Travel router security without VPN?
Hi, I understand the benefits of using a travel router to share connections where you might pay/connection. I understand using a VPN to get around geographic limitations.
But is there any security benefit to using a travel router WITHOUT a VPN, say in a hotel or coffee shop? This is where I get confused. Are they only helping protect me from other people (not the hotel operators or coffee shop owners, who, let's say we trust) if and only if I am also using a VPN? So as far as security --- does a travel router with no VPN = connecting to public or hotel wifi directly? Thanks |
There is no security impact on using your own router vs connecting to the underlying wifi/ethernet directly.
Your browsing and transactions are secured either way using TLS (addresses that start with https). That's the important thing. |
So if I connect my laptop to the hotel wifi, there's no (security) benefit of using a router in-between the connection, unless I also use a VPN?
|
Originally Posted by InfrequentFlyer
(Post 31234717)
So if I connect my laptop to the hotel wifi, there's no (security) benefit of using a router in-between the connection, unless I also use a VPN?
|
thank you for the courteous reply. i already bought a little travel router and just signed up for a free VPN to try it out the next time we go on vacation.. if nothing else, it will make connecting our 2-4 devices easier, and give me a project to learn about..
|
Wouldn't there be some NAT advantage, keeping other users on the same WiFi from seeing your devices? Not talking about sniffing traffic, more about poking at any ports that might be open.
|
Originally Posted by Qwkynuf
(Post 31236246)
Wouldn't there be some NAT advantage, keeping other users on the same WiFi from seeing your devices? Not talking about sniffing traffic, more about poking at any ports that might be open.
|
Originally Posted by InfrequentFlyer
(Post 31234717)
So if I connect my laptop to the hotel wifi, there's no (security) benefit of using a router in-between the connection, unless I also use a VPN?
No real security benefit though. If a site uses HTTPS you are protected regardless of who listens. VPNs can be helpful in some cases, but if you don't think anyone is targetting you specifically it's probably sufficient to install the HTTPS Everywhere extension. (It makes sure sites like Gmail and FT that use FT won't fall back to plain, unencrypted HTTP). Personally I choose to use a VPN when travelling, since so many sites (even ones you'd think are important) either don't use HTTPS, or have "mixed content". It's also hard to tell sometimes if a certificate error is due to an improperly configured captive portal (the thing you click "I agree to the TOS" or log in on), or a malicious attack.
Originally Posted by gfunkdave
(Post 31237598)
Sure, but tablets/phones/PCs these days default to having their firewalls block everything anyway. Also the network engineer in me is forced to say that NAT isn't intended as a security feature. The main issue is people either sniffing unencrypted traffic or tracking what you're doing. But with how pervasive TLS is becoming, that becomes less and less possible.
Metadata can give a lot of information, so I choose not to :) |
Originally Posted by Castoreum
(Post 31239107)
"Travel routers" use 4G, same tech as a cell phone, not the wifi.
Originally Posted by Castoreum
(Post 31239107)
No real security benefit though. If a site uses HTTPS you are protected regardless of who listens.
HTTPS Everywhere certainly helps with this problem, as do new things like HSTS (which forces your browser to always use HTTPS for specific sites automatically, without HTTP Everywhere), but for the average person it's still far too easy to have your traffic going somewhere other than where you're expecting and not realize it... |
Originally Posted by Castoreum
(Post 31239107)
It's also hard to tell sometimes if a certificate error is due to an improperly configured captive portal (the thing you click "I agree to the TOS" or log in on), or a malicious attack.
I should probably plug "NeverSSL" here- as it eponymously states, it doesn't use SSL so it's perfect for being the first site you open after connecting to a captive-portal network to bring up the TOS page (if any). |
All times are GMT -6. The time now is 12:54 pm. |
This site is owned, operated, and maintained by MH Sub I, LLC dba Internet Brands. Copyright © 2024 MH Sub I, LLC dba Internet Brands. All rights reserved. Designated trademarks are the property of their respective owners.