How a Virtual Private Network Can Boost Your Security
Ask any security professional about strengthening your computer's security, and he or she will advise setting up a VPN. It's right in your PC's settings, you'll be told.
That's great advice if you're a security professional or are otherwise pretty computer-savvy. But what about the rest of us, who don't have a clue what VPN even stands for, let alone how it works?
"VPN stands for 'virtual private network,'" said David Gorodyansky, chief executive office of AnchorFree, a Mountain View, Calif., company that makes Hotspot Shield, VPN software for the average user. "It is a connection between a secure server and your computer, through which you can access the Internet."
A VPN lets you secure your Web session, transmitted data, financial transactions and personal information online, no matter where you are. Security experts warn against using public Wi-Fi hotspots , such as in a coffee shop, airport or hotel lobby, due to the risk of your connection being hijacked or snooped upon. A VPN eliminates those risks.
A VPN also helps to protect you from identity theft; hides your IP address, making it harder for third parties to track you; accesses all content privately without censorship; and bypasses firewalls.
Send a check, not cash
"Think of it along the lines of sending a payment to a company," said Brian Monkman, technology programs manager at ICSA Labs, a network-security testing and product-assurance company based in Mechanicsburg, Pa. "You could put cash in an envelope and send it which, assuming no one got to the envelope prior to its arriving at its destination, would work.
"Or you could write a check and send it," Monkman explained. "That simple step increases security. VPN strengthens security by making it harder for eavesdropping or interception of your connection. And if your connection is intercepted, it makes it difficult to actually decipher what is being transmitted."
To put it simply, a VPN is essential for anyone who regularly uses a laptop from outside the office to connect with the company computer network. And if you think your company doesn't need one, think again.
"People seem to be largely unaware of the risks of browsing the Internet unprotected, or mistakenly believe that their anti-virus [software] protects them while browsing," Gorodyansky said. "We need to raise awareness of Internet security concerns, and make sure that people connect with a VPN, ensuring their protection."
If a VPN is set up properly, said Scottie Cole, a server engineer with Gulf Breeze, Fla.based online-security provider AppRiver, it's as if all the network users, whether on site or in a remote location, are in the same building.
"Client VPNs allow individual users to connect to a central location via their mobile device or computer," Cole said. "Once authenticated, they then have access to the main location's infrastructure. Remote offices use VPN so that they connect to their main location securely by encrypting all the traffic through a VPN tunnel."
VPN technology has been available for regular PCs for almost two decades, and during that time, it's diversified.
"It is useful to know that there isn't just one type of VPN," Monkman said. "There are SSL [secure socket layer] VPNs, IPSec [Internet Protocol security] VPNs, hybrid VPNs. All have characteristics unique to the implementation, and some have very specific purpose-built uses."
Not just for laptops anymore
And now the use of mobile VPN technology on devices such as smartphone and tablets is becoming increasingly common. With the rollout of mobile banking apps , and with corporate email and authentication programs such as RSA's SecurID tokens being pushed to mobile devices, secure communication is even more important than ever before.
Many of us use our smartphones and tablets to conduct sensitive transactions, but rarely think about whether or not the information is secure. For that reason, Monkman pointed out, everyone should have the VPN capabilities on their mobile device activated.
How you activate a VPN client will depend on the device, the mobile network-access provider and the application developer.
For example, the current versions of Android OS, BlackBerry OS and Apple's iOS all have VPN capability built in. On an Android, for instance, the VPN settings are found under the Wireless and Networks menu. On an Apple mobile device, it's under Settings --> General --> Network.
Older versions of these operating systems may not have the same functionality, and might require third-party applications to be installed.
"Connecting to a VPN concentrator with a client VPN is usually done with a username/password, a security certificate, or two-factor authentication like a token and username/password," Cole said. "Connecting VPN clients depends on how the authentication is setup on the VPN concentrator."
But the average user doesn't need to know all that. Several different VPN clients the end-user software are available in Apple's iTunes App Store, and there are dozens in the Android Market. For laptops and desktop computers, all modern operating systems have VPN capabilities, and there are countless VPN applications, both free and paid.