Virtual Private Networks (VPNs)
A Virtual Private Network or VPN for short is a way of extending a private network across a public network such as the internet using software to establish a virtual point-to-point connection over existing networks including the internet.
VPNs use tunnelling protocols to tunnel traffic using encryption across public networks in order to securely connect private computers and networks together. The aim is to be more secure but not anonymous. You can still be tracked via tracking cookies, device fingerprinting and user profiling among other techniques. The use of an 'encrypted tunnel' over a public network prevents network sniffers and packet inspection tools from intercepting your traffic and being able to read it, or even to alter it by employing message integrity detection, therefore ensuring confidentiality.
Before a VPN connection is established authentication must take place using either username and password or by secure key-exchange, or Multi-Factor Authentication (MFA) employing possibly biometrics. Once authentication is complete the VPN connection can be established.
Security is provided by both the VPN software and tunnelling protocol in use. Popular protocols employed by VPNs include: IPSec (Internet Protocol Security), L2TP (Layer 2 Tunnelling Protocol), DTLS (Datagram Transport Layer Security), MPPE (Microsoft Point-to-Point Encryption) and SSTP (Secure Socket Tunnelling Protocol).
For example the popular Open-source VPN software OpenVPN makes use of the OpenSSL library that employs the TLS protocol.
There are various types of VPN ranging from Remote Access VPNs used by remote workers connecting to a private networks such as an employer’s intranet; Site-to-Site VPNs used to connect geographically-remote offices to each other such as a remote branch to HQ; and Extranet Site-to-Site VPNs used to connect (and control the connections) of third-party networks such as those of partners, vendors and suppliers to the internal network of a business partner.
VPNs can be self-hosted meaning you install the software on your own computer or network and control how and when it is used, or they can be hosted by a service provider. With the former you fully control the VPN but with the latter you have no control over how the VPN is run and you have to trust the policies and employees of the service and trust that they are managing your connection as expected and that they are keeping it secure and not logging anything that you do not wish to be logged.
VPN service providers are useful to get around geo-restrictions or censorship controls but they do not provide anonymity or total security and are prone to the hacking techniques and vulnerabilities that all types of VPN are prone to such as authentication attacks, command injection, directory traversal and arbitrary file reads, buffer overflows and remote code execution exploits. To mitigate these risks as much as possible keep your self-hosted VPN software patched and monitor CVE reports for new exploits against any VPN software employed by any VPN service provider you may use.
If you have any issues, suggestions or feedback for this article please email me.
Did you enjoy this article or find the information useful? Help keep Dave and his articles online by keeping him fed with coffee by clicking the link below. Cheers!
Last updated: 22nd April 2022