Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

5 things you need to know about virtual private networks

Lucian Constantin | Nov. 8, 2016
VPNs are important for both enterprise and consumer security

A virtual private network is a secure tunnel between two or more computers on the internet, allowing them to access each other as if on a local network. In the past, VPNs were mainly used by companies to securely link remote branches together or connect roaming employees to the office network, but today they're an important service for consumers too, protecting them from attacks when they connect to public wireless networks. Given their importance, here's what you need to know about VPNs:

VPNs are good for your privacy and security

Open wireless networks pose a serious risk to users, because attackers sitting on the same networks can use various techniques to sniff web traffic and even hijack accounts on websites that don't use the HTTPS security protocol. In addition, some Wi-Fi network operators intentionally inject ads into web traffic, and these could lead to unwanted tracking.

In some regions of the world, governments track users who visit certain websites in order to to discover their political affiliations and identify dissidents -- practices that  threaten free speech and human rights.

By using a VPN connection, all of your traffic can be securely routed through a server located somewhere else in the world. This protects your computer from local tracking and hacking attempts and even hides your real Internet Protocol address from the websites and services you access.

Not all VPNs are created equal

There are different VPN technologies with varied encryption strengths. For example, the Point-to-Point Tunneling Protocol (PPTP) is fast, but much less secure than other protocols such as IPSec or OpenVPN, which uses SSL/TLS (Secure Sockets Layer/Transport Layer Security). Furthermore, with TLS-based VPNs the type of encryption algorithm and key length used is also important.

While OpenVPN supports many combinations of ciphers, key exchange protocols and hashing algorithms, the most common implementation offered by VPN service providers for OpenVPN connections is AES encryption with RSA key exchange and SHA signatures. The recommended settings are AES-256 encryption with a RSA key that's at least 2048 bits long and the SHA-2 (SHA-256) cryptographic hash function, instead of SHA-1.

It's worth noting that VPNs introduce overhead, so the stronger the encryption is, the bigger the impact will be on the connection speed. The choice of VPN technology and encryption strength should be made on a case-by-case basis, depending on what kind of data will be passed through it.

The security needs of corporations are different than those of most consumers, who typically only need to protect themselves against opportunistic traffic snooping attacks -- unless they're concerned about mass surveillance by the U.S. National Security Agency and similar intelligence agencies, in which case very strong encryption is needed.

 

1  2  Next Page 

Sign up for CIO Asia eNewsletters.