NordVPN or similar VPN question...

[thecomputerguy]

A client wants to protect their usage while on the road using her phone or mobile hotspot as a hotspot and she also wants additional security in her office.

I know that a VPN like Nord will reroute the data as it leaves their network to the VPN server and back but my question is will a VPN also protect data internally?

As in if she were connected to a public WiFi network, and turned the VPN on, would another device (theoretically) on the same network be able to sniff packets on their way out of the public WiFi?

Or is the only way to protect her from sniffing to only use her hotspot and never use public WiFi?

 

[Markverhyden]

Depends on what the desired protection is. What exactly is she trying to hide and from who?

 

[thecomputerguy]

Depends on what the desired protection is. What exactly is she trying to hide and from who?

Mostly financial/banking and insurance data (she works in personal insurance) and she want's it hidden from everyone.

 

[Sky-Knight]

3rd Party VPN services do nothing to address that concern.

 

[Moltuae]

I know that a VPN like Nord will reroute the data as it leaves their network to the VPN server and back but my question is will a VPN also protect data internally?

As in if she were connected to a public WiFi network, and turned the VPN on, would another device (theoretically) on the same network be able to sniff packets on their way out of the public WiFi?

I'm not sure if I'm understanding the question. Are we talking about internal/private networks or public WiFi, or both?

If she's connected to the internet via a public WiFi connection (and so, presumably, off-site somewhere) and connecting back to the office via a point-to-point VPN, then yes, the data is encrypted/protected, but only as far as the internal network (or, more specifically, only as far as the VPN server/router back at the office that is providing the VPN connection). To isolate her data on internal networks a VLAN would probably be the way to go.

I'm not familiar with Nord but as a general rule, any VPN will only protect the data between the VPN client and the VPN server, in this case only as far as the provider's (Nord's) servers. From that point on, the data is unprotected unless it was encrypted beforehand. With any third party VPN provider, there is also a question of trust since the service provider has access to the data.

 

[ComputerRepairTech]

A client wants to protect their usage while on the road using her phone or mobile hotspot as a hotspot and she also wants additional security in her office.

if shes using data shes fine without a vpn, shes still fine connected to her hotspot as long as others arent connected to that same hotspot.

As in if she were connected to a public WiFi network, and turned the VPN on, would another device (theoretically) on the same network be able to sniff packets on their way out of the public WiFi?

You did say in theory so in theory yes they can sniff packets but they can't do anything with the information since its encrypted.

 

[nerd2u]

Is her hard drive encrypted? If it's not start there.

Sent from my SM-G870W using Tapatalk

 

[Markverhyden]

Mostly financial/banking and insurance data (she works in personal insurance) and she want's it hidden from everyone.

To start you need to get a handle on her work flow.

Is she using services via web or via a db client? These days though it's kind of moot. All the websites will be https and the vast majority can or will require 2FA. They'll also probably be setup so that 3 failed logins will lock the account. Almost all of the DB's will also operate over a web client based as well. Citrix, etc web is used as well.

Using guest wifi is usually secure these days, everyone is individually VLAN'd so to speak. At least if they're using one from a reputable company, like Starbucks, DD, Panera and so on. A personal hotspot will be similarly configured.

All VPN does is encrypt from the source to the VPN server. The original intent is the company hosts their own VPN so it encrypted from the source to the VPN server, which is on prem, which then allows access to services that are also on prem.. Using a 3rd party VPN, like NORD, only does one thing. It hides the originating IP from the destination. So that's of little use.

There's other things that are far more important.

1. Credentials. Does she reuse passwords from other sites?
2. As @nerd2u mentioned FDE.
3. Does she have anti-malware plugins for her browser? I'd be wanting to include something more aggressive like noscript.
4. Is her anti-malware solution managed?
5. Is her laptop managed? As in some kind of client to notify when things are working properly.