Using The Norton VPN on my Phone: A Dumb Question

[skelders]

I went to open a game on my Galaxy S7 Edge when I got a pop up from Norton mobile security about my network not being secure. It was on about an "attacker" getting into SSL decryption, and to add extra security to my network.

Before I go any further, I honestly think it was a marketing ploy. But I fell for it, and downloaded the Norton Network Security app which is basically just a VPN from the looks of it. I started the 7 day trial and at $30 a year, I might keep it.

But I have a question: If I have this Norton VPN on my phone, will it protect my entire network? Or should I get a separate VPN on my desktop and ditch the Norton one on my phone?

Sorry if this is a dumb question. I'm extremely new to advanced networking and VPNs. I just wanted to ask around and see what the general opinion was.

Edit: Also, are VPNs a good security measure as Norton claimed? Or is it unnecessary for security threats? As far as I knew, VPNs were mostly for covering your tracks as far as what websites you've been to or what you've been downloading.

 

[bill001g]

VPN is a better than using a public connection without any security but it is not that insecure.

Most vpn uses what is called openvpn it is based on SSL security. So if what they say that SSL is insecure is true then openvpn is also insecure so VPN does not solve the problem.

VPN also does not actually solve the problem of interception. The data must still enter the internet at the VPN data center and then flow over the internet the rest of the way. Someone could in theory intercept the data after it leaves the vpn.

If SSL was exploitable you would hear massive news reports, the banking industry would almost be shut down since that is how everyone access the bank network. HTTPS (ie ssl) is in a way a form of vpn, it is designed to encrypt your traffic all the way from your pc to the end server. It is much better than any form of vpn because your data is protected between the 2 end points.


There is only 1 known exploit of SSL and that involves creating fake certificate servers. All browser are designed to detect this attempt and produce messages. Someone would both have to install a fake certificate server and compromise all the different browser software on the end machines.

This sounds like fake scare messages to con you into buying a program. You really only need to use a vpn to protect your data if you are using a open public hotspot and even then if you only use sites that use HTTPS your data is secure.

 

[skelders]

VPN is a better than using a public connection without any security but it is not that insecure.

Most vpn uses what is called openvpn it is based on SSL security. So if what they say that SSL is insecure is true then openvpn is also insecure so VPN does not solve the problem.

VPN also does not actually solve the problem of interception. The data must still enter the internet at the VPN data center and then flow over the internet the rest of the way. Someone could in theory intercept the data after it leaves the vpn.

If SSL was exploitable you would hear massive news reports, the banking industry would almost be shut down since that is how everyone access the bank network. HTTPS (ie ssl) is in a way a form of vpn, it is designed to encrypt your traffic all the way from your pc to the end server. It is much better than any form of vpn because your data is protected between the 2 end points.


There is only 1 known exploit of SSL and that involves creating fake certificate servers. All browser are designed to detect this attempt and produce messages. Someone would both have to install a fake certificate server and compromise all the different browser software on the end machines.

This sounds like fake scare messages to con you into buying a program. You really only need to use a vpn to protect your data if you are using a open public hotspot and even then if you only use sites that use HTTPS your data is secure.

Thank you for this information. I suspected the prompt might have been a tactic to try to get me to buy Norton's vpn service. The other information is helpful as well. The fact that SSL is secure in itself makes sense - if there was a major exploit it would be everywhere.

I'm also not using a public hotspot. I have my own private, password protected network. One thing I notice though is that my router isn't on an HTTPS connection. When I go to log in (which I effectively locked myself out...time for a factory reset D, it clearly has the lock with the red slash, and no "S" in the "HTTP". Is that normal?

Thanks again.

 

[bill001g]

Although some routers have https it is hard to accomplish. The router itself needs a certificate. This must be verified by a internet based certificate server. Problem is when you are setting a router up you likely do not have internet access so you can't verify the certificates. They can use self signed certificates but many browsers will flag this as insecure.

The WPA encryption on the wifi is as strong if not stronger than SSL so you really don't have to worry about traffic inside your lan. The one common exploit in home wifi is the feature called WPS. This is on by default on some routers and can easily be cracked. It is a feature for lazy people that do not want to key in the wifi password. Years ago this exploit was discovered and they did some minor stuff to make it a little harder to hack but it just extends the time to crack it to hours rather than seconds. Make sure the WPS feature is disabled on your router.