avenue VPN systems include firewall and threat protection.

We monitor our networks and collect data as needed towards the goal of network and customer protection. We do not maintain any form of logs/records long term, nor do we sell any customer data. In general, our monitoring is 24×7 with zero long term retention time.

%d bloggers like this: