What is a VPN?
The acronym VPN stands for Virtual Private Network.
VPNs are ordinarily used by employees working from home (WFH) to access files and programs on the company network, like they were in the office. In the office there is a “real” private network to connect many different devices in order to share data. WFH employees who are in differing locations are able to share data via the VPN “virtual” private network that uses encryption technology to recreate the security of a private network.
What can a VPN be used for?
VPNs also have a few different uses outside of the office to safeguard your privacy while you’re working online, such as;
- Hide your identity using encryption to conceal your actual IP address.
- Spoof your location by accessing the Internet using servers around the world.
- Mask your online activity by making it difficult to track you.
A VPN is also valuable if you want to do things like:
- Stay safe while using public Wi-Fi.
- Stay safe while peer-to-peer (P2P) gaming or file sharing.
- Stop nosey sites from tracking you.
- Bypass the Internet censorship in your country.
- Speak out safely as a journalist or political dissident in a repressive country.
- Watch streaming video content from another country.
VPN services, such as Malwarebytes are consumer level VPNs. This means as the VPN provider, they are responsible for the servers, the encryption, and the user authentication. All you need to do is pay your subscription fee and they take care of the rest!
Misuse of VPNs
The legality of VPN use varies because VPNs can be used to circumvent state-sponsored Internet censorship. In a country like China for example VPN’s are blocked but not necessarily illegal whereas in Russia unrestricted VPNs are outright illegal.
Legitimate criminals, if there is such a thing! Like using VPNs because they can go online incognito. For instance a VPNs can hide a criminals IP address’ while directing a botnet during a DDoS attack. Or even more frequently, VPNs are used to download copyrighted or illegal content undetected by Internet service providers and or law enforcement.
In September 2019 Malwarebytes wrote an article on Fake VPN Site Serves Up Keylogger.
That reported on a suspicious VPN advertised as “the only free VPN that doesn’t keep logs” only to infect the victim with a keylogger, a type of malicious spyware.
For clarification, VPNs encrypt your data and hide your location, identity and activity but offer no protection against viruses, ransomware and other forms of malware, including spyware and keyloggers.
As a result if you’re using a VPN, you still need a cybersecurity program.
We’ve discovered that VPNs create a safer and more private online experience as people can’t figure out who you are, where you are or what you’re looking
How do VPNs work?
A VPN are like access tunnels, it starts at one point and burrows it way to surface at the other side. This allows the people at either end to send data to each other and can connect to multiple users simultaneously. If all users pass the ID check, via their username and password they can enter the tunnel (use the VPN) Data is then encrypted as it enters the tunnel and it’s decrypted as it leaves the tunnel using encryption keys. The data that is packaged and encrypted is called tunnelling protocol.
The two types of encryption keys for secure communication and storage are called symmetric and public.
Imagine there are two doors, one at each end of the tunnel, a public and private door, both needing an access a key. A public key has a paired, private key on the receiving end. Whereas the private key is never shared. If your public key is compromised that’s ok as the computer still has the private key under safeguard.
What are the types of VPNs?
- There are two basic VPN types: remote access and site-to-site.Remote access VPN. Allows someone outside a given network (away on business trip or WFH) to connect and access resources securely on that network.Site-to-site VPN. Is typically used by organizations with multiple offices or branch locations around the country or globe to connect and share data securely.In addition, there a two consumer level types of VPN: router VPNs and VPN services.
Router VPNs. Senior Security Researcher Jean Taggart, for Malwarebytes Labs, recommends the at home solution router VPN as the “one VPN to rule them all.”. Any device connected to your home network is automatically protected by the router VPN—even devices that don’t support VPNs natively (e.g. Xbox and PlayStation).
Jeans says “The only problem with router VPNs is that they’re difficult to setup. If you’re willing to give it a shot, please read her step by step guide to setting up a router VPN.
VPN services. are responsible for the servers, the encryption, and the user authentication. Customers need only install the VPN service provider’s software on their device to log in to the VPN service’s servers. Therefore, there’s no need to setup, or maintain anything.
VPNs services are available for Windows, Mac, Android, iOS, and Chrome.
What is the history of VPNs?
In the mid 1990 people WFH had to connect a home computer to the office network via an unsecured, low-speed dial-up connection. Gurdeep Singh-Pall in 1996, now a VP a Microsoft created a basic form of VPN known as point-to-point tunneling protocol or PPTP, for short. This was a definite improvement on the dial-up service, even though it has weaker forms of security, especially in contrast to today’s standard. It was the best way to work remotely in its time, more secure and speedier.
Used primarily by businesses and their employees for the first ten years or more, it wasn’t until the early 2000s that people started to realise the value of VPNs at the consumer level. Primarily as a way to protect one’s privacy.
The National Security Agency (NSA) had found a way to routinely crack certain obsolete VPN technologies, including PTPP. We learned from Edward Snowden’s disclosures on global surveillance.
How do I use a VPN?
5 tips to get you started with VPNs
- Do your research – A little research will go along way. Read the reviews, on a trustworthy site or stick with a trusted vendor within cybersecurity. Remember cybercriminals use VPN to track activity so you don’t want to download “the only free VPN that doesn’t keep logs” by mistake.
- Go with a trusted name in cybersecurity. If you choose a company that already well regarded for their cybersecurity products, you can’t go wrong!
For example, Malwarebytes Privacy uses VPN tunneling technology to safeguard your personal info and help you stay anonymous while using the web.
- Avoid free VPNs. Legitimate VPNs generally cost money. The free VPNs exist for criminals, not wanting to leave a paper trail. To be clear, the majority of free VPNs are run by criminals, for criminals.
- Decide if you need P2P and BitTorrent. Some VPNs don’t support BitTorrent and other P2P file-sharing services. If you plan on using P2P, make sure your VPN will allow you to do so before signing up as these services can be used to share copyrighted or illegal material.
- Use a good cybersecurity program as VPNs are only one aspect of your cybersecurity strategy. If you’re a business owner or IT admin, take a look at Malwarebytes for Teams https://www.malwarebytes.com/business/teams/
Home users on the other hand interested in using the Internet safely and privately should take a look at
Privacy and security are important parts of our online experience whether we are a business or an individual. A virtual private network is a valuable tool in hiding your identity, your location and your activity, to keep the riff raff at bay.