What is Virtual Private Network (VPN)?
A virtual private network or VPN creates a secure connection between two devices over an insecure network like the internet. To understand how it works, it is best to consider an example.
Let’s consider a user who wants to connect to their head office network. Between the office and the user is the internet, and there is no direct connection. To connect to the head office, a VPN is established between the user and the head office.
Another main use for a VPN is to connect two offices over the internet. In this case, each office will have a VPN device that will create a connection between the two offices.
In the past, offices were often connected using dedicated lines, which were expensive to operate. As the internet became cheaper and more common, these dedicated lines were replaced by internet connections. The internet is a public network, and companies need to keep their data private. To do this, companies use a VPN to create a secure connection over the internet to keep their traffic safe. Let’s take a closer look.
How VPNS Work
To understand how a VPN works, let’s consider two devices that are sending traffic between each other. For this example, I will only consider traffic going in one direction.
Now, let’s consider a hacker on the network. The hacker will attempt various techniques to access or modify the data traveling between the two devices. The first attack is packet sniffing. Packet sniffing is when the hacker simply reads the packets as they travel over the network without modifying them. It is very hard to detect an attack like this because the hacker is not changing anything on the network.
Another type of attack is packet injection. This is when the hacker injects their own packets into the data stream. Often, the hacker will wait until authentication has occurred over the network, then once this is complete, they will inject their own commands into the data stream.
The last attack I will examine is hijacking the data stream. This is when the hacker takes over the entire data stream. Essentially, they redirect the data stream so it is going to them rather than the intended device. When they do this, they can impersonate the other device, allowing them to steal data and send commands while impersonating the original device.
Let’s now consider how a VPN solves these problems. To do this, I will replace my devices with VPN devices. Now, the VPN devices will encrypt data as it travels over the network. Let’s consider how a VPN protects you from these attacks.
Since the data is now encrypted, packet sniffing won’t work. Even if the hacker captures your data, they won’t be able to make sense of it because it is encrypted.
Preventing packet injection is a bit more complicated. For example, the hacker may attempt to inject data simply to disrupt communication. The hacker does this by sending random data into the data stream in an attempt to force communication to become corrupted or fail, essentially causing a denial of service attack.
To prevent this from occurring, a VPN will use the previous packet as input for encrypting the next packet. Since the previous packet is used as input for the next packet, this creates a sequence. If a packet is modified or the sequence is broken, the packet is dropped. Thus, if a hacker injects data into the data stream, this new data won’t match the sequence and will be dropped.
If the hacker attempts to hijack the data stream, the data will be encrypted, and the hacker won’t be able to read it. If the hacker attempts to insert data into the hijacked data stream, the sequence will be broken, and the packets will be dropped. You can see the advantages of VPNs. Put simply, it allows a secure channel to be created over an insecure network that can’t be eavesdropped on or tampered with.
However, there is also another useful feature with VPNs.
VPN Location
A VPN changes your public IP address, making it appear as if you are somewhere else. This can have its advantages, but it can also be slow in some cases. In most cases, a VPN will slow down your connection, but there are some advantages to this. Many VPN providers advertise their products as improving your privacy. To understand if they do or not, it helps to consider how safe your traffic is without a VPN.
Non-VPN Connection
Nowadays, the vast majority of websites use HTTPS to encrypt data. The way this works is that the user connects to a website. A secure channel is created between the user and the website, and all the traffic between them is encrypted.
It is estimated that over 90% of websites use HTTPS, and users are more likely to visit a site that uses HTTPS over one that does not. This makes the number of websites visited using HTTPS quite high.
When you connect to a website that uses HTTPS, you will see a lock symbol next to the web address. If you don’t see this lock symbol, the connection is not secure. Since so many websites now use HTTPS, you will find that many internet browsers will give you a warning message if HTTPS is not supported. In some cases, downloads that don’t use HTTPS won’t work unless you enable a setting in the internet browser. This means there is a very high probability that all your web traffic is already encrypted.
This means that a hacker or your ISP won’t be able to listen in on your web traffic if it is encrypted. Depending on which country you live in, your ISP may gather data about you and sell it to a third party. In the US, this has been legal since 2017. There is a big temptation for an ISP to sell off what data they can, as it means extra revenue for them. At least by using HTTPS, this is one set of data the ISP won’t be able to access. However, there are often methods an ISP can use to view what you are looking at.
If you use network auto-configuration from your ISP, it will most likely use the ISP’s DNS server. DNS server traffic is currently not encrypted by default. DNS can be transferred over HTTPS just like web traffic. This standard started being used in DNS servers in 2018. If your DNS server supports it, you can use DNS over HTTPS. Since it is a new standard, your ISP may not support it.
Without encryption, a hacker could view your DNS traffic. They could also send back false replies to redirect your traffic to a fake website. Keep in mind that encrypted traffic can’t be read until it is decrypted. In the case of DNS over HTTPS, it is decrypted by the ISP’s DNS server. Thus, encrypting your DNS traffic but using the ISP’s DNS server does not offer you much protection. One way to get around this is to use an internet DNS server.
If your DNS traffic is not encrypted, your ISP will still be able to access it. If you encrypt the DNS traffic, this means the ISP won’t be able to access it, but the internet DNS server will still be able to. So the question is, who do you want to have access to your DNS data? You are essentially making a decision about who has access to it.
The next question is, what information can they obtain? The DNS server will be able to record which DNS names you resolve. Using this information, they can potentially determine which sites you visited. However, this information is limited. For example, the DNS server would know that you visited YouTube but would not be able to determine which videos you viewed on YouTube. Thus, using DNS information can only provide very broad statistical information.
The main takeaway from this is that without using a VPN, most of your data is encrypted, and if you use DNS over HTTPS, you can encrypt almost all of it. However, there are other ways of tracking you and gaining information from you.
It is quite common to track users using cookies. Cookies are small text files containing a small piece of data. Often, this data will be random, so it won’t mean anything to you but can be used by a website or service to identify you. Thus, if you are visiting different websites and there is a tracking cookie on your computer, it can be used to track you. This makes any encryption you use irrelevant.
The other point of attack is personal details. You can use the most secure encryption in the world, but if you use personal details on a website that is not secure, you have identified yourself. It’s like having the most secure front door in the world but leaving the back door open. Security is only as strong as the weakest link.
Many VPN companies advertise themselves as being secure, using terms like military encryption, saying it will keep you secure. This is a half-truth. As we have seen, you already have a lot of security without a VPN. Adding a VPN does not provide extra security if cookies are being used to track you or if you are careless about the information and sites you use on the internet. However, there are times when you would want to use a VPN. Let’s take a look.
From Low to High Security Network
Let’s consider an example network in a coffee shop’s Wi-Fi. This network is free to use, so anyone in range can access it. In this example, we have a user using their laptop in the coffee shop. On the coffee shop Wi-Fi is a hacker. Given that the coffee shop is a public network, it is very easy for a hacker to connect to these networks. The hacker could capture your traffic or send you traffic, either trying to hack into your computer or pretending to be someone else.
Thus, the coffee shop is considered to be a low-security network. In this example, let’s consider the user wants to connect to their head office. Once connected to their head office, they will be able to connect to the corporate network as if they were physically on the corporate network. Essentially, the user will be given an IP address on the corporate network.
To do this, a tunnel is created between the user and the office. For business VPNs, generally all the user’s traffic is directed through this tunnel. Thus, the hacker is no longer able to read any of the data from the user since it has now been put into a tunnel. For the hacker to get the data now, they would have to hack into the corporate network. Thus, the user has effectively increased their security to high even though they have connected to a low-security network.
Now, let’s consider that the user is connecting to a VPN. The VPN is connected to the internet, and thus the user has access to the internet. Since the user is connected to the VPN using a tunnel, they have once again bypassed the hacker.
The internet is full of hackers. I would argue Wi-Fi in the coffee shop is easy to be hacked. In contrast, it is harder for a hacker to hack into ISP connections. Thus, if I were using a home network, I would consider it a more secure network then a coffee shop and would not worry about using a VPN.
The internet, unlike the corporate network, is a public network. Thus, if you go to the wrong place on the internet, you put yourself at risk.
In The Real World
In the real world, there are two main situations where I would use VPNs. The first is when using insecure networks, such as public Wi-Fi often used in airports, cafes, and hotels. You don’t know who else is connecting to them.
The other time is to change my public-facing IP address so it appears that I am somewhere else. If you are planning any activity where someone knowing your public IP address may put you at risk of a denial-of-service attack, I would use a VPN. For example, internet streamers often use VPNs.
VPN providers often have locations all over the world that you can connect to. If you are simply trying to change your IP address, I recommend choosing a location close to your physical location. My personal experience is that if you try to connect to another country, this can significantly slow down your connection speed.
In the case of internet streaming, if someone were to get your public IP address, they would get the VPN’s public IP address. A denial-of-service attack would thus target the VPN provider, not you. They are generally good at handling these kinds of attacks, but if it gets out of hand, you can simply change the IP address the VPN is using or even change VPN servers. Your physical IP address is not always that easy to change.
Many VPN providers offer their own software that you can install on your computer to access the VPN. Another option is to purchase an external router, such as this travel router. These devices, when configured, automatically connect to the VPN for you. You simply plug it into your computer and connect to your network. For example, you would connect to the public Wi-Fi using the router, and the computer would connect to the router.
This gives you an extra layer of security. Operating systems come with firewalls to help keep your computer safe, and these devices also have firewalls that provide an extra layer for the hacker to get through to reach your computer.
These devices also come with an internet kill switch. If for any reason the VPN disconnects, you can configure it to automatically switch off the internet connection. This is one of the security weaknesses with a VPN. If they fail for any reason, it can leave your computer exposed to the public Wi-Fi. The internet kill switch cuts the connection, keeping you safe. However, you won’t have internet access until the VPN connection is restored.
In this case, I have used a Gl-iNet travel router as an example. There are many different routers available for purchase. We personally use these routers in the office and when traveling. They have models designed for traveling and others designed for home use, such as internet streaming. We don’t receive any payment or discounts for using their products; we simply like them.
End Screen
That concludes this video on VPNs. I hope you found it informative, and I look forward to seeing you in the next video. Until next time, thanks for watching.
References
“The Official CompTIA A+ Core Study Guide (Exam 220-1101)” page 196
“SSL Stats for Secure Browsing in 2023” https://serpwatch.io/blog/ssl-stats/
Credits
Trainer: Austin Mason http://ITFreeTraining.com
Voice Talent: HP Lewis http://hplewis.com
Quality Assurance: Brett Batson http://www.pbb-proofreading.uk