Related

Tool [NEW] Bandwidth Pricing Calculator Tool
How to route outgoing connection via Floating IP Question Question
SFO2 region packet loss / Telia issue? Question Question

Question

How "private" is the new private networking?

Posted August 9, 2018 4.3k views
NetworkingUbuntu 18.04

Hi All,
I am quite unexperienced in networks so I would like to ask someone who has more knowledge on this topic.

When DO introduced private networking back then there were some criticism that communication through the private network is not private at all while others can intercept the traffic within the same network (datacenter). So if you wanted to use the private network securely you had to configure a VPN for example to encrypt the communication.

Now I saw the announcement stating: “As of July 18, 2018, DigitalOcean private networking isolates communication at the account or team level between Droplets located in the same datacenter region.” and I was wondering whether this means that configuring a VPN is no longer necessary or others still have to possibility to sniff or even modify my traffic? I have searched DO support and other resources on the internet but I haven’t been able to find any reliable answer for this question.

It would be very nice if DO could clarify this, while misusing the private network could bring a huge security risk which could really bite unexperienced users like me.

Thank you very much for your help in advance!

Add a comment
admin1b6ffa2257c0eff356e93
By:
admin1b6ffa2257c0eff356e93

Related

Tool [NEW] Bandwidth Pricing Calculator Tool
How to route outgoing connection via Floating IP Question Question
SFO2 region packet loss / Telia issue? Question Question

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
2 answers
jarland August 10, 2018

Hello friend!

Excellent question. Your private networking is isolated and, in theory, no one can sniff your traffic. The reason I say “in theory” is because I’m afraid I’ve seen a bit too much in my time in the industry thus far, not that we haven’t taken the appropriate measures to protect you.

I believe that the security measures you take should be equivalent to the data you need to protect. You should assume that every layer of security might one day be found to not be as secure as once thought. We never thought we’d see the day that CPUs themselves were not secure, but here we are after the fact, just a bit more paranoid than ever before. Trust that we’re going to be paranoid and put forth every effort to protect you, but supplement that with your own security measures because you never know what is around the corner.

I suppose the shorter version of this is to say I expect you to be secure without that VPN, but if your data is of value I think you should use that VPN anyway.

Kind Regards,
Jarland

Reply Report
NearlyNormal June 30, 2019

All this is cool, but DO really should allow private networking within the same account/team, and NOT limit it by data centers, especially if several of their data centers are unavailable from time to time.

Reply Report
Submit an Answer

Related

Looking for something else?

Ask a new question Search for more help