Simple way of demonstrating that a VPN is working, that is easy for novices to understand/comprehend?

2

I am developing a Linux-based security appliance. One of its functions is to cloak a user's traffic within a VPN, and I need a simple way of demonstrating that this function is working properly, and more importantly, to demonstrate why a user would need this type of protection (to prevent eavesdropping, man in the middle attacks, etc.)

At first I thought that Firesheep would make an excellent demonstration. If a user were to see his/her Facebook, Twitter, etc. account come up in a Firesheep scan as he/she uses the internet sans my security product, this is something he/she could instantly recognize; also, when I (pretending to be the attacker) hijack their identity, read and post on their wall, etc., this makes for a very impactful demonstration. (Note: I would be using my own "pretend" Facebook account when giving live demos, I would never actually compromise an actual user's account) However, as more and more sites enforce always-on HTTPS, this is becoming less and less effective. (Good for security in general, bad for this type of demonstration!)

My only other thought was to run Wireshark and do packet captures. Unfortunately while more advanced users would easily understand this, I fear that a novice would find it very confusing, even if I were to explain what's going on in great detail. Also, it is unrealistic to expect a novice/less advanced user to be able to do this on their own.

Any thoughts/ideas?

Donald Burr

Posted 2014-01-31T02:00:37.177

Reputation: 603

Answers

2

Seems like you have two questions:

  1. How to demonstrate that the VPN is working:

    Without the VPN, go to http://www.whatismyip.com/ (or similar) and look at the public IP, etc. This is best done on a network connection where the global GeoIP databases are pretty accurate about the actual location. If one site doesn't provide a very accurate location, try another dedicated GeoIP lookup service with your public IP after querying it.

    Then, with the VPN (ideally the VPN would be installed in another geographical location), do the same procedure and show them how the GeoIP thinks they're in a different location and have a different public IP address. You may want to record both the original and the VPN IP in Notepad and compare them directly to show that they aren't even similar at all (if they happen to be similar, like if you're giving a demo in the datacenter where your VPN is hosted, explain why that is to the customer.)

  2. How to show them what would happen if they got MITM'ed:

    You could write a simplistic HTTP (no SSL/TLS) web app with a simple registration and login screen, and host it on the computer where you give the demo, on localhost. Then, let the user make an account, then use Firesheep when they login.

    General process: ask user to register an account and use a non-valuable password (don't perform any password quality checks), then close the browser and reopen "to make sure nothing gets cached" (techies may not think it's necessary, but it will convince new users, trust me), then ask them to login, while MITMing them using Firesheep or Fiddler or similar.

Separately from all this, it's probably worth pointing out (to the customer, and to remind yourself) that MITM and IP decloaking are still possible even with a VPN up. It creates a layer of indirection that complicates and frustrates attempts to de-anonymize a user, but it's pretty ineffective at its goal when pitted against Advanced Persistent Threats (chiefly among them, government intelligence agencies, and organized crime).

allquixotic

Posted 2014-01-31T02:00:37.177

Reputation: 32 256

Asked: 2014-01-31T02:00:37.177

Viewed: 129 times

Active: 2014-01-31T02:14:57.037