Wi-Fi protection using HTTPS or VPN

If am using an unsecured Wi-Fi (no WPA2, etc) and there is no trust for the wireless access point, does say using HTTPS really help to protect the transmission between  my client and a web server?  I am considering a hypotheical in which the wireless access point may be monitored.  So if an attacker has access to the frames, does SSL still protect my transmission?

Or would the best thing be to use VPN?  I understand some VPN options are SSL but some are PPTP, etc. I am trying to determine.



Thanks
LVL 1
banjo1960Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

notadogCommented:
HTTPS is better than nothing without question. If your certs are set up properly then you have a secure end-to-end connection between your machine and the https server - someone on the access point can see your traffic go by but can't read it.

As you point out, a lot of VPNs use SSL to encrypt the traffic so if you can't trust a secured session between your computer and a remote SSL server you can't trust a SSL-based VPN either. The case for PPTP is very similar. At least while using a VPN, though, the traffic originates from your trusted / monitored network, not from the access point, so if your destination server isn't set up properly (say, they don't encrypt parts of the site because it slows things down too much), that unencrypted traffic isn't seen at the access point.
AnuroopsunddCommented:
There is some confusion here in the question so i am listing few things here.
Wireless authentication are different then VPN.
you can tighten secuirty of wireless by having WPA2 with MAC address authentication and certificates.
VPN is a solution to connect to remote site for secure channel.
Website can  be configured with SSL for secure channel between Client and the server.
andrew1812Commented:
If you use HTTPS , the data corresponding to your HTTPS communication would be encrypted. Even if an attacker capture the frames, data cannot be read as it would be encrypted data inside the frames. But the problem is this is applicable only for HTTPS communication. If you use other protocols apart from HTTPS like FTP, Telnet, the data would not be encrypted and can be eavesdropped.  

If you use a VPN , the entire packet would be encrypted , irrespective of the application layer protocol you use. So in your sceanrio where you do not have any security on the AP , a VPN would be a better option compared with HTTPS. ( PPTP)

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
banjo1960Author Commented:
Thanks for the information.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Encryption

From novice to tech pro — start learning today.