VPN

What is VPN (Virtual Private Network)?

Can it replace iTunes Match?  Not really. If you trick Bonjour into finding things across the vpn you could possibly get home sharing to work. And these tricks usually only work for OSX not iOS. You are better off getting one of the Seagate's Wireless Plus drives as seen at macworld and just take it with you. Though that won’t work for iTunes DRM content like video.

Scoping of what you want to protect:

  1. Just remote access to home?
  2. Securing your traffic on public networks?

What are the risks of open wi-fi?

  1. Is there any activity that is “safe”?
  1. Ones that don’t involve money or your identity.
  1. If I connect via SSL, aren’t I protected?
  1. SSL protects against eavesdropping, but if they can get you to accept a fake SSL certificate or if your system trusts it...
  2. And what if you assume it is SSL protected and they didn't implement it properly. IE Apple and the App store that they recently fixed.
  1. Does turning on my Firewall help protect me on the LAN
  1. System Preferences > Security > Firewall
  1. Sure that helps protect your system but not your traffic.
  2. Also make sure to kill itunes, file and screen sharing. At minimum you are advertising your name by default. (mentioned this in my tips in next section)

Basic open hotspot tips

  1. You’re in public assume the info you’re sending and receiving is public too. Someone simply glancing over an looking at your screen is “stealing” data.
  2. Know you’re connecting to the right hotspot. Hopefully the location provides a password and hotspot name (even then be careful). Opt-in or TOS screens when you connect too are a good sign, but don’t ensue security.
  1. You could turn off auto join for known networks. Or force forget them.
  1. Disable all sharing before connecting
  1. System Preferences > Sharing
  2. iPhoto > Preferences > Sharing
  3. iTunes > Preferences > Sharing
  4. Toggle Settings Apple Script: http://www.georgestarcher.com/?p=374 
  1. Don’t use personally identifying info in your machine/network name.
  1. System Preferences > Sharing > Computer Name
  1. Be aware of your surroundings and trust your instincts. Also watch your browser info, etc. Make sure the status bar is on in Safari View > Show Status Bar and watch your URLs

More secure options

Home options:

OSX Server- http://typicalmacuser.com/wordpress/2012/01/07/tmup-252-lion-from-scratch-auto-save-versions-and-lion-server-vpn-setup/

VPN Server Configurator for Mac OS X 10.5 - 10.8, http://www.greenworldsoft.com/product-vpn-server-help.html

  1. Add GUI configuration for the OS X "vpnd" daemon

Back to my mac.  Sometimes it works.

OpenVPN (ssl based and not iOS friendly)

        http://openvpn.net/index.php/open-source.html

        can install on OSX

Linux based: Run in a VM or an old PC for switchers with those still around.

pfSense firewall (very much a network geek solution but iOS friendly)

        http://www.pfsense.org/

Untangle firewall (http://hak5.org/episodes/hak5-1405)

        http://www.untangle.com/

Non VPN options that offer remote control: Logmein, Air Login

Non VPN option that offer file access: Dropbox, Transporter

Easy to use for iOS and OSX Commercial options:

https://www.getcloak.com/

($8/$15 month) Whom do you trust?

Makes a iOS profile file you just tap to add the settings to your iDevice. Very easy setup.

($4.99/month or $29.95/year)

http://www.hotspotshield.com/

Free with ads. Also supports non Apple OS systems.

Personally I’d go with getcloak. They are more active in the Apple community.

One other option. If you are a student or a higher ed employee it is likely you have existing VPN access back to your University at no additional cost and support for devices is extensive.

Using a Personal Hotspot

Am I safer running my own connection through my mobile phone?

        For the most part yes. But it is not impossible to fake cellular towers now. The police are doing it and gathering more information than just the “bad guys.” And bad guys can do it for minimal investment. This is why I kill bluetooth, wifi and only flip on cell service in brief periods when at security conventions. It’s a juicier target than just chance encounter with someone setup for that in a public venue like a Starbucks.