Internet is not a safe place (I) .- Using VPNs

shark tail in computer screen

We all know internet is not safe and unluckily some of you might have discovered it the wrong way. There is plenty of sources of risk for our security, our privacy and even our data, with this article we start a series in which we will see (on an unordered fashion) risk sources and how to prevent them.

The very basics:

Right now it's likely late to teach you how internet connections work, but it's always nice to have a couple of concepts set in stone so there are no misunderstanding, below you can see a schema about how a web page is requested:

Esquema de los pasos de una solicitud web

On a very basic, internet is an enormous net in which node is identified by an IP address (those dot/colon separated numbers), that address is given to you by your internet provider and it is the way information knows how to reach you. When we put a name in our browser, our computer needs to translate that name into the address of the node we want to go, to do so it looks on local registry to see if it knows the name and if it does not, then he asks its default name server(DNS) like if it was a phone agenda.

Once he knows the address he wants to go (it's an example the exact details depend on the networl protocol used) it sends a packet in which it says where it wants to go and what it wants from the target node, that packet can't usually go straight to the destination, instead of that it jumps from the origin to a point your provider exchanges information with other providers and from there to the provider of your target address (in one of several steps -hops-).

Ejemplo de conectividad entre proveedores

 

In a similar weay, the response from the server "backwalks" all the path to your computer.

Where's the problem?:

There are two big sources of issues in this schema from a security point of view:

  1. Being serious, our requests don't travel from point A to point B, but they traverse several intermediate points, some of those points can be vulnerable - i.e. unsafe wifi networks - that's the reason behind the implementation of https (secured http) on top of http.
  2. Our packets say we want to go from point A  to point B and usually this information is logged by our internet provider so there is a registry in which all our requests are logged. This is not only a problem from the point of view of a Big brother watching over you but also any data stored is feasible to be stolen and abused.

Shall I unplug from the internet?:

Looking into it, it seems worthy unplugging your computer, but there is no need to panic. There are always options, our first option is of course not caring about it. If you don't share any private information and you don't care about conspirancy theories it's likely you should not worry about this and just using only encrypted sites (those with https) is enough for you.

On the other hand, if you use third party data, private data or corporative tools then you are right being aware. Also, it's likely you are uncomfortable with someone holding your acces history or using your device in public networks.

If you are one of the latter, there are solutions for you, most popular ones are using virtual private networks (VPNs). A virtual private network is a network created using a software layer that even being in a public network behaves like if it was an independent network, this behaviour is achieved using strong encryptions.

Esquema de una red privada virtual

There is a third group of likely VPN users, those who want to connect to a remote server safely like if they were in local network, or those who don't want their access history registered on their ISP or those willing to make servers think they are on a different localtion, i.e. accessing national-only content from abroad.

Options for a VPN:

There are several ways to have a virtual private network, not caring about ssh tunnels, from creating a simple private network yurself with free software to using specialized providers, there are three different groups:

  • Software packages.- they are applications more or less simple, the most known one is OpenVPN, on its community version, it includes all the needed software to create a VPN server and clients to connect from a remote site creating a virtual private network between them, on further articles we will see how to install a OpenVPN server and how to use it, from the point of view of this article we can say it needs advanced knowledge and having your own server, of course it also needs some maintenance.
  • Corporate servers.- there are several VPN servers that go beyond the software package, including administrative tools, integration with external services and a more user focused experience, one example of these is SoftEther, a nice software package that allows you to deploy a corporate service for your own company without any hassle, it requires more resources depending on the usage but it's easier to install and maintain that a simple software package.
  • Out of the shelf services.- there are several service providers offering VPN services, a user just need to register (most of them need a monthly fee) and access the service without worrying about installation of server and maintenance, unless you have your own server this solution is always cheaper than deploying tour own VPN server. We are going to evaluate one of the best rated services (ExpressVPN).

Imagen de expressvpn en multiples dispositivos

Out of the shelf VPN service example (ExpressVPN):

It's one of the best rated services and one with most features, its main advantage is how easy to us it is, you just go to their webpage, register, install software in your device and you are using a VPN. It's not the cheapest service, but it's true that amongst other unique features it allows you to use the VPN straight on your home router (whenever it is compatible) to provide VPN service to all devices in the network to overcome the limit of three devices you can use with a single account. Its main features are:

  • Its gigantic amount of servers in every region, which allows you to choose the nearest location for faster speeds or the one on the region you are interested to connect.
  • It's incredible performance, one of the main drawbacks on VPN servers is the encryptation process that halves connection performance, in this case the reduction is negligible.
  • Lack of restrictions, some providers restric some kind of connections, there is no limit on ExpressVPN.
  • Privacy focused, ExpressVPN does not save any logs, if a government requests your access history, there is no history to share.
  • Additional security features.

 

In summary, if you are worried about your internet security, or if you want to improve your privacy or might be masking your IP origin, a VPN is a ighly recommended solution.

If you want to do it yourself or you have enough spare time you can deploy your own VPN server, it requires more work and is more expensive but you won't depend on anyone.

If you want better functionalities, a more interactive administration and easie reployments, then a corporative VPN is your best option.

If you don't want extra work and just want to enojy VPN advantages then you can register on a VPN service, like ExpressVPN.