Can a VPN be bad for your security

Virtual private networks are a great tool in the cyber security tool box, but they can also be bad for you. 

Published 3/1/2021 By Mark Stringer . Leave a comment

Why do we need secure data moving over the internet

When data normally moves access the internet we tend to think of it as going from point A (us) to point B ( the server website or service ) 

Data normally moving across the internet

We all know that when visiting a website you want HTTPs instead of HTTP and that the S means it's secure which intern tells us that any data that moves between you and the server is encrypted.

Which is Fantastic…

Why though?

The thing to remember is that between you and the server's that run the website your looking at can be anything, including other server's and other people.

Were protecting ourselves from Man in The Middlke

If that data isn't encrypted then those people can see everything 

  • Where your going.. i.e. the website.
  • Who and where you are.
  • Your password, credentials, everything the browsers send back and forth.

 

This is why HTTPS is such an important thing, It stops our man in the middle from seeing that data - all he sees is what looks like random information.

Of course, that's not the whole story, there are many other forms of attack and privacy concerns about who can see where what your doing.

 

So where does a VPN fit into all this?

The problem here is that:

  • The internet is more than just websites, there is email, voice and a whole range of services we use on a daily basis.
  • We're still exposed to attack, having our information stolen and our privacy violated.

VPN stands for Virtual Private Network, It creates a virtual network over the real internet connecting your device (e.g. mobile) to the server hosted by the VPN provider. When you make a request to the internet that request will then go out via the VPN provider instead of via your ISP instead. 

VPN's of different types have been around for a long time, and are used by companies to provide remote access, but lets look at two common ways you might want to use a VPN.

When your out and about

Imagine your in a coffee shop, using their WIFI. This is considered a hostile environment and without a VPN there is the potential for 3rd parties they can see everything you do, everywhere you go and that's before you start to consider the number of ways your device can by attacked. 

A VPN massively improves your security to the point where it's considered almost essential.

Whole Home WPN

This is where a VPN is created from your router out to a VPN provider on the Internet and all your home internet traffic goes over that VPN. 

Why would you want this for reasons like?

  • Geo Blocking - You can be browsing from any country.
  • You can hide your origin and protect your location
  • You wish to hide your activity from your ISP

How could this possibly be bad…?

You have to remember that a VPN just connects two points on the internet so you need to think about how your connecting those points. 

One of the issues is that the connection allows data to travel both ways so while VPN's are generally seen as a good thing for security and privacy, you can be hacked or attacked over a VPN Connection just like you could be via your ISP's connection alone.

This is all about where you place trust. 

  • Who do you trust more your ISP or your VPN provider?
  • Everything your ISP could work out about you and your online habits is moved to the VPN provider.
  • Most VPN providers state they don't record your traffic, but there is no way of actually knowing.
  • Do you know who own's the companies who own the VPN providers?
  • VPN companies have been involved with data breaches, and other security issues..

Security hole in the making.

Imagine, people who visit you, using your home network, or guests on your company network, and they are all using a VPN from their device to protect their privacy from you and the monitoring you could have in place. From their perspective this is a good thing - and it is.

But you do not know what VPN provider they are using nor what data they are sending or receiving over that VPN; because a VPN is an encrypted tunnel. But the consequence is that data it's going straight though your firewalls and any monitoring or filtering rules you have in place. 

You might think that's fine it's their device. but as soon as that VPN is disconnected they are on your network and any malware they have can then spread and attack you.

Their are ways to mitigate this, and it depends how you design your network but this is why many places especially companies don't allow VPN's. 

What can I do now?

Ask yourself do you really need to use a VPN, the answer may very well be yes and if it is check to see if your using a reputable one. 

Never use a FREE VPN Provider and look at the one your considering carefully.

The best thing you can do : Set up your own VPN Connection where you have your mobile devices connect to your home network 

Leave a comment

Your email address will not be published, comments will be reviewed for content before being published.