Virtual Private Networks – VPNs for short – have experienced a boost with the Corona crisis: Ideally, home office employees should have encrypted and secure access to the corporate network. However, this only works if the VPN provider is trustworthy.
VPN connections have great advantages: they disguise data traffic on the Internet and protect against unauthorized access from outside. Even in public networks, activities on the Internet are efficiently hidden thanks to VPN. In addition, VPN users disguise their location. Since the location data from the VPN server can originate from other countries, the users’ location cannot be determined.
The VPN can help to increase privacy and data protection – however, it is extremely important to be critical when selecting the provider. After all, VPN providers could see the Internet traffic of their customers. And once the VPN provider is compromised, so is the customer. Therefore, the first step must be to choose a trustworthy VPN provider. VPN solutions are no longer only available for stationary devices but also for mobile devices so that mobile data traffic can also be kept anonymous.
Hardware, Software or “VPN as a Service
There are various VPN protocols and solutions. They all have in common that they establish a protected network connection using public networks. In addition, users must authenticate themselves for the encrypted connections of a VPN. However, VPN solutions are available as hardware, as software, and as service.
So-called SSL VPN solutions are usually implemented via hardware boxes. An SSL VPN is based on the SSL and TLS standards. For example, access from the home office to the company network is protected by user name and password via SSL VPN. However, an HTML5-capable browser is a prerequisite. If a multi-site company has its own local networks connected to the wide area network or WAN, a site-to-site VPN is useful. It disguises private intranets and allows users of these networks secure access to resources. However, implementation is complex, and these VPNs are not quite as flexible as SSL VPNs.
Another type is client-to-server VPN, which requires a VPN client to be installed on the computer. Once this is done, home office employees can dial into the company network via a secure connection. They do not connect via their Internet service provider (ISP) but via the VPN provider. End-to-end VPNs, on the other hand, connect two clients. One client is inside, the other outside a network. For example, users can gain direct access to a server in the network. However, the connection is not established directly; instead, a detour is taken via a gateway to which the clients must connect.
Characteristics of Trustworthy VPN Services
To find a good VPN solution, both companies and users should be clear about what they expect from a VPN solution. Of course, first and foremost, the VPN itself must be protected against compromise. In addition, a VPN should be able to encrypt the IP address and prevent users from leaving traces on the Internet such as search history, cookies, or Internet history. Strong VPN solutions verify each authentication – for example, through two-factor or multi-factor authentication. In addition, since VPN connection interruptions can occur, in which case the secure connection is also interrupted, good VPNs should detect downtime and terminate preselected programs to reduce the likelihood of data compromise.
Like everything in life, there are two sides to the VPN coin: There are drawbacks and risks to using a VPN. For example, it may happen that the VPN solution reduces the Internet speed. This depends on how far away the server and client are from each other and what kind of encryption is used. Therefore, it is advisable to find out about the quality of the connection before deciding whether to use a VPN solution or not.
Free VPNs Are Not a Real Option
The VPN pursues the goal of protecting users’ privacy – however, it can also achieve the opposite. If you choose the wrong VPN provider, you will not necessarily improve data protection. Free offers, in particular, should be viewed critically. Sufficient research is necessary in advance, for example, about the technology behind the VPN solution, the developers, and the users’ experiences. As a rule, however, the risks do not lie with the VPN procedure but with the providers. That’s why a detailed pre-selection is crucial. But be careful with fee-based VPNs as well: There are sometimes large price differences between the providers. A good tip is to compare the costs with the services, test results from independent third parties and user reviews, and only then decide.
The IP Address Must Also Be Disguised!
One of the most significant risks with VPNs is that service providers do not conceal the IP address. In such cases, we speak of IP address leaks. Servers and devices with which users communicate can use the IP address to find out that users are the source of the data traffic. If, on the other hand, the VPN solution reliably conceals the IP address, the VPN service provider is understood to be the source of the data traffic and the identity of users is protected.
Web Browser Plug-Ins Are Not Virtual Private Networks
Commercial VPNs recorded around 41,000 attacks in the first half of 2021. These alarming numbers show that the VPN solution chosen determines how high the level of privacy and security will be. If, for example, web browser plug-ins are simply used as VPNs, this can backfire. This is because they only hide web proxies that mask the IP address. These plug-ins do not create real and encrypted VPN tunnels.