What Is a VPN?

A virtual private network (VPN) adds security and anonymity to users when they connect to web-based services and sites. A VPN hides the user’s actual public IP address and “tunnels” traffic between the user’s device and the remote server. Most users sign up for a VPN service to avoid being tracked online, and they often use it on public Wi-Fi where there are greater risks to the safety of their data.

When you make a connection to a web server, your browser performs a lookup on the domain name from Domain Name Services (DNS) servers, gets the IP address, and then connects to the server. In most cases, the connection is encrypted using SSL/TLS. Even with SSL/TLS, numerous attacks on public Wi-Fi are possible. For example, a clever attacker can perform a downgrade on the version of TLS used to encrypt data, making communication vulnerable to brute force.

With a VPN added to the connection, the VPN service packages data in its own encryption and sends it across the network. The targeted server sees the VPN’s public IP address instead of the user’s public IP address. Should an attacker hijack the connection and eavesdrop on data, good VPN encryption eliminates the possibility of a brute force opportunity, which discloses data in a cryptographically insecure connection.

The first step in VPN setup is finding a provider that’s right for you. Several VPN providers are available, but each one has its pros and cons. For example, you need a provider with a protocol that all devices support. It should be easy to set up, available from any geolocation, and provide cryptographically secure encryption for adequate security in public Wi-Fi use.

A main differentiating factor between a good VPN and one that offers little advantages is the number of users on a single IP address. Spammers and malicious threat actors often also use a VPN, meaning some service providers block VPN IP addresses. Service providers can download a list of VPN IP addresses and block them from accessing local services. Good VPN offers private IP addresses, which costs more but also offers increased freedom and anonymity on the Internet.

After you choose a VPN, you then must configure your device to use it. These configurations are specific to each VPN provider, so yours should equip you with their step-by-step instructions. Some VPN providers give you an install file to help with the setup process, which is helpful if you are unfamiliar with operating-system configurations.

A VPN is an intermediary between your computer and the targeted server. Instead of relying on a browser to encrypt communication between your device and the server, the VPN adds its own encryptions and routes communication via its own servers. You often hear the term “tunnelling” when it comes to VPN services. The idea is that the VPN service opens a “tunnel” between you and the targeted server. Then, the VPN sends your data through its “tunnel” so that no one else on the network can eavesdrop and hijack your data.

Technically, the VPN sets up a connection where your device communicates on the VPN network instead of the local network, including public Wi-Fi. You authenticate with the VPN server using your stored credentials and then receive a connection to the VPN servers. With the tunnel set up, you use a virtual network connection between you and the VPN server that encrypts and protects data from eavesdroppers. If you use an SSL/TLS connection, the data is encrypted and then encrypted again using the VPN service. It adds double encryption to your communication, improving the security of your data.

Remember, when connected to a VPN server, the IP address shown to the target server is the VPN server’s IP address. If the VPN server is virtually or physically located in another country, the target web server will identify your location as the VPN country location.

To set up a VPN, you need to configure the operating system to use it instead of simply using the browser. Once configured, any connection to the Internet and remote web services will use the VPN server. The settings used to connect to the VPN server depend on the service that you choose. To set up a VPN in Windows, follow these steps.

Type “VPN” into the search bar, and the VPN settings window opens.

Click the “Add a VPN connection” option to open a window that displays the information required to connect to a VPN.

The information that you enter in this window depends on your service provider. All information is supplied to you when you set up your account. If your provider sent you an installation file, use that to set up the service rather than manually configuring and installing protocols.

While VPNs are beneficial for individual users, VPNs are not always the best option for businesses. It adds a layer of risk and must be monitored for suspicious activity. It’s an added risk that breaks the “no privilege” model used in secure systems.

Instead of working with a VPN, businesses could choose to implement:

• Identification and access management. An IAM provider incorporates network credentials with remote servers and makes the secure connection a part of the corporate environment. For example, Amazon Web Services has an IAM service that can be used to connect with its remote servers.
• Privileged access management (PAM). By implementing PAM, businesses can create high-level credentials that require increased security. Credential strategies include rotating keys frequently, 12-character passwords, system obfuscations, and better data access controls.
• Vendor privileged access management (VPAM). Instead of giving vendors and third-party contractors direct access to servers, a VPAM system separates employees from other credentials. By separating these credentials, organisations can more closely monitor activity by third-party vendors and contractors who might not secure credentials as closely as they should.

VPNs also have limited use for enterprise organisations. VPN infrastructure does not support a zero-trust cybersecurity model, which is essential for organisations that rely on cloud applications and remote workers.

Today, access to reliable cloud-hosted applications and data is essential for productivity. Zero trust network access (ZTNA) works like a trusted broker that mediates connectivity between users and applications. ZTNA isolates resources from the internet and protects them from outside threats.

Instead of a VPN, enterprise organisations should consider software-defined perimeter (SDP). Rather than focusing on securing the network, SDP works to secure users, applications, and the connections between them by:

• Granting access only after both the user and the device have been authenticated
• Assigning each device a unique identifier for granular data access permissions

Because SDP requires granular access permissions and device identification, it generates detailed audit trails that are useful for incident response and analysis.