5 things you need to know about virtual private networks

VPNs are important for both enterprise and consumer security

A virtual private network is a secure tunnel between two or more computers on the internet, allowing them to access each other as if on a local network. In the past, VPNs were mainly used by companies to securely link remote branches together or connect roaming employees to the office network, but today they're an important service for consumers too, protecting them from attacks when they connect to public wireless networks. Given their importance, here's what you need to know about VPNs:

VPNs are good for your privacy and security

Open wireless networks pose a serious risk to users, because attackers sitting on the same networks can use various techniques to sniff web traffic and even hijack accounts on websites that don't use the HTTPS security protocol. In addition, some Wi-Fi network operators intentionally inject ads into web traffic, and these could lead to unwanted tracking.

In some regions of the world, governments track users who visit certain websites in order to to discover their political affiliations and identify dissidents -- practices that threaten free speech and human rights.

By using a VPN connection, all of your traffic can be securely routed through a server located somewhere else in the world. This protects your computer from local tracking and hacking attempts and even hides your real Internet Protocol address from the websites and services you access.

Not all VPNs are created equal

There are different VPN technologies with varied encryption strengths. For example, the Point-to-Point Tunneling Protocol (PPTP) is fast, but much less secure than other protocols such as IPSec or OpenVPN, which uses SSL/TLS (Secure Sockets Layer/Transport Layer Security). Furthermore, with TLS-based VPNs the type of encryption algorithm and key length used is also important.

While OpenVPN supports many combinations of ciphers, key exchange protocols and hashing algorithms, the most common implementation offered by VPN service providers for OpenVPN connections is AES encryption with RSA key exchange and SHA signatures. The recommended settings are AES-256 encryption with a RSA key that's at least 2048 bits long and the SHA-2 (SHA-256) cryptographic hash function, instead of SHA-1.

It's worth noting that VPNs introduce overhead, so the stronger the encryption is, the bigger the impact will be on the connection speed. The choice of VPN technology and encryption strength should be made on a case-by-case basis, depending on what kind of data will be passed through it.

The security needs of corporations are different than those of most consumers, who typically only need to protect themselves against opportunistic traffic snooping attacks -- unless they're concerned about mass surveillance by the U.S. National Security Agency and similar intelligence agencies, in which case very strong encryption is needed.

VPNs can bypass geoblocking and firewalls

Consumers also use VPNs to access online content that's not by available in their region, although this depends on how well the content owners enforce restrictions. VPN service providers usually run servers in many countries around the world and allow users to easily switch between them. For example, users might connect through a U.K.-based server to access restricted BBC content or through an U.S.-based server to access Netflix content that's not available in their region.

Users in countries like China or Turkey, where the governments regularly block access to certain websites for political reasons, commonly use VPNs to bypass those restrictions.

Free vs. paid

While companies set up their own VPNs using special network appliances, consumers have a wide selection of commercial and free VPN services to choose from. Free VPN offerings usually display ads, have a more limited selection of servers, and the connection speeds are slower because those servers are overcrowded. However, for the occasional user this just might be enough.

Another downside of free VPN servers, though, is that that it's more likely that the IP addresses they use will be blocked or filtered on various websites: Free VPN services are commonly abused by hackers, spammers and other ill-intentioned users.

Commercial VPN services work on a subscription-based model and differentiate themselves by an absence of download speed throttling or data limits. Some of them also pride themselves on not keeping any logs that could be used to identify users.

A few antivirus vendors also offer VPN services and these could serve as a middle ground between free and the more expensive commercial solutions, as users could get better deals if they also have antivirus licenses from those vendors. Also these VPN solutions already have reasonably secure settings, so users don't have to worry about configuring them themselves.

Build your own

Finally, there's the option to run your own VPN server at home so you can tunnel back and access services and devices on your home network from anywhere. This is a much better option than exposing those services directly to the internet, which is how hundreds of thousands of internet-of-things devices have recently been compromised and used to launch distributed denial-of-service attacks.

The general rule is that the fewer ports are opened in your router, the better. You should disable UPnP (Universal Plug and Play) so that your poorly designed IP camera, for example, doesn't punch a hole through your firewall and becomes available to the whole world.

Some consumer routers have built-in VPN server functionality these days, so you don't even have to set up a separate dedicated VPN server inside your network. Although, if your router doesn't have this sort of feature, a cheap mini computer like Raspberry Pi can do this job just fine.

Join the PC World newsletter!

Error: Please check your email address.

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Lucian Constantin

IDG News Service
Show Comments

Most Popular Reviews

Latest News Articles


PCW Evaluation Team

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?