A Virtual Private Network (VPN) adds security and anonymity to users when they connect to web-based services and sites. A VPN hides the user’s actual public IP address and “tunnels” traffic between the user’s device and the remote server. Most users sign up for a VPN service online anonymity to avoid being tracked, and they often use public Wi-Fi where increased risks threaten the safety of their data.
Why Do I Need a VPN?
When you make a connection to a web server, your browser performs a lookup on the domain name from Domain Name Services (DNS) servers, gets the IP address, and then connects to the server. In most cases, the connection is encrypted using SSL/TLS. Even with SSL/TLS, numerous attacks on public Wi-Fi are possible. For example, a clever attacker can perform a downgrade on the version of TLS used to encrypt data, making communication vulnerable to brute force.
With a VPN added to the connection, the VPN service packages data in its own encryption and sends it across the network. The targeted server sees the VPN’s public IP address instead of the user’s public IP address. Should an attacker hijack the connection and eavesdrop on data, good VPN encryption eliminates the possibility of a brute force opportunity, which discloses data in a cryptographically insecure connection.
How to Use a VPN
The first step in VPN setup is finding a provider that’s right for you. Several VPN providers are available, but each one has its pros and cons. For example, you need a provider with a protocol that all devices support. It should be easy to set up, available from any geolocation, and provide cryptographically secure encryption for adequate security in public Wi-Fi use.
A main differentiating factor between a good VPN and one that offers little advantages is the number of users on a single IP address. Some service providers block VPN IP addresses because spammers and malicious threat actors also use VPN to anonymize their connection. Service providers can download a list of VPN IP addresses and block them from accessing local services. Good VPN offers private IP addresses, which costs more but also offers increased freedom and anonymity on the Internet.
After you choose a VPN, you then must configure your device to use it. These configurations are specific to each VPN provider, so yours equip you with their step-by-step instructions. Some VPN providers give you an install file to help with the setup process, which is helpful if you are unfamiliar with operating-system configurations.
How VPN Works
A VPN is an intermediary between your computer and the targeted server. Instead of relying on a browser to encrypt communication between your device and the server, the VPN adds its own encryptions and routes communication via its own servers. You often hear the term “tunneling” when it comes to VPN services. The idea is that the VPN service opens a “tunnel” between you and the targeted server. Then, the VPN sends your data through its “tunnel” so that no one else on the network can eavesdrop and hijack your data.
Technically, the VPN sets up a connection where your device communicates on the VPN network instead of the local network, including public Wi-Fi. You authenticate with the VPN server using your stored credentials and then receive a connection to the VPN servers. With the tunnel set up, you use a virtual network connection between you and the VPN server that encrypts and protects data from eavesdroppers. If you use an SSL/TLS connection, the data is encrypted and then encrypted again using the VPN service. It adds double encryption to your communication, improving the security of your data.
Remember, when connected to a VPN server, the IP address shown to the target server is the VPN server’s IP address. If the VPN server is virtually or physically located in another country, the target web server will identify your location as the VPN country location.
How to Set Up a VPN
To set up a VPN, you need to configure the operating system to use it instead of simply using the browser. Once configured, any connection to the Internet and remote web services will use the VPN server. The settings used to connect to the VPN server depend on the service that you choose. To set up a VPN in Windows, follow these steps.
Type “VPN” into the search bar, and the VPN settings window opens.
Click the “Add a VPN connection” option to open a window that displays the information required to connect to a VPN.
The information that you enter in this window depends on your service provider. All information is supplied to you when you set up your account. If your provider sent you an installation file, use that to set up the service rather than manually configuring and installing protocols.
For businesses, VPNs are not always the best option. It adds a layer of risk and must be monitored for suspicious activity. It's an added risk that breaks the “no privilege” model used in secure systems. Instead of working with a VPN, businesses could choose to:
Implement Identification and Access Management (IAM)
An IAM provider incorporates network credentials with remote servers and makes the secure connection a part of the corporate environment. For example, Amazon Web Services has an IAM service that can be used to connect with its remote servers.
Privileged Access Management (PAM)
By implementing PAM, businesses can create high-level credentials that require increased security. Credential strategies include rotating keys frequently, 12-character passwords, system obfuscations, and better data access controls.
Vendor Privileged Access Management (VPAM)
Instead of giving vendors and third-party contractors direct access to servers, a VPAM system separates employees from other credentials. By separating these credentials, organizations can more closely monitor activity by third-party vendors and contractors who might not secure credentials as closely as they should.
While VPNs are beneficial for individual users, they have limited use for enterprise organizations. VPN infrastructure does not support a zero-trust cybersecurity model, which is essential in the enterprise for data protection. A software-defined perimeter (SDP) is the preferred method over VPN for an enterprise. An SDP such as Proofpoint’s ZTNA creates an identity and context-based protection perimeter around systems. An SDP:
- Grants access only after user authentication and device authentication.
- Each user device is given a unique identification value for better logging and granular data access permissions.
- Because of more granular access permissions and device identification, full audit trails and logging options are available for incident response and analysis.