By now you have heard of and (hopefully) utilize a VPN Service for both your business and home internet needs, so we’ll not spend time ruminating on what a VPN is and what it will do for you (though if you’d like a VPN primer check out: Are VPN Tools Just for Business Use?) We’re looking to address something you may not have considered: What a basic VPN connection will NOT do for you, and what to do about it, and this requires presenting a basic analogy:
When is a vehicle like a VPN?
A basic VPN connection can be likened to well-known features of a vehicle: locks, and tinted windows. These elements decidedly improve occupant privacy and safety.
You know and love these features, except perhaps when it is pouring down rain and you think you’ve left your keys in the vehicle …but can’t tell for certain because of the impressive window tinting. Surely we’ve all been there. Nevertheless, once you find those keys in your pocket and can crumble into the vehicle, dejected, looking like a spent mop, and ready to race down the road, those locks and tinted windows will not save you from bad driving practices.
Arguably the seatbelt could, and there are certain built-in seatbelt-like features provided by modern VPN services that likewise assist (discussed below). In general, however, even with these safety features, if you drive recklessly or allow unscrupulous characters access to your vehicle, you might just end up with an unusable vehicle (analogy: unstable/corrupted system), or risk some manner of injury to the occupants (analogy: data leaks, revenue loss, and potentially being targeted for further theft or harassment).
So, how does having vehicle safety features enabled but still engaging in reckless driving translate to browsing the internet? Well, let’s say your VPN is implemented, but you or someone on your network has been known to:
navigate to insecure websites and -bonus points- enter credit card or other sensitive information
install frivolous web browser extensions using the default settings on your web browser
click on pop-ups that promise to scan and remove malware from your system (spoiler alert - they won’t)
click on pop-ups to win a totally rad gaming system
click on pop-ups…just because
open random site links
download attachments and click on links from unsolicited emails and text messages
enable macros, because the prompt said you could/ should
fill out random social media surveys just to find out what breed of cat you are based on your birth date (surely there isn’t any risk in providing your first pet’s name, your favorite food, your siblings’ names, the city you were born in, etc. It's not like this information is ever used for your passwords. Oh wait, that’s right).
How many of us or someone using our network (our “internet”) have done this in the past month? This past week? Today?
Any one of these behaviors increases the likelihood of network and device compromise and so, relating back to our example, we could find ourselves with a now unusable vehicle…and it’s still raining.
“But I had locks on my car!”
I think we can wrap up that analogy for now. You get the point.
What To Do
We’ve covered some of the habits making a home or business network more susceptible to cybercriminals. The good news is that practicing basic browsing hygiene and responsible internet usage goes a long way. Even better, in those moments where our diligence falters, modern VPN providers now include advanced protection features.
If you want the most protection, look for your VPN provider to offer the following:Ad-blocking or equivalent proprietary named feature that:
- blocks trackers
- blocks malicious domains (which minimizes methods of malware and phishing attempts)
- provides these features at the TCP/IP level to work on all apps and browsers connecting to the internet
- does so without traffic manipulation techniques
Kill Switch that may include Internet and Application options:
- Internet Kill Switch: This blocks internet traffic if the VPN connection drops, ensuring that your data remains encrypted and that traffic is protected by the tunnel
- Application Kill Switch: This policy will terminate certain apps if the VPN connection is dropped, once again protecting encryption.
No-Logs Policy that has been verified with an independent audit:
- does not log user activity including files accessed or changes made to websites
- utilizes RAM-disk servers (makes it impossible to store logs)
- court cases are a great way to verify whether this is true when this feature is proffered by a company if they’ve not had an independent audit conducted
Advanced-Data Encryption recommended if available:
- Cipher: AES-256-GCM
- Hash: SHA256
- Key Exchange (Handshake Encryption): RSA-4096
- in relating back to our analogy, this is the complexity and integrity of the lock on the briefcase keeping the important documents you're driving around with
Encryption protocols recommended if available:
- in relating back to our analogy, this is like choosing the security/beefiness of the vehicle you’re driving to transport those documents
- passes your traffic through multiple VPN servers to increase anonymity
- option to route traffic from specific apps or websites outside of the VPN tunnel if trusted (but facing operational issues)
- Consider checking if the VPN Service being provided supports IPv6 to avoid issues later, though this is not a must-have for the majority of us yet.
The Evolution Continues
From humble beginnings with PPTP (Point-to-Point Tunneling Protocol) and evolution from a solely business-related focus, quality VPN Providers continue to refine their products and now offer protections to help safeguard even the reckless home-based web surfer.
As the internet continues to increase in complexity, let’s be mindful of best practices in its usage, and let’s utilize those services designed to keep our networks and data safer. Remember, be a good driver.
“Never let anyone drive you crazy; it is nearby anyway and the walk is good for you” - Cheshire Cat, Alice’s Adventures in Wonderland
Ingalls Information Security
Ingalls Information Security understands cybersecurity. Since 2010, we’ve been in war rooms and boardrooms, investigating computer networks targeted and attacked by criminals and nation-state-sponsored hackers. This experience gives us a powerful edge in preventing and responding to cyberattacks.
If you’d like to learn more please contact us here. One of our cybersecurity experts will be more than happy to assist you and answer any questions you may have.
About the Author
Jessica Willoughby, A+, Sec+, CPO, ITIL4
Jessica is a freshly-minted Cybersecurity Analyst with a background in project management and client services. Operating with a passion to build trust between the technical and non-technical relationships in cyber and information security, she utilizes her talent of bridging gaps in communication and organization with the intent of creating content of value.