Categories
Systems Administration

VPNs for the Average Person

For the average person, their knowledge of VPNs is probably along the lines of— Step 1) Enter username and password. Step 2) click connect. Step 3) Done. However, VPNs have many unique attributes that are worth knowing if you have the time to skim the surface.

Back in the day, VPNs used to be a top-secret concept only the most technologically inclined members of society knew about. With recent events, I bet everyone has heard of a VPN. Many remote workers started using one daily. Most remote employees have likely learned about the importance of VPNs in cybersecurity training videos. More likely, the average person has probably met someone that has a friend of a friend that uses a VPN to download pirated television shows.

BASIC FUNCTION OF VPNS

VPNs are becoming basic computer knowledge, but most people still don’t really know what goes on under the hood. To get into the mechanics of a VPN, it is useful to have a firm grasp what a VPN accomplishes. When we use the public internet, our data can be intercepted easily in an infinite number of ways. Our devices are transmitting information 24/7. A VPN prevents this data from falling into the wrong hands by using privacy and encryption.

PRIVACY

Data traveling over the internet is classified as PII or non-PII. PII stands for Personally Identifiable Information. PII is generally considered to be sensitive, and non-PII is considered non-sensitive. When most people think of PII, they think of social security numbers, names, mailing addresses, etc. But we are learning more and more how non-PII can create a trail of breadcrumbs for a threat-actor to gain access to the most valuable PII.

The same way a forensic investigator matches a fingerprint to a criminal, a data analyst could match a “fingerprint” pattern for web browsing to a specific person. You might be thinking… If that is the case, does privacy even matter? Is privacy even possible? Privacy is a heavily debated topic, but it’s worth knowing the value data has nowadays. In recent years, big data companies have overtaken other industries in market value. Industries that have been at the top for decades. As people and businesses continue to rely on web services 24/7, the value of privacy (or at least the illusion of privacy) will continue to go up.

TUNNELING PROTOCOLS

The main way a VPN creates privacy is by using a tunneling protocol to mask the IP address of the user. A good way to explain how tunneling provides privacy is by starting with the concept of internet packets. The internet functions by breaking down data into packets before it is transferred. A document might be ten packets, while a video might be a thousand packets. A VPN uses a tunneling protocol to tag these packets with a “fake” IP address.

Because of the way the internet works, data going on the internet must be labeled with an IP address. When someone buys an internet connection from an ISP (Internet Service Provider), they use their name to pay. Therefore, IP addresses are the link between someone using the internet and their identity. The only way to get around this issue is to provide a “fake” IP address. This “fake” IP address is just the IP address of the VPN service.

Privacy – made by Kenneth Carnes
ENCRYPTION

The second half of what makes VPNs secure is the ability to encrypt data. Before data goes out into the public internet, the VPN service encrypts the data. If the data is encrypted, threat actors can’t do anything with the data while it’s on the public internet. When the data arrives at the destination, the VPN service decrypts the data.

Encryption is used in many ways in technology. Encryption in VPNs is much like other forms of encryption. Encryption takes plain text and scrambles it into cipher text, which is unreadable. This is done by using an encryption algorithm and a key. This key is used to unscramble or decrypt the cipher text when it needs to be read again. Only the entity with the key can decrypt cipher text.

ENTERPRISE VPNS

VPNs are most often used in enterprise environments. Many companies have a private network, or multiple private networks, called sites. These sites have shared resources that can only be accessed from within the private network.

A VPN uses a “fake” IP address to trick networks into thinking they are part of the same network. There are two main ways of doing this so they can share resources.

REMOTE ACCESS

A client-to-site VPN, also known as a remote access VPN, is used when remote employees need to safely access resources inside a private company network. In this relationship, the private company network is the site, and the remote employee is the client.

Client-to-site VPNs are easy to set up. Remote employees use software, called a VPN client. The private network uses a VPN server to process all the requests from the clients. With this setup, employees can be scattered all over the world and can access network resources on a single private company network.

Remote Access VPN – made by Kenneth Carnes
SITE-TO-SITE

Another type of VPN is a site-to-site VPN. This type of VPN is used when multiple users on multiple networks need to share network resources. One example would be a corporation that has a US headquarters and an EU headquarters. These two headquarters would each have a VPN server to create a secure connection across the public internet. The company could even set up another VPN server at the Asia headquarters. Now employees at all three headquarters can share resources securely. In a site-to-site VPN model, there can be many sites. Each site has its own VPN server.

Site-to-site VPN – made by Kenneth Carnes
VPNS FOR PERSONAL USE

Both models above can be used for personal VPNs as well. The most common is remote access. Users can set up their own VPN server at home, or they can pay a VPN service to use their server. This way, the user only has to download the VPN client to start browsing.

The main differentiator when it comes to personal VPNs is privacy. Chances are, a free VPN service isn’t actually providing much privacy. It might be susceptible to attacks, or it could be logging your information and selling it.

You are more likely to get a better result from a paid VPN service, but nobody really knows for sure how much privacy all the different brands provide. You must do your research and hope for the best.

If a user decides to set up their own VPN server, they would not be providing any privacy. Privacy is only created when a “fake” IP address masks the users IP address. Since IP addresses are tied to the identity of the user, all traffic through the VPN could still be traced back to the user. A more likely reason for this setup would be to access their home network resources while they are not at home.

CONCLUSION

If you have taken the time to search, you may have found different options to choose from. If you try to narrow down your decision by using Reddit, you will find conflicting opinions about the “best” brand or the “correct” configuration. All the information out there makes the decision to start using a VPN difficult, but like many technology concepts, VPNs can be broken down in simple terms.

Links

  1. Very interesting read Ken. I was considering setting up my own LAN separated from the household LAN and this provided…

Leave a Reply

Your email address will not be published. Required fields are marked *