7:40 i set up VPNs all the time at my previous job and always wondered why IPSec used TCP over UDP, but it never pertained directly to solving a problem so i never looked it up. please count this as my vote for a followup video on UDP over TCP :)
It is redundant to encapsulate twice with TCP. You get all the benefits that TCP provides by encapsulating with TCP just once. The second TCP encapsulation will just add an additional and unnecessary network overhead. Look it up for more details. HTH
pn That makes sense, thanks for replying. I guess, then, the point of encapsulating in UDP just boils down to the speed advantage (no need for handshaking and error checking since you’re doing that post-decap anyway) and increased amount of data per packet thanks to smaller header size
Can you do a series on the regular guests' bookshelves? Their favorite computer and non-computer books? I'm always interested in the background shelves in the videos.
The first time I used a VPN to work from home and realized I could access all the network resources like drives, printers, and servers, I was blown away. Now they have apps for vpns. It's such a cool concept.
Amazing what you can do with a little bit of PostScript programming… %!PS-Adobe-2.0 /w 1920 def /h 1080 def /step 10 def /dvsn step 8 mul def /margin 36 def /gap 4 def /biggap 24 def /close 4 def > setpagedevice 0 h translate 1 -1 scale 0.5 0.8 0.5 setrgbcolor /y biggap def { 0 1 close { 0.25 setlinewidth margin y moveto 1920 margin sub y lineto stroke /y y gap add def } for /y y biggap gap sub add def y 1080 ge { exit } if } loop 0.775 0.80 0.75 setrgbcolor biggap 9 add 48 1080 biggap add { newpath dup dup 18 exch moveto 18 exch 9 0 360 arc dup w 18 sub exch moveto w 18 sub exch 9 0 360 arc fill } for showpage
....and send it directly to an unknown company, who cannot be trustet with your data (or as much as your isp for that matter) I can't see any Problem there
Count yourself lucky that they know what a VPN is at all. Would you rather be the head of IT having to explain to 1000 employees suddenly working from home what a VPN is as you frantically are issuing them all access credentials?
@@soviut303 I'd prefer they knew nothing over having misunderstood the idea completely "oh, for watching american netflix in europe!" easier teaching without some (wrong) presumptions already present.
@@gregf9160 IDK, in America respected academics are nerds. I suppose you designate them as "boffins". We have no such differentiation. Even "geek" has widened into nearly any enthusiast of anything.
There are also virtual desktops that you can use. Your home PC becomes a "dumb" terminal running a client program connecting to a corporate virtualization server. A 2-factor authentication (RSA SecurID) is still used just like a VPN.
One quibble... Message Authentication Codes (not to be confused with the MAC in 'MAC address') are not digital signatures, though they do usually use hashes. MACs are what's used to make sure the messages are not modified in transit.
@@Demonslay335 - I consider a feature of a 'signature' to be non-repudiatable. This is not the case with HMAC. The recipient knows the HMAC key and could forge a message that appeared to be from you.
I've measured the performance of VPN and ssh, and ssh is about 6 times faster than the vpn we use at work (at least in one direction), so all I use the vpn for is to setup an ssh tunnel from work to home, then I run the x2go remote desktop over ssh.
reverse proxy is also a more flexible way to scale access to corp web resources securely (well, as long as you keep up with latest web security standards and have a per client machine certificate)
Although VPNs offer excellent solutions for securely connecting to remote networks, VPNs also introduce a risk: At the office, the IT personnel are responsible for computer security. They can enforce group policies, ensure that everyone is running company approved anti-virus software, etc. At home, the company often has zero control over the computer being used to establish a VPN connection. That home computer could be compromised with a key-logger, etc. For such a connection, the company should be purchasing the home system, and should be enforcing the same conditions on that computer, as though that computer was in the office. When the employee parts ways with the company, then that home computer, which is company property, goes back to the company.
If a company allows you to connect to their VPN server, they better limit those connections only to work laptops, which they do have control over. The place I worked at, basically gave everyone their own laptop, which they used both at home and at work. You come to work, connect it to extenal displays and peripherals, and use it like a normal desktop. Then at the end of the work day, you take it home with you. So there is no "office machine" / "home machine" distinction, it's just your work laptop.
That's the reason why the IT company where I work provide laptops to its employees. And as far as I know is common procedure for most big IT companies.
You either hand out laptops (if you're rich) or (if you're not that rich) you treat those home PCs as BYOD's - let them into a specific subnet and only open specific ports from there etc.
@@SMJSmoK With the upsurge of remote requirements like this, we had some large NFP's who couldn't exactly fork over dozens of laptops on the drop of a dime (plus availability right now is scarce). One possible solution we were theorizing was to deploy a standardized VM - essentially a domain-joined guest image that you do have full GPO control over. It mitigates many (but admittedly not all) of the concerns of the host system being compromised.
can you also explain in a video how ssh with port forwarding will be working for such a scenario? And under what conditions that is used for remote access rather than using VPNs?
So im guessing you guys are going to cover the different types of vpn. such as pptp, sstp, l2tp, ipsec / ike. as well as other remote access systems such as windows remote desktop protocol (and gateways), virtual network computing (and their gateways). the diffrences, which is better for what application. if so i can see you getting a lot more views, as you will have many technicians, engineers and the few manager who understood it, using the videos to get funding to implement them.
Basically, when using a proxy, you are still operating on your real IP, but you hand off network traffic for a specific service over to another server to complete for you. With a VPN, system wide you operate under a totally different IP address, where everything you do on your network is totally encrypted to your ISP. Both of these methods can mask your location to others, but a VPN is needed to protect your privacy.
A Proxy will redirect your web traffic while a VPN redirects AND encrypts your traffic. A VPN can also create a direct, encrypted tunnel to a host network, such as an internal network at some company or government organization, whereas a Proxy doesn't create direct tunnels to private networks. That's the simple answer.
A proxy doesn't even have to redirect packets if not necessary, that's what usually happens when you surf the internet from your workplace. It just let you go thru, if it's not on a black list. A proxy is much faster and requires much less resources because it doesn't redirect unless you are looking for specific resources, and doesn't mask the communication. Your resource is going to respond using your IP, not the proxy's.
He showed TCP packets wrapped in UDP. As far as I know, UDP sends packets without confirming their arrival, while TCP keeps trying until packets are confirmed to have reached their destination. There seems to be a conflict in that wrapping, if I understand correctly. How does it work?
By not conflicting. If you have 2 protocols that both think they are responsible for resending packets, throttling traffic and so on, things will be done multiple times. Imagine sitting in a bus where each single passenger thinks they have to hit the brakes to avoid collisions...
With no confirmation, it'd seem the TCP sender would hit some loop of trying to send some packets and failing unless the UDP sender somehow responds to those... My guess: the one sending UDP just responds to the TCP sender with ACK and confirms "everything went fine" regardless of whether or not those UDP packets made it to their destination.
@@rabidbigdog You want to get of hold of a PDP11/60 - nicest PDP DEC ever made - THAT needs 3 phase!! It has a MASSIVE three phase air blower (you can't really call it a fan)! BOY does that blow!!
A question we often get asked is "why have the vpn layer, lets just be on the internet and do everything there without the VPN". I dunno, kinda running out of answers on that, other than extra layer of identification.
That's really the better way of doing it, except that you've probably got things on your network that aren't sufficiently protected against attackers because they were designed and implemented with the expectation that everyone with access to the network isn't malicious. These things should be redesigned anyway, because there may be malware on people's computers at times that could attack your unprotected systems, but there are probably services on your network you haven't thought to redesign, like printers and scanners and video conference devices that just trust any device that can reach them.
@@iabervon I think that is "computer security" oversell. I don't think printer services are vulnerable to efforts to hijack video and audio, and there's already very simple measures to keep even specific print jobs from being hijacked. You have to separate possible vulnerabilities from actual real-world vulnerabilities, and even then prioritize. I'm not scared of Postscript viruses that only attack printers. Don't be the security expert who cries wolf.
I'm not sure how you had a conversation about how VPN works and didn't talk about GRE or IPSec, but hey, I guess this was intended for a more general audience.
Is there a way you can hide/disguise what you are sending through a VPN? You mentioned patters where it could determine if it's a video call or an http request.
Yes, you can send a constant data stream in both directions. The outside observer wouldn't see if it's dummy data or real data inside. However, all internet connections are sized for interlacing traffic from/to multiple sources. So multiple people hogging their maximum bandwidth constantly would clog the network quickly.
I like the video because you’re explaining how a VPN works but I do wish you had spoken about the risk of giving a remote user network level access in a corporate use case. What if the user introduces malware into the network via VPN? VPN’s have had their day... time to move away from this type of approach for non admin users. Use a dual app proxy based architecture and improve the security posture and still prove access to private applications hosted in the dc.
I still don't understand why you would go through all of this trouble, as opposed to just encrypting the data and sending it over tcp over ip. Why does it need to be wrapped up inside another packet like this. Couldn't students just access school data by connecting through a secure TCP line?
Basically for the same reason manufacturing companies put their machines into big buildings with access control on the doors instead of putting them out in the open and having a password on each machine's control panel.
What has happened to me quite a lot is that I would connect to my workplace via VPN in the morning, and then forget to disconnect after end of work. Now my employer knows all the dirty sites I visit.
"virtual (privat network)". A private network is one that is not routable from the internet. Instead of using hardware, you're using software to define that network.
Terrible Explanation. I just don't understand what was so understandable in his speech. He couldn't explain it in lesser technical terms. Disappointed with Computerphile
well, I suppose that's appropriate as Mr.Robot was very fake, giving only an occasional nod to actual computer security, while getting details all wrong. Also, I don't think all of China has a single database. You're welcome to try and break in!
7:40
i set up VPNs all the time at my previous job and always wondered why IPSec used TCP over UDP, but it never pertained directly to solving a problem so i never looked it up.
please count this as my vote for a followup video on UDP over TCP :)
I work as a 1st line technician at an MSP... All i have been doing the past week and a half is setting up VPN connections and remote access!
It is redundant to encapsulate twice with TCP. You get all the benefits that TCP provides by encapsulating with TCP just once. The second TCP encapsulation will just add an additional and unnecessary network overhead. Look it up for more details. HTH
pn
That makes sense, thanks for replying. I guess, then, the point of encapsulating in UDP just boils down to the speed advantage (no need for handshaking and error checking since you’re doing that post-decap anyway) and increased amount of data per packet thanks to smaller header size
@@OutrageousOctopus mee too!
KnuckleTips I had a joke about UDP, but you may not get it.
Can you do a series on the regular guests' bookshelves? Their favorite computer and non-computer books? I'm always interested in the background shelves in the videos.
The first time I used a VPN to work from home and realized I could access all the network resources like drives, printers, and servers, I was blown away. Now they have apps for vpns. It's such a cool concept.
Brady is keeping all his dozens of channels alive from the comfort of his home
He even has this paper on his iPad...
Amazing what you can do with a little bit of PostScript programming…
%!PS-Adobe-2.0
/w 1920 def
/h 1080 def
/step 10 def
/dvsn step 8 mul def
/margin 36 def
/gap 4 def
/biggap 24 def
/close 4 def
> setpagedevice
0 h translate
1 -1 scale
0.5 0.8 0.5 setrgbcolor
/y biggap def
{
0 1 close
{
0.25 setlinewidth
margin y moveto
1920 margin sub y lineto
stroke
/y y gap add def
} for
/y y biggap gap sub add def
y 1080 ge { exit } if
} loop
0.775 0.80 0.75 setrgbcolor
biggap 9 add 48 1080 biggap add
{
newpath
dup dup 18 exch moveto
18 exch 9 0 360 arc
dup w 18 sub exch moveto
w 18 sub exch 9 0 360 arc
fill
} for
showpage
@@DrSteveBagley Programming in PostScript? Kudos!
What is so special about this?
I loved this talk, it's funny hearing him trying so hard to not use too technical language to keep it accessible.
It really annoys me that most people these days think a VPN is just for tunnelling out your internet connection to hide your browsing....
....and send it directly to an unknown company, who cannot be trustet with your data (or as much as your isp for that matter)
I can't see any Problem there
I think we can blame that one on Nord VPN.
Count yourself lucky that they know what a VPN is at all. Would you rather be the head of IT having to explain to 1000 employees suddenly working from home what a VPN is as you frantically are issuing them all access credentials?
Ian Zamojc that has been my entire week...
@@soviut303 I'd prefer they knew nothing over having misunderstood the idea completely "oh, for watching american netflix in europe!" easier teaching without some (wrong) presumptions already present.
On the next video would be nice if you spoke about layer 2 and layer 3 tunneling vpn. I think it would be interesting for a lots of people.
Even better, talk about the poor man's "vpn" solution: THE SSH DYNAMIC PORT FORWARDING
@@TheSam1902 Yes. absolutely. I have been using SSH all the time. Even SSH layer 2 tunneling on many many sites of my hobby link network project
5:50 where did you come from, where did you go, where did you come from cotton eye joe
I always had the idea Dr. Bagley was a Doctor Who fan. Now I'm delighted to have that confirmed ;)
I thought all English nerds are Doctor Who fans.
@@IIARROWS Sadly, no. He's not a nerd either, he's a proper, respected academic.
@@gregf9160 IDK, in America respected academics are nerds. I suppose you designate them as "boffins". We have no such differentiation. Even "geek" has widened into nearly any enthusiast of anything.
Classic Dr Who and Star Trek box sets in the dining room? I approve 🍻
Would be interested in seeing you do a video on BeyondCorp!
Funny the quality of the mobile video, where all the adverts for video chats on mobiles are always shown as perfect with no buffering ever.
the connection must have been limited by something, I have never seen that bad video call
There are also virtual desktops that you can use. Your home PC becomes a "dumb" terminal running a client program connecting to a corporate virtualization server. A 2-factor authentication (RSA SecurID) is still used just like a VPN.
Clear, concise explanation. Thank you.
One quibble... Message Authentication Codes (not to be confused with the MAC in 'MAC address') are not digital signatures, though they do usually use hashes. MACs are what's used to make sure the messages are not modified in transit.
If you're using an HMAC however, you technically ARE signing it - signing the hash's integrity.
@@Demonslay335 - I consider a feature of a 'signature' to be non-repudiatable. This is not the case with HMAC. The recipient knows the HMAC key and could forge a message that appeared to be from you.
@@Omnifarious0 Ah, fair point. You're right then, as actually signing the HMAC (with an asynchronous key) would be separate.
@@Demonslay335 - Asymmetric you mean? 🙂
@@Omnifarious0 Heh, spell check.
Steve! Could you also cover services such as Teamviewer and Citrix, and also tunnelling through an SSH connection?
Second this. I never managed to figure out how to actually use UDP in applications
I've measured the performance of VPN and ssh, and ssh is about 6 times faster than the vpn we use at work (at least in one direction), so all I use the vpn for is to setup an ssh tunnel from work to home, then I run the x2go remote desktop over ssh.
I assume you have some safe-guards, such as fail2ban, certificate authentication, etc., vs just having port 22 wide open with only password auth?
Love that PDP 11 front panel.
reverse proxy is also a more flexible way to scale access to corp web resources securely (well, as long as you keep up with latest web security standards and have a per client machine certificate)
Although VPNs offer excellent solutions for securely connecting to remote networks, VPNs also introduce a risk:
At the office, the IT personnel are responsible for computer security.
They can enforce group policies, ensure that everyone is running company approved anti-virus software, etc.
At home, the company often has zero control over the computer being used to establish a VPN connection. That home computer could be compromised with a key-logger, etc.
For such a connection, the company should be purchasing the home system, and should be enforcing the same conditions on that computer, as though that computer was in the office.
When the employee parts ways with the company, then that home computer, which is company property, goes back to the company.
If a company allows you to connect to their VPN server, they better limit those connections only to work laptops, which they do have control over.
The place I worked at, basically gave everyone their own laptop, which they used both at home and at work. You come to work, connect it to extenal displays and peripherals, and use it like a normal desktop. Then at the end of the work day, you take it home with you. So there is no "office machine" / "home machine" distinction, it's just your work laptop.
That's the reason why the IT company where I work provide laptops to its employees. And as far as I know is common procedure for most big IT companies.
You either hand out laptops (if you're rich) or (if you're not that rich) you treat those home PCs as BYOD's - let them into a specific subnet and only open specific ports from there etc.
@@SMJSmoK With the upsurge of remote requirements like this, we had some large NFP's who couldn't exactly fork over dozens of laptops on the drop of a dime (plus availability right now is scarce). One possible solution we were theorizing was to deploy a standardized VM - essentially a domain-joined guest image that you do have full GPO control over. It mitigates many (but admittedly not all) of the concerns of the host system being compromised.
6:04 A bit nitpicky, but Ethernet "packets" are called frames.
Yeah, and he kinda glossed over layer 1 :)
I'm at the same time relieved and disappointed, that the video hasn't at least partially been shot in vertical video format.
can you also explain in a video how ssh with port forwarding will be working for such a scenario? And under what conditions that is used for remote access rather than using VPNs?
So im guessing you guys are going to cover the different types of vpn.
such as pptp, sstp, l2tp, ipsec / ike.
as well as other remote access systems such as windows remote desktop protocol (and gateways), virtual network computing (and their gateways).
the diffrences, which is better for what application.
if so i can see you getting a lot more views, as you will have many technicians, engineers and the few manager who understood it, using the videos to get funding to implement them.
10:10 I'm a bit confused by this part, isn't that the definition of proxy? i.e. tunneling packets through a different IP?
What is the difference here?
Basically, when using a proxy, you are still operating on your real IP, but you hand off network traffic for a specific service over to another server to complete for you. With a VPN, system wide you operate under a totally different IP address, where everything you do on your network is totally encrypted to your ISP.
Both of these methods can mask your location to others, but a VPN is needed to protect your privacy.
A Proxy will redirect your web traffic while a VPN redirects AND encrypts your traffic. A VPN can also create a direct, encrypted tunnel to a host network, such as an internal network at some company or government organization, whereas a Proxy doesn't create direct tunnels to private networks. That's the simple answer.
A proxy doesn't even have to redirect packets if not necessary, that's what usually happens when you surf the internet from your workplace. It just let you go thru, if it's not on a black list.
A proxy is much faster and requires much less resources because it doesn't redirect unless you are looking for specific resources, and doesn't mask the communication. Your resource is going to respond using your IP, not the proxy's.
@@rich1051414 if using a proxy, I'm still operating on my real IP, why does it mask my location?
@@undead890 Does no encryption mean that proxy is insecure (for the traffic from sender to the proxy)?
Great explanation
Please add a section on the use of personal devices to connect to corporate resources: risks and mitigation
Opens the video, sees Signal, clicks on like immediately
Great video, can you address basic security concerns of using a personal cell phone as a wifi hotspot in a public environment.
This would be a great begining of a materials regarding NETWORK PROTOCOLS. Forst VPN how it work but more specificly. Like 1 phase 2 phase etc etc. :)
nice video length
Sweet home VPN,
Connect me to my stuff
Sweet home VPN...
This is the most stable camera work i have ever seen on computerphile
Am I able to use a VPN so I can work out of the US temporarily? US system/connections might not recognize IP addresses from a different country
Video length is 13:37.
N1C3! ;)
Be kind and turn off your webcam during your Zoom meetings while connected to your company's VPN.
He showed TCP packets wrapped in UDP. As far as I know, UDP sends packets without confirming their arrival, while TCP keeps trying until packets are confirmed to have reached their destination. There seems to be a conflict in that wrapping, if I understand correctly. How does it work?
By not conflicting. If you have 2 protocols that both think they are responsible for resending packets, throttling traffic and so on, things will be done multiple times. Imagine sitting in a bus where each single passenger thinks they have to hit the brakes to avoid collisions...
With no confirmation, it'd seem the TCP sender would hit some loop of trying to send some packets and failing unless the UDP sender somehow responds to those...
My guess: the one sending UDP just responds to the TCP sender with ACK and confirms "everything went fine" regardless of whether or not those UDP packets made it to their destination.
Hmm, nobody noticed the 13:37 duration...
13:38 for me, but yeah.
@@Phroggster
weird, i see 13:37; i wanna see a computerphile video about how that discrepancy could've occurred lol
Steve has a PDP-11 front panel on the shelf?
Little Star it’s a PiDP-11 replica - fund to make and build, uses a raspberry pi to emulate the pdp11
@@DrSteveBagley I have a nice collection of machines myself, including a real PDP 11/73 that dims the lights when I power it on.
@@rabidbigdog You want to get of hold of a PDP11/60 - nicest PDP DEC ever made - THAT needs 3 phase!! It has a MASSIVE three phase air blower (you can't really call it a fan)! BOY does that blow!!
A question we often get asked is "why have the vpn layer, lets just be on the internet and do everything there without the VPN". I dunno, kinda running out of answers on that, other than extra layer of identification.
That's really the better way of doing it, except that you've probably got things on your network that aren't sufficiently protected against attackers because they were designed and implemented with the expectation that everyone with access to the network isn't malicious. These things should be redesigned anyway, because there may be malware on people's computers at times that could attack your unprotected systems, but there are probably services on your network you haven't thought to redesign, like printers and scanners and video conference devices that just trust any device that can reach them.
@@iabervon I think that is "computer security" oversell. I don't think printer services are vulnerable to efforts to hijack video and audio, and there's already very simple measures to keep even specific print jobs from being hijacked. You have to separate possible vulnerabilities from actual real-world vulnerabilities, and even then prioritize. I'm not scared of Postscript viruses that only attack printers. Don't be the security expert who cries wolf.
Very informative. Thank you.
And there was me believing that packets were encapsulated within frames and it was the frames that were sent out over a wire to other devices.
More videos!!!
A fascinating topic no doubt
Next video should be about protein folding (A la Folding@Home)
Damn he has a complete book just on OSPF routing? Wow!!
I'm not sure how you had a conversation about how VPN works and didn't talk about GRE or IPSec, but hey, I guess this was intended for a more general audience.
Are those Doctor Who DVD's in the background?
Can you do a video on Wireguard? its avery special piece of software.
Wireguard gang rise up!!
This
now I NEED to know why it uses UDP!
Thanks for the info, what software do you use on the IPAD to draw ?
The app on the iPad is called Procreate. I also used QuickTime on my Mac to record the screen as I drew.
Is there a way you can hide/disguise what you are sending through a VPN? You mentioned patters where it could determine if it's a video call or an http request.
Yes, you can send a constant data stream in both directions. The outside observer wouldn't see if it's dummy data or real data inside. However, all internet connections are sized for interlacing traffic from/to multiple sources. So multiple people hogging their maximum bandwidth constantly would clog the network quickly.
Which app on the iPad did you use for drawings?
Back in the late 1990s we were using PPP over SSH as kind of poor-man VPN. It's worse than the normal VPN, but it's simple to understand how it works.
what are those DVDs on his bookshelf?
me99771 Those are storage media .
What is the difference between proxy server and VPN server
Does my company need a VPN if all of our data is stored in the cloud?
Somewhere in my parents' attic I have the same VHS box set of the Ice Warriors.
I like the video because you’re explaining how a VPN works but I do wish you had spoken about the risk of giving a remote user network level access in a corporate use case. What if the user introduces malware into the network via VPN? VPN’s have had their day... time to move away from this type of approach for non admin users. Use a dual app proxy based architecture and improve the security posture and still prove access to private applications hosted in the dc.
is openVPN still the best option for most VPNs?
Personally, I'd use (and use) Wireguard and IPsec depending on the use case.
Props for Bagpuss
I wonder about the significance of the user having 4 arms
Where is the caption??
I still don't understand why you would go through all of this trouble, as opposed to just encrypting the data and sending it over tcp over ip. Why does it need to be wrapped up inside another packet like this. Couldn't students just access school data by connecting through a secure TCP line?
Hi I need someone to help me on my program project. please.
you need learn hacking?
cyb3rpunk. No 😅. At least not yet 😎.
I need to ask an expert in c++ on a program problem
If you want learn hacking I teach you عبدالرحمن الغنام
cyb3rpunk
I would like that
Mäander
No I will check it out thank you
What about DNS leaks?
ppl in the future will look back at videos from march 2020 and be like, what the f*ck is going on?
Nice video duration time! ^^'
Why do we use VPNs when we have HTTPS?
To access servers inside a firewall is why I use a VPN to work from home. It's like I'm actually hooked up to my company's internal network.
Basically for the same reason manufacturing companies put their machines into big buildings with access control on the doors instead of putting them out in the open and having a password on each machine's control panel.
0:46 Why are you using Microsoft?
Aren't you scared of the Cortana virus?
Appears to have a PiDP-11 in his dining room on a shelf. I'm unsurprised 😂
nice house
nice
Computerphile making history making a video at corona vius's times... awesome!!
Is this Computerphile or Applephile?! Every video there's some Apple product featured be it a Mac or iPad! 🤣
Too simple; needs part 2. Exl,ain why some vpn are safer than others. Not just pptp v openvpn, but also enormous variation in brands. Thanks!
The real problem is that the remote machine is probably the easiest path for a malicious third party to gain access to the corporate network.
What has happened to me quite a lot is that I would connect to my workplace via VPN in the morning, and then forget to disconnect after end of work. Now my employer knows all the dirty sites I visit.
Please can i work remotly by using vpn if the service isnot available in my country
So funny how the laptop class ;) thought most people could work from home
Perimeter security, what could possibly go wrong...
Star Trek, Doctor Who and Back to the Future... ah, I feel at home already :)
leet
can i work from hotel?
Usually yes, but the hotel can block VPN traffic.
@@recklessroges I mean with the new law and filming 😀
@@recklessroges Not a great way to attract business clientele
omfg MS Teams 😵
Thanks to the cloud I rarely have to use VPN anymore. 😊
Nerds doing what they are used to: Social Distancing 😁
?
The network isn't virtual... It's real! It is a virtual "private" network CABEL!!!
"virtual (privat network)". A private network is one that is not routable from the internet. Instead of using hardware, you're using software to define that network.
@@HenryLoenwind Nonsense. Regardless of the hardware, networks are always defined by software. Otherwise its just a bunch of wires.
It made me realize how echoey most ppls homes are... All those home videos XD SO MUCH ECHO
Brexit teeth being contained by braces. Unusual. Well done!
Terrible Explanation. I just don't understand what was so understandable in his speech. He couldn't explain it in lesser technical terms. Disappointed with Computerphile
How vague
not sure most people are working from home..... certainly not the hundreds of thousamds whos industrys have shut down
1337
👌
me:watches this video
also me: trying to hack into china's database
MR ROBOT THEME SONG INTENSIFIES
well, I suppose that's appropriate as Mr.Robot was very fake, giving only an occasional nod to actual computer security, while getting details all wrong. Also, I don't think all of China has a single database. You're welcome to try and break in!
Man, the way this guy explains thing is so damn difficult to follow.
Dude has a hickey on his neck. That doesn't look like social distancing to me.
It frustrates me so much, that the concept is so simple to understand, but people still are clueless.