PPTP VPN or SSL anonymizer?

[billpritjr]

I am looking to use either HotSpot VPN (PPTP based) or Megaproxy VPN
(SSL based) for internet surfing at hotspots and also VOIP over Wi-Fi.

Could someone please comments on the pros/cons of each and which offers
better overall security?

I am planning on using a USB VOIP phone for connection to my laptop
while I am on business travel. Hotels and coffee shops will be my
primary locations, to include free hot spots when available.

The advantages of being able to talk nationwide at low cost is very
appealing, however I need fairly secure communications for discussing
client and patient issues, in private.

What should I do to ensure "bulletproof" security? I mean
anti-eavesdropping but also security of my laptop itself.

I currently surf hotspots via Wi-Fi with the following procedures

- Sygate Firewall active at all times
- AntiVirus software active at all times
- VPN, HotSpotVPN, used at all times
- File Sharing, Print Sharing turned off

** My VPN assigns a new IP to my computer...if I ran the VPN thru an
anonymous proxy server, would that help or hurt security? Is it true
that VOIP behind a VPN is pretty much 100% secure? (aside from Big
Brother, which is not my concern anyway).

Thanks for your help and Happy New Year

Again, the goals are anti-eavesdropping, computer security, and overall
unable-to-identify-me-via-IP/other capability.

thanks

[MichaelS]

I've heard that PPTP isn't very secure from a few sources...I can't say much about SSL-based VPNs, because quite honestly, I haven't researched them.

I think your other options are to use an L2TP-based solution (secure), or you could do something similar using SSH2.

When I was in College using the wireless, I was in a similar situation.. maybe a bit worse since it was a campus dedicated to Computer Studies. Anyway, what I did was create a proxy server at home, and used SSH2 to tunnel all my web traffic to the proxy server at home. This worked great as it gave me 256-bit encryption, the only downside was a bit of lag, which may not be acceptable with your VOIP phone depending on how much bandwidth/CPU/memory you have. Just a note, this would only work for HTTP and HTTPS traffic, some VOIP's allow you to use proxy servers, so you have to check if its using HTTP or SOCKS.

Hope this helps

P.S. The rig that I did sounds scary, but its quite easy/painless to setup -- the only thing is that the 'server' would have to be a Linux box, which some aren't comfortable working with.

[mbossman2]

if your VPN encryption is taking place on the PC (via a VPN IPSec/AES client) then it is encrypted even before it hits the wire (or airwaves). While it is possible that someone could crack your VPN Encryption (given enough time, resources and large enough data sample), it is far more likely that they will eavesdrop on your conversation with the old Ear MkI.

I do what you are talking about quite often for business travel and my company (Fortune 500 networking company) has no problems with this (and in fact uses your exact example: VoIP with PC over an encrypted VPN as an example of the power of the mobile office).

I do recommend straight encrypted VPN in this case (client based NOT clientless like SSL) as the overhead in the client technique is substantially less than the clientless technique and this will be reflected in superior voice quality (less jitter and breakup).

[Airmack]

sorry to crap but is pptp like l2tp? just diff standard?