• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 425
  • Last Modified:

Wi-Fi protection using HTTPS or VPN

If am using an unsecured Wi-Fi (no WPA2, etc) and there is no trust for the wireless access point, does say using HTTPS really help to protect the transmission between  my client and a web server?  I am considering a hypotheical in which the wireless access point may be monitored.  So if an attacker has access to the frames, does SSL still protect my transmission?

Or would the best thing be to use VPN?  I understand some VPN options are SSL but some are PPTP, etc. I am trying to determine.

2 Solutions
HTTPS is better than nothing without question. If your certs are set up properly then you have a secure end-to-end connection between your machine and the https server - someone on the access point can see your traffic go by but can't read it.

As you point out, a lot of VPNs use SSL to encrypt the traffic so if you can't trust a secured session between your computer and a remote SSL server you can't trust a SSL-based VPN either. The case for PPTP is very similar. At least while using a VPN, though, the traffic originates from your trusted / monitored network, not from the access point, so if your destination server isn't set up properly (say, they don't encrypt parts of the site because it slows things down too much), that unencrypted traffic isn't seen at the access point.
There is some confusion here in the question so i am listing few things here.
Wireless authentication are different then VPN.
you can tighten secuirty of wireless by having WPA2 with MAC address authentication and certificates.
VPN is a solution to connect to remote site for secure channel.
Website can  be configured with SSL for secure channel between Client and the server.
If you use HTTPS , the data corresponding to your HTTPS communication would be encrypted. Even if an attacker capture the frames, data cannot be read as it would be encrypted data inside the frames. But the problem is this is applicable only for HTTPS communication. If you use other protocols apart from HTTPS like FTP, Telnet, the data would not be encrypted and can be eavesdropped.  

If you use a VPN , the entire packet would be encrypted , irrespective of the application layer protocol you use. So in your sceanrio where you do not have any security on the AP , a VPN would be a better option compared with HTTPS. ( PPTP)
banjo1960Author Commented:
Thanks for the information.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now