Basic VPNs & Bad [Internet] Drivers: When Poor Habits Become Exhausting

By now you have heard of and (hopefully) utilize a VPN Service for both your business and home internet needs, so we’ll not spend time ruminating on what a VPN is and what it will do for you (though if you’d like a VPN primer check out: Are VPN Tools Just for Business Use?) We’re looking to address something you may not have considered: What a basic VPN connection will NOT do for you, and what to do about it, and this requires presenting a basic analogy:

When is a vehicle like a VPN?

A basic VPN connection can be likened to well-known features of a vehicle:  locks, and tinted windows. These elements decidedly improve occupant privacy and safety. 

You know and love these features, except perhaps when it is pouring down rain and you think you’ve left your keys in the vehicle …but can’t tell for certain because of the impressive window tinting. Surely we’ve all been there. Nevertheless, once you find those keys in your pocket and can crumble into the vehicle, dejected, looking like a spent mop, and ready to race down the road, those locks and tinted windows will not save you from bad driving practices.  

Arguably the seatbelt could, and there are certain built-in seatbelt-like features provided by modern VPN services that likewise assist (discussed below). In general, however, even with these safety features, if you drive recklessly or allow unscrupulous characters access to your vehicle, you might just end up with an unusable vehicle (analogy: unstable/corrupted system), or risk some manner of injury to the occupants (analogy: data leaks, revenue loss, and potentially being targeted for further theft or harassment).  

So, how does having vehicle safety features enabled but still engaging in reckless driving translate to browsing the internet? Well, let’s say your VPN is implemented, but you or someone on your network has been known to:

• navigate to insecure websites and -bonus points- enter credit card or other sensitive information

• install frivolous web browser extensions using the default settings on your web browser 

• allow pop-ups 

• click on pop-ups that promise to scan and remove malware from your system (spoiler alert - they won’t)

• click on pop-ups to win a totally rad gaming system

• click on pop-ups…just because

• open random site links

• download attachments and click on links from unsolicited emails and text messages

• enable macros, because the prompt said you could/ should

• fill out random social media surveys just to find out what breed of cat you are based on your birth date (surely there isn’t any risk in providing your first pet’s name, your favorite food, your siblings’ names, the city you were born in, etc.  It's not like this information is ever used for your passwords. Oh wait,  that’s right).  

How many of us or someone using our network (our “internet”) have done this in the past month? This past week? Today? 

Any one of these behaviors increases the likelihood of network and device compromise and so, relating back to our example, we could find ourselves with a now unusable vehicle…and it’s still raining. 

“But I had locks on my car!” 

I think we can wrap up that analogy for now. You get the point.

What To Do

We’ve covered some of the habits making a home or business network more susceptible to cybercriminals. The good news is that practicing basic browsing hygiene and responsible internet usage goes a long way. Even better, in those moments where our diligence falters, modern VPN providers now include advanced protection features.

If you want the most protection, look for your VPN provider to offer the following:

• blocks trackers
• blocks malicious domains (which minimizes methods of malware and phishing attempts)
• provides these features at the TCP/IP level to work on all apps and browsers connecting to the internet
• does so without  traffic manipulation techniques

• Internet Kill Switch: This blocks internet traffic if the VPN connection drops, ensuring that your data remains encrypted and that traffic is protected by the tunnel
• Application Kill Switch: This policy will terminate certain apps if the VPN connection is dropped, once again protecting encryption.

• does not log user activity including files accessed or changes made to websites
• utilizes RAM-disk servers (makes it impossible to store logs)
• court cases are a great way to verify whether this is true when this feature is proffered by a company if they’ve not had an independent audit conducted

• Cipher: AES-256-GCM
• Hash: SHA256
• Key Exchange (Handshake Encryption): RSA-4096

• in relating back to our analogy, this is the complexity and integrity of the lock on the briefcase keeping the important documents you're driving around with

• OpenVPN
• IKEv2/IPsec
• WireGuard

• in relating back to our analogy, this is like choosing the security/beefiness of the vehicle you’re driving to transport those documents

• passes your traffic through multiple VPN servers to increase anonymity

• option to route traffic from specific apps or websites outside of the VPN tunnel if trusted (but facing operational issues)

• Consider checking if the VPN Service being provided supports IPv6 to avoid issues later, though this is not a must-have for the majority of us yet.

The Evolution Continues

From humble beginnings with PPTP (Point-to-Point Tunneling Protocol) and evolution from a solely business-related focus, quality VPN Providers continue to refine their products and now offer protections to help safeguard even the reckless home-based web surfer. 

 As the internet continues to increase in complexity, let’s be mindful of best practices in its usage, and let’s utilize those services designed to keep our networks and data safer. Remember, be a good driver.

“Never let anyone drive you crazy; it is nearby anyway and the walk is good for you” - Cheshire Cat, Alice’s Adventures in Wonderland

Ingalls Information Security 

Ingalls Information Security understands cybersecurity. Since 2010, we’ve been in war rooms and boardrooms, investigating computer networks targeted and attacked by criminals and nation-state-sponsored hackers. This experience gives us a powerful edge in preventing and responding to cyberattacks. 

If you’d like to learn more please contact us here. One of our cybersecurity experts will be more than happy to assist you and answer any questions you may have.