SSL web traffic privacy?

Im curious about how much different the SSL connection than IPSec VPN -in terms of privacy, identification of your location and IP address. For instance, once i type URL with https (assuming supporting secure session) such as facebook. 1) Are my location and IP address still being identified? 2) Is the data leaving my private network being seen by ISP or malicious users?3) What kind of address is assigned to me during that session? (private or public)

Find more posts tagged with

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

paul78

If you mean that if using SSL vs IPsec will mask your Internet presence, neither will actually do that. Your public Internet IP will be in the source header of the IP packets. So the various ISP's and destination server can discover your location (at least the location of the public IP) using ip geolocation services like Quova. But the contents of the packets are encrypted so the confidentially of the data is ensured.

In some companies that have a need to inspect SSL traffic, the SSL can be decrypted using SSL inteception techniques - for example using Cisco Bluecoat Proxy devices but in that scenario, the company would also control the devices originating the traffic.

RobertKaucher

First you should know how IP, TCP, and DNS work before you can get your mind around how TLS (SSL) works. If you are up to speed on those protocols, please look at these articles.

An Introduction to Transport Layer Security

How TLS/SSL Works: Logon and Authentication

RFC 5246 - The Transport Layer Security (TLS) Protocol Version 1.2

Also see Episode #195 of Security Now.

RobertKaucher

thedrama wrote: »

1) Are my location and IP address still being identified?

Regardless of the encryption scheme your address must always be identified or there would be know way for the other system to know how to return data to you. If you consider WPA, used on most consumer and enterprise wireless networks, the Ethernet addresses of the systems are transmitted completely in clear text or there would be no way for the two systems to send the encrypted data back and forth.

thedrama wrote: »

2) Is the data leaving my private network being seen by ISP or malicious users?

No. There are only special instances when this can happen. One such case is called a "man-in-the-middle attack.
Man-in-the-middle attack - Wikipedia, the free encyclopedia
another case is SSL Termination (which is really just a "legitimate" MITM scenario).

thedrama wrote: »

3) What kind of address is assigned to me during that session? (private or public)

For the encrypted VPN traffic you still have the same public IP address that you had at the start of the session. In order to be able to access to the resources on the VPN network you will be assigned a local IP address via a "virtual network adapter". In addition to the material I suggested above you should also Google "how VPNs work".

quinnyfly

You could say, it's almost like the post office having no address to send you mail, the TCP header fields always identify the host regardless of what type of encryption technique is used. That is the basis of TCP/IP, to route and communicate packets over the internet.

I agree with Paul78, you really need to get a firm grasp of TCP before learning anything about SSL, IPsec and VPNs. Also learn a little about IP spoofing, this is another instance where MITM (man-in-the-middle) and connection hijacking attacks occur when an attacker will spoof the TCP headers and logically assume an identity of a host. SSL and TLS are not 100% secure, IPsec uses several protocols that are slightly different to SSL, either way, they all still encrypt and encapsulate packets before being sent, but this does not thwart man-in-the-middle attacks and IP spoofing.

RobertKaucher

quinnyfly wrote: »

.... they all still encrypt and encapsulate packets before being sent, but this does not thwart man-in-the-middle attacks and IP spoofing.

How does IP Spoofing apply?