virtual_private_networks
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
virtual_private_networks [2019/08/08 18:48] – neil | virtual_private_networks [2021/07/06 09:26] (current) – external edit 127.0.0.1 | ||
---|---|---|---|
Line 1: | Line 1: | ||
=====Virtual private networks ===== | =====Virtual private networks ===== | ||
- | What is a VPN | ||
- | Technically, | + | A virtual private network or " |
- | ====Reasons for using a VPN==== | + | Bear in mind that, like anything, VPNs are not unhackable. |
- | * Connect you securely to a remote network | + | |
- | * Break out to the Internet through a server in a different country (e.g. to make it look like you are in a different country, usually to avoid "geo-blocking" | + | |
- | * Hide your traffic from the local network operator | + | |
- | ====Problems / risks of VPNs==== | + | ====Key points: |
+ | * [[virtual_private_networks# | ||
+ | * [[virtual_private_networks# | ||
+ | * [[virtual_private_networks# | ||
+ | * [[virtual_private_networks# | ||
+ | * [[virtual_private_networks# | ||
+ | * [[virtual_private_networks# | ||
+ | * [[virtual_private_networks# | ||
+ | * [[virtual_private_networks# | ||
+ | * [[virtual_private_networks# | ||
+ | * [[virtual_private_networks# | ||
+ | * [[virtual_private_networks# | ||
+ | * [[virtual_private_networks# | ||
+ | * [[virtual_private_networks# | ||
+ | * [[virtual_private_networks# | ||
+ | * [[virtual_private_networks# | ||
- | Do you trust your endpoint? | + | ====Work out why you want to use a VPN==== |
- | May hide traffic from your local access provider, and other peering or transit providers, but still breaks out to the Internet somewhere, before heading on to its destination | + | Why you want to use a VPN will help you pick a solution which fits your needs. |
- | Could just be giving visibility to someone else | + | ===To hide your traffic from the local network operator=== |
- | Very easy to setup a VPN server and start offering service | + | Use a VPN whenever you connect |
- | VPNs can leak | + | The objective is to prevent or at least minimise surveillance of your online activity by the operator the network to which you are connecting. |
- | ====Options for VPNs==== | + | This is important if you are communicating with sites or services which does not force https or another suitable encrypted connection (especially so, if you send login details over that insecure connection) or if they are using outdated, broken security. |
- | ====Things to check ==== | + | ===To access your firm's systems remotely=== |
- | What happens if your VPN connection drops? | + | The objective is to log into your firm's systems securely, so that you do not need to expose those systems directly to the Internet. |
- | Are your DNS look-ups going over the VPN? | + | ===To apply controls to your traffic=== |
+ | |||
+ | If, for example, you do [[secure_browsing# | ||
+ | |||
+ | ===To avoid restrictions on the local network=== | ||
+ | |||
+ | If, for example, the network you are using blocks access to websites which you need to visit, connecting to an endpoint which does not block access would circumvent the block. | ||
+ | |||
+ | Some networks block (or attempt to block) VPN traffic. If you are using a public Wi-Fi hotspot that blocks VPN traffic, find another hotspot — if they do not want you to be sure online, you might reasonably wonder why. | ||
+ | |||
+ | ===To avoid restrictions imposed by the site/ | ||
+ | |||
+ | If, for example, the site or service you are trying to use has implemented geo-blocking, | ||
+ | |||
+ | ====Consider an " | ||
+ | |||
+ | If you want to ensure that your traffic always goes over a VPN, configure either an " | ||
+ | |||
+ | You might prefer an " | ||
+ | |||
+ | In addition to it being " | ||
+ | |||
+ | |||
+ | ===Always-on / on-demand VPNs may not work well with public Wi-Fi === | ||
+ | |||
+ | If you are connecting to [[public_wi-fi|public Wi-Fi]] which requires you to put in some details, it [[public_wi-fi# | ||
+ | |||
+ | === If someone gets access to your device, they can connect to your network === | ||
+ | |||
+ | If you use an always-on or on-demand VPN, someone who gets access to your unlocked device automatically gets connected to whatever network is at the end of your VPN — for example, your firm's network. | ||
+ | |||
+ | ====Running your own VPN server==== | ||
+ | |||
+ | If you do not want to [[#Third party VPN providers: someone else to trust|trust a third party VPN service]], you will need to run your own. | ||
+ | |||
+ | Some routers come with an integrated VPN server. For example, the fully-loaded version of the [[https:// | ||
+ | |||
+ | An advantage of using an " | ||
+ | |||
+ | Alternatively, | ||
+ | |||
+ | If you do run your own VPN server, you will need to ensure that you have it correctly configured, to prevent unauthorised use or network access, and that you are [[securing_your_devices# | ||
+ | |||
+ | ====Test your VPN before you rely on it==== | ||
+ | |||
+ | As with any major configuration change, test it before you rely on it. | ||
+ | |||
+ | Ideally, you would test that the traffic | ||
+ | |||
+ | If nothing else, visit an IP address checker before you connect to the VPN, and then again afterwards: you should see a different IP address. | ||
+ | |||
+ | If you do not have a preferred IP address checker, you can use [[https:// | ||
+ | |||
+ | If you know you have an [[https:// | ||
+ | |||
+ | (Neither of these sites log connection requests.) | ||
+ | |||
+ | |||
+ | ====Check your VPN is not leaking ==== | ||
+ | |||
+ | Ensure that all the traffic you intend to go over the VPN is actually going over the VPN. | ||
+ | |||
+ | In particular, make sure that your DNS traffic is going over the VPN if that is what you want. You can use [[https:// | ||
+ | |||
+ | Test too what happens if your VPN connection drops — does your traffic fall back onto the local network, or is it blocked by your computer until the VPN re-connects. | ||
+ | |||
+ | ====Third party VPN providers: someone else to trust ==== | ||
+ | |||
+ | A VPN shifts where your traffic routes. If you want to connect to the Internet, someone still manages the point at which your traffic leaves the VPN and goes onto the Internet. | ||
+ | |||
+ | You may not want to terminate a VPN on your office network, but want to use a third party instead. | ||
+ | |||
+ | If you use a third party VPN service, all you are doing is changing who you trust: your trust moves from the provider of the local network (such as the coffee shop you are in) to the operator of the third party VPN service. | ||
+ | |||
+ | It's very easy to set up a VPN service, and it's very easy to make fake promises on a website, so do your due diligence correctly, if you are concerned about the third party VPN operator seeing, logging, or interfering with, your traffic. | ||
+ | |||
+ | There is what appears to be a substantial review of third party VPN services on [[https:// | ||
+ | |||
+ | |||
+ | ====Consider Tor as an alternative === | ||
+ | |||
+ | If you just want to hide your browsing from the operator of the local network, consider [[tor|Tor]] instead of a VPN. | ||
- | “Always-on” / " | ||
====Detailed guidance from the National Cyber Security Centre ==== | ====Detailed guidance from the National Cyber Security Centre ==== | ||
[[https:// | [[https:// |
virtual_private_networks.1565290086.txt.gz · Last modified: 2021/07/06 09:26 (external edit)