Using VPN to Avoid Packet Sniffing

Last week on the free ware review, I wrote about the simplicity of packet sniffing and analyzing with Ethereal. I revealed how easy it was for anyone to tap sensitive data like login information, credit card numbers, social security number, and mission-critical emails traveling on the network. As promised, I will reveal how to actually prevent packet-sniffing software from reading your sensitive data.

As I previously explained, packet analysis passively listens into a network and then extracts the important data, which is usually in plain text. The key to hampering packet analysis is encrypting that data sent on the network so that it is not read in plain text. The encrypted data that packet analyzers gather is pretty useless without an encryption key. While it is possible for crackers to obtain the key, encryption makes the process a lot longer (and sometimes nearly impossible). There are a couple common ways to do this.

Manual File or Email Encryption
While this is the simplest way to avoid data theft, in the long run, it can also be the most tedious. Basically, every email message and every attachment sent is encrypted with PGP (Pretty Good Privacy) algorithms.

Pros
Not Really Any

Cons

Both the sender and the receiver need to agree on the same encryption key and have the same special software to unlock the data.

This only works with data chunks like email and files. Regular web browsing and login information is still done in plaintext.

SSL (HTTPS)
On some websites like Yahoo! and eBay, there is a function that allows you to “securely” login. In the URL address bar, if you see “https” instead of “http,” you’re in good shape. But most of the time, this is only available in financial sites.

Pros

Streamlined so that you don’t even notice it is working.

All modern browsers support it.

Cons
This usually only applies to the HTTP (port 80) protocol. This will not work with any other protocol like FTP, Instant Messaging, and Email.

Remote Computing
Usually, remote computing incorporates a layer of encryption. Remote computing includes programs that utilize the VNC (Virtual Network Computing) Protocol or the RDP (Remote Desktop Protocol).

Pros
You keep the actual files on a server. You never send the complete data over the public network.

Cons

This can become very slow

Requires a computer at home to be always on

VPN
Virtual Private Networking is my favorite and recommended method of obfuscating data theft. Basically, it creates an encrypted virtual network connection from your computer to your server. Pretend you connect to your VPN from a public network. All information that you access on the Internet is encrypted as it is sent to your home network first. There, the server decrypts that data then sends it across the Internet. Therefore, nobody in the public network can see what you are doing since it is all encrypted. VPN works sort of like a seamless proxy server.

Pros
Seamless integration with all programs
If coupled with any of the methods above, you achieve at least double encryption.

Cons

Your network download speed is capped by the upload speed of your home network gateway.

Requires a computer at home to be always on

Requires a bit of configuration

Windows XP PPTP VPN Setup
I regularly use the public networks at the library, school, hotels, and Starbucks. I’ve found that in the long run, the most convenient and secure method of packet sniffing circumvention is virtual private networking. It is really easy to set it up in Windows as well!

VPN Server

1. Go to “Network Connections” in the “Control Panel.”

    

   

2. “Create a new connection” with the “Network Connection Wizard.”
3. “Set up an advanced connection.”
4. ‘”Accept Incoming Connections.”
5. Skip “Devices for Incoming Connections.”
6. “Allow virtual private connections.”

   

7. Then, select which accounts will be able to remotely connect to the VPN. On this step, I just create a specific account just for VPN with no privileges.
8. For “Networking Software,” make sure that “Internet Protocol (TCP/IP)” is selected. I would also include “File and Printer Sharing for Microsoft Networks” but that’s just me.
9. If the server is behind a firewall and/or router, port mapping/forwarding and port opening must be enabled. The Windows XP VPN software uses point-to-point-tunneling protocol. PPTP requires port 1723 and PPTP pass-through routing.

VPN Client

1. Go to “Network Connections” in the “Control Panel.”
2. “Create a new connection” with the “Network Connection Wizard.”
3. Select “Connect to my network at my workplace.”
4. Select “Virtual Private Network connection.”
5. “Do not dial the initial connection.”
6. Input the IP address or host name of the server computer.
7. “Do not use my smart card.”
8. After you finish the wizard, double-click the new VPN connection.
9. Enter your username and password and connect.

Other Resources

If these directions don’t work out for you, check out these three more comprehensive resources. Imagine, one of them is actually from Microsoft! Windows XP VPN Server
How To Install and Configure a Virtual Private Network Server Configure a VPN Connection Using Windows XP.

Windows XP VPN Server
How To Install and Configure a Virtual Private Network Server
Configure a VPN Connection Using Windows XP