If you travel frequently, for business or personal reasons, you may need a VPN. Or if you spend a lot of time connected to public wi-fi networks in hotels, libraries, coffee shops, restaurants, airports or elsewhere, you may need a VPN. Or if you need to connect to the business (or home) network back at the office over the Internet, you may need a VPN. This week we will take a deeper look at VPN as an addition to your security stack.
Normally, when we communicate over the Internet, whether we are connecting to a website, or reading our email, the communications are done in “clear text” or plain old English. There are ways for bad actors to intercept the computer communications sessions and read them. When we connect to HTTPS or secure websites, for banking, shopping, or perhaps to read our email, the S in HTTPS means that our communications with that particular web server are encrypted, and even if intercepted by a third party, would be unreadable for anyone other than you.
A VPN or virtual private network creates an encrypted pathway, or what is called a “tunnel” through the Internet, in a way similar to the way an HTTPS website does. Information sent over a network or the Internet is contained in what is called a “packet.” Think of a packet as being similar in concept to an envelope you might use for postal mail. The envelope contains your message in plain language. Someone could intercept your envelope, steam it open, and read your message. Encryption works by taking the plain text packet, and encrypting or “encapsulating” it using an encryption key. This would be similar to taking our postal envelope, and placing it inside a locked box before mailing it. The recipient would need a key to unlock the box and read the message. Anyone intercepting the locked box would be unable to open it without the key. In this way, using a VPN will keep all of your online communications encrypted and secure.
There are two basic kinds of VPNs.
- Private VPN – The first is a private, dedicated VPN that connects your computer to another computer over the Internet. This sort of VPN encrypts the entire communication pathway from the origin to the destination, and back again. It has the advantage of being the most secure. This kind of VPN is usually set up for traveling or remote employees who need a secure way to connect back to the headquarters offices. A very security and privacy conscious individual might set up a VPN to connect back to their home network. But these sorts of VPNs are very inflexible, connecting only the two designated computers. These need to be configured in advance, usually by someone on your IT staff. After the initial labor expense required to set up your VPN, use is free of charge.
- Public VPN – This is VPN as a service provided by any of dozens of service providers. Typically there are monthly or annual fees to pay. The VPN you create in this scenario connects your computer to a server provided by the VPN service provider. The VPN server completes to connection to your destination, or the recipient. The important difference is that only the part of the route from your computer to the VPN server is encrypted. The packets are unencrypted from the VPN server to the destination. So, ideally, you want a service with servers in many locations, so the last unencrypted leg is as short as possible.Public VPNs do a great job of hiding your original IP address from your ISP, or anyone who may be tracking you online, whether an advertiser or a government. This VPN will also make it impossible from someone capturing packets on a public wi-fi, or other public network to be able to read your communications, so this can be useful, even if it does not encrypt your message over the entire communications route.
- TOR – Tor is a variation of the public VPN. TOR is free. It is a public network of encrypted connections that can be used similarly to a VPN. It is used by people who need to keep their identity and location private and secure. TOR works using a special version of the Firefox browser, and it encrypts your packets several times, and bounces it through a network of TOR servers all over the globe. Each step along the way, a layer of encryption is removed, and sent along to the next router. When your packets get to a TOR exit node, the last layer of encryption is removed, and your clear text message takes one more hop to the destination or recipient. The message is in the clear during that last leg of the route.Back to our envelope analogy, imagine your envelope is locked in 7 to 10 nested locked boxes, each box addressed to a different recipient, with instructions to continue to send the box on to the next person in the route. The first box is sent to an anonymous person who unlocks the box and mails the remaining boxes to the next person, who unlock their box and mails the remainder to the next person, and so on until it finally gets to the destination. Each person only know where the box came from, and where they sent it, but no one knows the entire route. This keeps the location of the sender secret, and the message secret as well. That is how TOR works.
One of these systems could be right for you. In our next article, we will discuss how to decide features to consider when selecting a public VPN.