5 things you need to know about virtual private networks

5 things you need to know about virtual private networks

VPNs are important for both enterprise and consumer security

A virtual private network is a secure tunnel between two or more computers on the internet, allowing them to access each other as if on a local network. In the past, VPNs were mainly used by companies to securely link remote branches together or connect roaming employees to the office network, but today they're an important service for consumers too, protecting them from attacks when they connect to public wireless networks. Given their importance, here's what you need to know about VPNs:

VPNs are good for your privacy and security

Open wireless networks pose a serious risk to users, because attackers sitting on the same networks can use various techniques to sniff web traffic and even hijack accounts on websites that don't use the HTTPS security protocol. In addition, some Wi-Fi network operators intentionally inject ads into web traffic, and these could lead to unwanted tracking.

In some regions of the world, governments track users who visit certain websites in order to to discover their political affiliations and identify dissidents -- practices that threaten free speech and human rights.

By using a VPN connection, all of your traffic can be securely routed through a server located somewhere else in the world. This protects your computer from local tracking and hacking attempts and even hides your real Internet Protocol address from the websites and services you access.

Not all VPNs are created equal

There are different VPN technologies with varied encryption strengths. For example, the Point-to-Point Tunneling Protocol (PPTP) is fast, but much less secure than other protocols such as IPSec or OpenVPN, which uses SSL/TLS (Secure Sockets Layer/Transport Layer Security). Furthermore, with TLS-based VPNs the type of encryption algorithm and key length used is also important.

While OpenVPN supports many combinations of ciphers, key exchange protocols and hashing algorithms, the most common implementation offered by VPN service providers for OpenVPN connections is AES encryption with RSA key exchange and SHA signatures. The recommended settings are AES-256 encryption with a RSA key that's at least 2048 bits long and the SHA-2 (SHA-256) cryptographic hash function, instead of SHA-1.

It's worth noting that VPNs introduce overhead, so the stronger the encryption is, the bigger the impact will be on the connection speed. The choice of VPN technology and encryption strength should be made on a case-by-case basis, depending on what kind of data will be passed through it.

The security needs of corporations are different than those of most consumers, who typically only need to protect themselves against opportunistic traffic snooping attacks -- unless they're concerned about mass surveillance by the U.S. National Security Agency and similar intelligence agencies, in which case very strong encryption is needed.

VPNs can bypass geoblocking and firewalls

Consumers also use VPNs to access online content that's not by available in their region, although this depends on how well the content owners enforce restrictions. VPN service providers usually run servers in many countries around the world and allow users to easily switch between them. For example, users might connect through a U.K.-based server to access restricted BBC content or through an U.S.-based server to access Netflix content that's not available in their region.

Users in countries like China or Turkey, where the governments regularly block access to certain websites for political reasons, commonly use VPNs to bypass those restrictions.

Free vs. paid

While companies set up their own VPNs using special network appliances, consumers have a wide selection of commercial and free VPN services to choose from. Free VPN offerings usually display ads, have a more limited selection of servers, and the connection speeds are slower because those servers are overcrowded. However, for the occasional user this just might be enough.

Another downside of free VPN servers, though, is that that it's more likely that the IP addresses they use will be blocked or filtered on various websites: Free VPN services are commonly abused by hackers, spammers and other ill-intentioned users.

Commercial VPN services work on a subscription-based model and differentiate themselves by an absence of download speed throttling or data limits. Some of them also pride themselves on not keeping any logs that could be used to identify users.

A few antivirus vendors also offer VPN services and these could serve as a middle ground between free and the more expensive commercial solutions, as users could get better deals if they also have antivirus licenses from those vendors. Also these VPN solutions already have reasonably secure settings, so users don't have to worry about configuring them themselves.

Build your own

Finally, there's the option to run your own VPN server at home so you can tunnel back and access services and devices on your home network from anywhere. This is a much better option than exposing those services directly to the internet, which is how hundreds of thousands of internet-of-things devices have recently been compromised and used to launch distributed denial-of-service attacks.

The general rule is that the fewer ports are opened in your router, the better. You should disable UPnP (Universal Plug and Play) so that your poorly designed IP camera, for example, doesn't punch a hole through your firewall and becomes available to the whole world.

Some consumer routers have built-in VPN server functionality these days, so you don't even have to set up a separate dedicated VPN server inside your network. Although, if your router doesn't have this sort of feature, a cheap mini computer like Raspberry Pi can do this job just fine.

Follow Us

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Brand Post

What to expect from your IT Distributor

Whether you’re just starting out or you’ve been around since before the dot com rollercoaster, choosing the right distribution partner can be a pivotal factor in your success. This definitive guide outlines the traits that every IT partner needs to look for in their IT Distributor.



Meet the Reseller News 30 Under 30 Tech Awards 2020 winners

Meet the Reseller News 30 Under 30 Tech Awards 2020 winners

This year’s Reseller News 30 Under 30 Tech Awards were held as an integral part of the first entirely virtual Emerging Leaders​ forum, an annual event dedicated to identifying, educating and showcasing the New Zealand technology market’s rising stars. The 30 Under 30 Tech Awards 2020 recognised the outstanding achievements and business excellence of 30 talented individuals​, across both young leaders and those just starting out. In this slideshow, Reseller News honours this year's winners and captures their thoughts about how their ideas of leadership have changed over time.​

Meet the Reseller News 30 Under 30 Tech Awards 2020 winners
Reseller News Exchange Auckland: Beyond the myths — how partners can master cloud security

Reseller News Exchange Auckland: Beyond the myths — how partners can master cloud security

This exclusive Reseller News Exchange event in Auckland explored the challenges facing the partner community on the cloud security frontier, as well as market trends, customer priorities and how the channel can capitalise on the opportunities available. In association with Arrow, Bitdefender, Exclusive Networks, Fortinet and Palo Alto Networks. Photos by Gino Demeer.

Reseller News Exchange Auckland: Beyond the myths — how partners can master cloud security
Reseller News welcomes industry figures at 2020 Hall of Fame lunch

Reseller News welcomes industry figures at 2020 Hall of Fame lunch

Reseller News welcomed 2019 inductees - Leanne Buer, Ross Jenkins and Terry Dunn - to the fourth running of the Reseller News Hall of Fame lunch, held at the French Cafe in Auckland. The inductees discussed the changing face of the IT channel ecosystem in New Zealand and what it means to be a Reseller News Hall of Fame inductee. Photos by Gino Demeer.

Reseller News welcomes industry figures at 2020 Hall of Fame lunch
Show Comments