Replies

"My husband does both. He’s not convinced VPN traffic is secure.

He’s got 20 years in network business and sets up comm networks for big customers for a living."

He's most likely great at securing systems himself, but there's not much that anyone can do to secure systems very well for that kind of client. Such clients tend to defeat good security.

Operating systems and user software in the offices of most big clients are full of holes--not often audited or patched, and not by many. With weak servers and workstations, employees download and install viruses. So-called techs. in some companies reinstall whole images as a terrible solution. I've seen it first hand, too. :-)

For the purpose of this discussion (privacy in communications), there are generally two kinds of VPNs. He'll know the difference. Secure operating systems, workstations/terminals and behaviors are even more important. Without those security measures closer to home, relatively secure firewalls and VPNs can't do it all.

No one has consistently cracked 256-bit AES, yet (only one example of several), and that's not going to happen for at least a little while (not even with exaFLOPS of throughput). Some mathematicians have found methods that might speed cracking strong encryption up a little (often over-hyped with implications of practical cracks), but no practical cracks, yet.

And the other weakest link to secure is the operating system and user software in front of us. A system like NetBSD is a good choice--or OpenBSD for dummies (secure by default if not messed up by the user). Some Linux systems are okay but a little weak in some ways (kernel implementation, not isolated enough, some code elements, etc.). Weaknesses in browsers must also be avoided (Flash, scripts, unwise browsing itself, etc.).

Contrary to recent, hyperbolic articles about national defense intelligence (mostly very clean cut), local public corruption here and there and other criminals are the main concerns of most Internet users.