Estimated Reading: 4 minutes
We talk about VPNs (virtual private networks) a lot and how important they are to information security. But we rarely discuss how they work or what they’re doing. So today, we’re going to dive in a little deeper and attempt to visualize the process to get a better understanding of why we all should use VPNs, especially on public networks.
VPNs For Beginners
VPNs are subscription-based services that encrypt your internet connection by sending it through private servers. You pay for the service. You download the software (called a VPN client). You select a server owned by the VPN provider (or set it to auto-connect). Then you connect to the internet.
Ordinarily, when you connect to the internet you do so through your internet service provider’s (ISP) servers, which then connects you to whatever website(s) you are trying to reach. This is considered an unsecured connection because your IP address is public (http://whatismyipaddress.com/), and your ISP can monitor your traffic—which means they can see which sites you’re visiting and what data you are transferring.
When you connect via a VPN, your IP address changes. Your ISP can only see that you are connected to a VPN server but cannot see where you are browsing, and neither can anyone else.
Organizations of all sizes use VPNs every day to provide a secure connection from their main network to computers that are remote. Think of it as a private, physical line that has been run from the remote worker’s computer to the network of the company. Obviously, it would be impossible to run physical cables for every remote computer. VPNs are designed to do it virtually as if the worker was hardwired to the network.
In short, when you connect to the internet through a VPN, your connection is encrypted and your location is hidden.
VPNs: Private Transportation Along the Information Super Highway
Imagine a year-round festival that the entire world is invited to. Hundreds of millions of people come and go every day to visit the millions of vendors and entertainment booths.
This festival is our internet. The vendors and booths are websites. The people represent anyone with an internet connection—a vehicle to get to and from the vendors. Most of them are just like you and me—normal citizens who are attending the festival to fulfill a need or for entertainment. But some are not like us. Some are criminals who are on the constant lookout for a quick scam—a swipe of a purse, a pick of a pocket, or worse.
How do you protect yourself from these criminals? Your method of getting to and fro this festival and the subsequent vendors plays a major role in your safety. If you’re attending at home from your own network, you’ve essentially provided your own transportation. You don’t need to worry about the concerns of public transit. Your internet service provider opens the gate to your driveway, allowing you to go wherever you want.
But let’s say you’re at an airport and that airport is providing free transportation to the festival. This is where things get dangerous. Once you jump on the free shuttle (free public WiFi), everyone else can eavesdrop on your conversations. They can see your email addresses and usernames. They can see which vendors you are visiting. They can even see your passwords and credit card numbers if they are so inclined. Now what?
This is why VPNs are so important. They encrypt your data and hide your identity (IP address) as you go from one website to the next. Let’s go back to the airport shuttle analogy. With a VPN, you are still using the same public transit system to get to and from the festival (the free WiFi) but instead of standing shoulder to shoulder with everyone else in the main cabin, you are given a private suite in which no one else can see in. They can’t enter. They don’t even know who has access to the suite or the final destination of the suite. VPNs are your private suite on a public network.
But it’s not just public networks where they come in handy. Let’s say you’re connected to your company’s
database from home and accessing sensitive information. You are providing your own transportation, so you are safer than if you were on a public shuttle, but the highway you are traveling on to reach the company’s server is the same one that millions of other people are using. In other words, almost anyone can see where you’re going, they know where you came from via your license plate (IP address) and worst yet, you can still get hijacked and any sensitive information you happen to have in your vehicle can be stolen.
VPNs prevent this from happening by providing a private highway that no one else can access. These highways are not only safer by encrypting your sensitive information, they also shield your identity by allowing you to visit vendors anonymously. Furthermore, VPNs provide alternate routes that give access to certain vendors that the main highway does not.
This analogy obviously doesn’t explain how VPNs actually work. There are a lot of technical details that we didn’t cover, which you can read about at your leisure. The important thing to know is that without a VPN, you are taking a major risk when on a public network and everything you do can be traced by your ISPs or government entities.
VPNs provide you with private transportation along the information superhighway. They protect your identity, encrypt your information, they allow you to travel anonymously while also protecting you from data monitoring and eavesdropping. In short, they are one of the most useful tools in cybersecurity that we have at our disposal.
Choosing The Right VPN For You
The VPN market has somewhat exploded over the last few years, leaving us with lots of options to choose from. We can’t recommend one over the other; this is where you’ll need to do some research. But we can recommend a few things to consider before selecting a service:
- Assess your needs. Do you need a secure connection to your home network or office? Do you travel a lot and need a secure connection on public networks?
- Is the VPN compatible on multiple devices for one price? You’ll want to be able to install the client on your laptop and smart devices alike.
- How many servers does the VPN offer? Where are they located? Diversity is key.
- Do they keep any logs? Meaning, do they store information that can be traced back to you? Most do not but it’s worth looking into their privacy policies.
- Are there any data or bandwidth restrictions?
- Follow policy. If you have a work-issued device, find out if they allow you to install third-party software.
Finally, here are a few reviews for more information:
Latest posts by Justin Bonnema (see all)
- Incident Response: Time Is Not On Your Side - April 1, 2019
- 5 Traits of Security Aware Parents - March 14, 2019
- Bad Habits of Senior Managers That Put Security of Organizations at Risk - March 1, 2019