By Nicholas Greene
Earlier this week, I wrote about the importance of using VPNs at trade shows. Building on that, I wanted to expand on VPN implementations. Firstly, like anything else, VPN implementations aren’t perfect. A VPN tends to leave more traffic exposed than WEP, WPA, and WPA2, so preventing data leakage before launching the tunnel can be an exercise in futility. Roaming between IP subnets can break through your tunnels, and VPNs tend to be more than a little picky when it comes to how networks are laid out. Thankfully, all of those concerns are quite simple to address.
First up, don’t connect to a network that isn’t encrypted in some fashion. At Black Hat or Interop, this shouldn’t be a problem- their access points are encrypted by default. Second, if you’re enterprise, combine your VPN solution with endpoint security. As mobility is concerned; again, it shouldn’t be an issue with the larger tech conferences. Most of them are likely to implement subnet roaming capabilities into their access points- they’re designed to be VPN friendly.
Finally, don’t assume a VPN implementation means you’re completely protected- unencrypted data is just one of the many threats facing users at these events. Setting up a dummy network with an SSID that appears valid is one of the most common attack methods at Black Hat. Even though organizers have implemented security to counteract this method, that doesn’t mean you shouldn’t still be on guard.
If all else fails, it might be worth looking into setting up your own dedicated Wi-Fi, and running the VPN through that. At the end of the day, network security can only go so far. Though the right VPN/endpoint security implementation is a great tool for protecting your data, you’ve got to do your part, too. Don’t assume that, simply because you have a secure network, you’re protected from theft- that is, after all, what the thieves are counting on.