Roll your own VPN and other tech advice – Security Boulevard

Roll your own VPN and other tech advice – Security Boulevard

Like many people, over the last couple of years, my main real interaction with people outside of my immediate family and Amazon delivery drivers has been via the internet. 

The beauty of the internet is that you don’t need to shower, put on decent clothes, or worry about offending anyone. If anything, offending someone is an online ritual that everyone partakes in at some point or another. 

There are many highly skilled security professionals online. They can code, they can build hardware, and they have magnificent hair. (I may be slightly jealous of Dan Cuthbert) 

These kinds of people are like cybersecurity MacGuyver’s. Drop them into a large enterprise that’s been crippled by ransomware, and they’ll get it up and running in an hour using some open source software, a few lines of code and one Raspberry Pi. 

Now there’s a time and place for all that flashy business – but one place that doesn’t exist is when less security or tech-inclined people ask for advice. 

“I heard you should use a VPN when online, can you recommend one?”

“Ha! N00b. I have my own custom VPN that is protected with this sweet crypto I rolled myself that runs off these PS4s”

OK, maybe I’m exaggerating slightly, but they may as well come out and say it like that. 

Mikko Hypponen is someone who is able to pull out quotes and references for nearly every scenario. 

In one tweet, he posted.

«For a Linux user, you can already build such a system yourself quite trivially by getting an FTP account, mounting it locally with curlftpfs, and then using SVN or CVS on the mounted filesystem. From Windows or Mac, this FTP account could be accessed through built-in software»

Which was a comment someone made about Dropbox when it was first released. 

There are many similar examples across the tech and security space. Anytime you ask for a product recommendation, you’re given a bunch of options in how to create your own. Which, like I said, is cool, but beyond the capabilities, patience, or time commitment that most can give. 

So what’s the point in harping on about this? Other than to pull the reverse uno card just to point and laugh at tech enthusiasts (my attorney has advised me to clarify that I am not pointing and laughing at anyone). 

Yes, it’s possible to break things down into components, and look for cheaper ways to cobble something together yourself. I mean, why buy a SIEM, or endpoint protection, when all you need is a small box running Linux and a subscription to If This Then That – surely it’s better than any AI available on the market. 

Going back to another Mikko tweet, 

Slashdot’s verdict when Apple released the iPod in 2001: “No wireless. Less space than a nomad. Lame.”

The thing is that technically speaking, this was and still is an accurate statement. It didn’t have wireless and didn’t have as much space as competitors. 

But Apple did have two things that worked in their favour. 

The first and most immediate tool in their arsenal was their extensive marketing. This is where many technologists will roll their eyes and dismiss marketing. But I’d argue that marketing is just as important as innovation. 

You see, there are two ways that you create and sell a product 

  1. Find out what people want, and build it. 
  2. Build what you’re good at (can), and find a way to get people to want it. 

It’s very difficult to create something that everyone will want, so you need to create that need in people – which is where marketing comes in. And why I will say that marketing is just as important as innovation. 

The second part that Apple got right with the iPod was the user experience. 

You can have a great product, but if it requires your intended users to have a degree in engineering to understand or get working, then it’s not going to be used. 

The human experience can either make or break adoption of any technology, security or otherwise. There are hundreds of examples of such things in the tech world. 

So, when you look at solving security challenges, consider not just the sum of all the parts, but also hope the human experience is richer than, “just roll your own vpn”

Source: https://securityboulevard.com/2021/11/roll-your-own-vpn-and-other-tech-advice/