May 23rd, 2018



Virtual Private Networks: Should you be using one?

A VPN, or Virtual Private Network, allows you to create an encrypted connection to another network over the Internet.  Most users are familiar with them for connecting back to their institution's network for remote access.  While this is one reason to use a VPN, it's far from the only reason to use one.  In today's environments, eaves-dropping, public Wi-Fi, and location tracking (just to name a few) pose significant issues that often result in unwanted privacy invasions or data theft.

One method of helping to prevent this is using a VPN.  In very simple terms, a VPN connects your PC, smartphone, or tablet to another network somewhere on the Internet and allows you to browse the Internet using that network's Internet connection.

You may already be familiar with a VPN by using it to connect back to your corporate network.  But, have you considered using one on your phone?  On your personal laptop?  Have you thought about all the eavesdropping that takes place on a hotel and restaurant-provided public Wi-Fi?  If the answer is no, now is the time to consider utilizing a VPN not only for traveling, but every day usage.

Why do I need one?

Let's take a step back for just a moment.  Consider how much of your life is transmitted over the inherently insecure Internet.  Do you feel an overwhelming sense of dread and anxiety?  That feeling is entirely justifiable, considering the forces at work to invade your privacy.  One of the best ways (but not the only way) to help secure your data is to use a VPN, which also provides some control over how you're identified online.

How does it work?

To put it simply, a VPN creates an encrypted tunnel between you and a remote network; in this case, a remote network operated by a VPN service.  ALL external Internet traffic is routed through this tunnel, in an effort to secure it from prying eyes.  As a side benefit, your computer appears to also have an IP address of the VPN server, helping to mask your identity.

When your data reaches the VPN server, such as browsing a web page, it"exits" to the public Internet.  If the Web site uses HTTPS to secure the connection, you're still secure in most respects; but many things can go wrong.  If your data is then intercepted after it leaves the VPN server, it's very difficult to trace the data back to you, since it appears to be coming from the VPN service.

To better understand the overall value of utilizing a VPN service, some specific scenarios where a VPN should always be utilized are in order.  Consider that hotel or coffee shop's Wi-Fi you just connected to.  Most people just connect to it without a second thought and begin going about their day.  But, what most do not realize, is those networks are prime territory for hackers (both malicious and enthusiast) to eavesdrop on your transmissions.

Additionally, are you 100% certain the network you just connected to is the location's legitimate access point?  Just because it says"Starbucks", doesn't mean it's legitimate.  Even if it is, anyone connected to it, can see every user's data being transmitted who is. Many hackers will also sit nearby and broadcast the same SSID as the legitimate one (with the same password), albeit at a higher signal strength, in order to get your device to connect to their rogue access point for the purposes of malicious activities.

What a VPN Doesn't Do

It is important to note, that while VPNs do encrypt and anonymize some Internet activities, there are many other ways you can be tracked, even after you're done using the site, such as Facebook and Google, through the use of persistent"cookies" that remain on your computer.

A VPN is also not an end-to-end encrypted tunnel for each web site, service or application you use on the Internet.  It is meant to only encrypt traffic up to the VPN server end-point, thus protecting your data on any"local" networks, such as public Wi-Fi and associated Internet Service Provider (ISP).  As a result, for important applications or web sites that contain personally identifiable information, it is still very important to ensure that your data is also encrypted past the VPN server's end-point, such as using HTTPS.

Using a VPN is not a magical tool to protect you from all possible threats.  It is merely another layer of security on top of the best practices you already use.  A VPN can be defeated by malware and analyzing traffic patterns to correlate activity.  But, using a VPN will help to ensure you won't be an easy target or get scooped up in mass surveillance.

What VPN service do I use?

Picking a VPN service, can be a lot like deciding what's the best car to drive.  Some have better features, others are faster (and slower), and some are more expensive than others.  Some options to consider are:

  • How fast do you need it to be?
  • Price
  • Supported Operating Systems (i.e., Windows, MacOS, Android, iOS, Chrome, etc.)
  • Number of Allowed Simultaneous Connections
  • Amount of VPN Servers Available
  • Geographically Diverse Servers
  • Privacy Policies
  • Ease of Setup
  • Customer Support
  • Kill Switch (stops all network traffic upon disconnect)

The list could be very long, all depending on your needs.  Most of these can be found with a simple Google (or DuckDuckGo) search.

Many reviews are available by third parties that offer good insight into all the options and features offered by each service.   It is important to research a provider thoroughly.  Recently, less reputable VPN services have been caught mishandling customer data, selling their bandwidth, and even embedding malware in the VPN client.  If a provider offers"free" VPN service, what are they getting in exchange?  That should be a warning signal.

Once you select a service, most are very easy to install, even for the novice user.

PDF Icon  Download Blog

Keep your institution off the evening news.

Contact Us