Hi All, I am quite unexperienced in networks so I would like to ask someone who has more knowledge on this topic.
When DO introduced private networking back then there were some criticism that communication through the private network is not private at all while others can intercept the traffic within the same network (datacenter). So if you wanted to use the private network securely you had to configure a VPN for example to encrypt the communication.
Now I saw the announcement stating: “As of July 18, 2018, DigitalOcean private networking isolates communication at the account or team level between Droplets located in the same datacenter region.” and I was wondering whether this means that configuring a VPN is no longer necessary or others still have to possibility to sniff or even modify my traffic? I have searched DO support and other resources on the internet but I haven’t been able to find any reliable answer for this question.
It would be very nice if DO could clarify this, while misusing the private network could bring a huge security risk which could really bite unexperienced users like me.
Thank you very much for your help in advance!
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
Hello friend!
Excellent question. Your private networking is isolated and, in theory, no one can sniff your traffic. The reason I say “in theory” is because I’m afraid I’ve seen a bit too much in my time in the industry thus far, not that we haven’t taken the appropriate measures to protect you.
I believe that the security measures you take should be equivalent to the data you need to protect. You should assume that every layer of security might one day be found to not be as secure as once thought. We never thought we’d see the day that CPUs themselves were not secure, but here we are after the fact, just a bit more paranoid than ever before. Trust that we’re going to be paranoid and put forth every effort to protect you, but supplement that with your own security measures because you never know what is around the corner.
I suppose the shorter version of this is to say I expect you to be secure without that VPN, but if your data is of value I think you should use that VPN anyway.
Kind Regards, Jarland
All this is cool, but DO really should allow private networking within the same account/team, and NOT limit it by data centers, especially if several of their data centers are unavailable from time to time.