Internet connectivity has become quite ubiquitous, connecting a large part of the world’s population to each other. However, despite the massive advantages it brings to the table, it’s still a metaphorical wilderness where your information is always in danger of being stolen by hackers. Not only that, but there are dictatorships and totalitarian governments that want to have complete control over what you can and cannot access on the Internet. We spoke to Andrew Spooner, a prolific writer of helpful VPN articles, and asked him to give us an extensive primer on virtual private networks (VPNs), which are a solution to the cesspool that is public networks.
Let’s face it: there are all kinds of pitfalls to public networks. We have Firesheep, Honeypot attacks, Wi-Fi spoofing, and all other kinds of things with exotic names that inspire as much humor as they do fear. If you’re going to survive in such an environment, you need to be well protected. There may be times when you want to access data on your company’s servers from a remote area. This data may likely be highly sensitive and accessing it from the Wi-Fi hotspot of an airport or coffee house is one of the riskiest things you could possibly do. You’ll be putting that data, your job and the company’s entire business at a phenomenal risk. So, what is the answer? A VPN, of course!
The Facts About VPNs
VPNs are networks that allow an individual to access a private network and interact with it from remote locations via public networks. The best way to understand how VPNs work is to imagine the idea of a firewall. A firewall protects the data as it sits on your computer. A VPN protects that data while it is online. Technically speaking, a VPN is a wide area network (WAN). However, the front end of this network acts just like a private network would, with the same appearance, security, and functionality.
VPNs are very popular because of this. They are a favorite of corporations and are typically used as a means of security, protecting the sensitive information these companies hold in their private servers when connecting to remote data centers. However, they’re not a favorite of corporations alone. They’re also fast gaining popularity among individuals. I’m not talking about people who torrent often or try to access the dark web. I’m talking about everyone.
Encryption Makes Hacking More Difficult
The thing about VPNs is that they combine encryption protocols with dedicated connections to generate virtual peer-to-peer connections. Even if hackers were skilled or lucky enough to get the information transmitted, they wouldn’t be able to make any sense of it because of the fact that it was well encrypted.
Another major advantage of VPNs is that they give the user the ability to spoof their location. Your real Internet protocol (IP) address will be replaced by the IP address of the VPN provider. That means you can get past filters on some sites and forms of content easily. While you’re really in Tehran, your IP address says you’re in Los Angeles. You can now enjoy a simple YouTube video without having to contend with the watchful eye of your totalitarian government.
Establishing a Secure Connection
So far, all of this stuff may sound quite complicated, but it really isn’t. Establishing a secure connection is very easy. First, you connect to the regular public Internet via your chosen Internet service provider (ISP) and then initiate your VPN connection with the server of your VPN provider via their client software. That’s pretty much it. The client software on the destination server, which is the server you’re trying to connect to, will confirm that there is a secure connection, grant you access to the private network, and you’ll have all the access you need to the private data.
There are many different types of VPNs, based on the security protocol which they apply. Here is a breakdown:
- IPSec: This is also known as IP security. It is a security protocol used very often to secure communications over the Internet and can be used in two modes. The transport mode encrypts the data packet message itself and nothing else while tunneling mode is a little more robust and encrypts the entire data packet. This protocol in and of itself isn’t very strong. It is best used alongside other protocols to improve the overall security of the system. However, it is still a very important part of VPNs.
- L2TP/IPSec: Layer 2 tunneling protocol (L2TP ) can be combined with the IPSec protocol to create what is often considered a very strong VPN client. L2TP on its own is incapable of any encryption. What it does is generate a tunnel while the IPSec protocol does the encrypting, the securing of the channel and the checking of the integrity of the data to ensure that the packets sent out have arrived safely at their destination and the channel is fully secure.
- SSL/TLS: Secure sockets layer (SSL) and transport layer security (TLS) are used heavily when it comes to protecting online retailers and service providers in the e-commerce business. They basically operate like this: The client initiates an SSL connection based on HTTP using https:// as opposed to HTTP://. At the very start of the session, something called an SSL handshake is performed which produces the cryptographic details of the session. These details are digital certificates which allow the client and the server to exchange a variety of information, including encryption keys, authentication information for the session, and information allowing the secure connection to be created.
- PPTP: Point-to-point tunneling protocol (PPTP) is a very common protocol that has been in extensive use since the 1990s when the Internet was in its infancy. It has the ability to be installed on a wide range of operating systems and has been working on our computers since the days of Microsoft Windows 95. However, note that this protocol isn’t capable of encryption. What it does is to cover or encapsulate the data packet and then tunnel it. In order to encrypt the data a secondary protocol is required, such as transmission control protocol (TCP) or generic routing encapsulation (GRE). The PPTP protocol is fairly popular until recently. However, it should be noted that it isn’t the most secure and has been eclipsed by more modern protocols.
- SSH: Secure Shell (SSH) is a protocol that handles both the tunneling and the encryption, making it the most versatile of the protocols on this list. It creates the VPN tunnel and also creates the encryption that protects the tunnel and the data passing through it. The users can then transfer data that is unsecured via the encrypted tunnel by routing their traffic from various remote file servers. Notice that the data itself is unsecured, which means it isn’t encrypted. What is encrypted is the channel through which the data is moving. The SSH connection is initiated by an SSH client and then forwarded to a local port on the recipient server. The port of origin and the local port on the local port on the remote server are the two ends of the channel through which all the information between the two servers flows.
Enables the Bypassing of Port 80 Access
It is that last one — the SSH tunnel — that pretty much defines the modern VPN. These tunnels are what make it possible to bypass your government’s content filters. If the filter basically restricts access to port 80, which is responsible for HTTP connections, then all of your access to the internet is cut off. The SSH, meanwhile, enables you to forward all incoming data from port 80 to some other port on your local computer. That port still has a connection to port 80 on the remote server. For as long as the remote server permits outgoing connections, this method will work flawlessly.
However, SSH is even more powerful than that. There are certain protocols that naturally wouldn’t be allowed to get past the firewall on a machine, such as the one you’re using in your company. These protocols can make use of SSH by wrapping themselves in a skin that the firewall would recognize as a different protocol. That makes it possible for you to do all sorts of things, like torrenting and watching YouTube videos over your company’s restrictive network. As you can see, SSH is pretty much the godsend we’ve all been seeking.[related-posts]
Variety of Options Available
In order to create the VPN tunnel, there should a VPN client on your computer running. There are plenty of these clients out there. Whatever one you choose pretty much depends on the balance of benefits against costs. Some offer more privacy, others faster speeds and others still even offer you more security for your data and come coupled with antiviruses.
At the end of the day, it doesn’t really matter what you want to do. You might be bored in your cubicle at work and looking for entertainment, trying to torrent or simply trying to protect your data and communications from prying eyes. Whatever it is, the best way to keep your stuff secure online is to use a virtual private network.