Originally published at: https://boingboing.net/2020/10/06/move-over-vpns-izzbie-lets-you-access-your-home-or-office-networks-from-anywhere-safely.html
…
Plugging one of these in at your office without corporate approval is called “installing a back door”. That’s a firing offense at many companies and can result in criminal charges.
So, it’s just a VPN with no ports closed and no advanced features for the network owner? Hard pass.
Really, any VPN is a black box, but this one is a literal black box that could be leaking data, phoning home, and so on. I have no way of verifying.
I much prefer the built-in VPN’s on some routers these days. Can use a variety of native VPN clients, and has integrated DDNS.
4 lines in before realizing it’s an advert … must be getting slow.
allowing you to access data from those remote networks at the same speed as that network
This is direct falsehood and furthermore, possibly actionable in a civil case, when someone whom has an internet connection that is slower than the network they are attempting to access realizes this ad copy is utter bullshit. No, you can’t access your 1-10 gigabit network at full speed, over, say, a 22 megabit connection. Sorry, NOT gonna happen, cuz math.
And as mentioned above, it’s a black box back door into your company’s network, if used at work, an astoundingly dumb thing to do and very likely to get you into civil and/or criminal hot water. At the very least, if you’re not the owner of the company, you’re likely to be fired.
Not only that, but IPSec VPN traffic has a heavy cost to the dataplane CPU for encapsulation/deencapsulation, to the point where expensive edge of network kit can only support certain VPN throughput values. I’m willing to bet this won’t support more than maybe 100mbps of VPN throughput.
Furthermore, since this doesn’t require any port forwarding I’m guessing this is an SD-WAN solution that uses a broker server and the device you set up at home will connect out to an IzzBie server using HTTPS, the client application will likely connect to their servers and you’ll be presented with your IzzBie endpoint to then negotiate a direct tunnel that way. Which means if they go bust, you’ve got a brick on your hands and there is a possibility of man-in-the-middle if that domain gets taken over.
It mentions AES-256 but doesn’t break this down by phase 1 and phase 2 nor does it mention which diffie-hellman group it is using or if it’s using SHA1 or SHA256 (SHA1 is compromised). Their site doesn’t mention any datasheet for the device so you don’t know what it can do.
A lot of the adverts for VPN annoy me - if your connection to a server is HTTPS, no-one is looking at your details in there. A VPN doesn’t secure you from malware on your PC running keyloggers and packet captures and you’re also trusting a VPN provider with all your traffic.
There is so much FUD surrounding them out there.
And yeah, someone plugs this into my network and I’m gonna come down hard on them. Good luck to this company when the first person has their account compromised and they connect to that user’s home or work network and run rampant.
Edit: Ooo, forgot about issues with overlapping subnets! When multiple endpoints are all running 192.168.1.0/24 or 192.168.0.0/24 you ain’t connecting to shit until you re-subnet those networks!
Heh, their Press Pack site appears to be missing its DNS entry. Professional operation they have there.
This topic was automatically closed after 5 days. New replies are no longer allowed.