A VPN, or Virtual Private Network, is a tool that allows you to create a secure and private connection between your device and the public internet. A VPN connection will encrypt your internet traffic and route it through a remote server, keeping your activity hidden from hackers, ISPs, and any third-party with malicious intent.
Let’s look at a typical device accessing the web. The device request goes through your router with a packet of data including what device made the request and what is being requested, among other things. From your router, the data goes to your Internet Service Provider (ISP) and gets assigned an Internet Protocol (IP) address on their network, pinning you to a general location in the world. The ISP then performs the DNS lookup keeping logs of your request, sites you connected to, etc. And if a site uses HTTPS, once your request arrives there, data is then encrypted between you and that server.
Now, there are a few problems with this flow:
Therefore, to ensure more security while using the public internet, many adopt a VPN solution.
A VPN works by tunneling your traffic through an encrypted tunnel hiding your IP address and encrypting your data. The VPN client on your device encrypts the data, it travels through your ISP, encrypted, to your VPN server where it handles the rest of the DNS lookup process. The VPN works to encrypt the entire process in such a way that your ISP and other third parties can’t peek at what websites you visit or data that you send or receive online.
VPNs can protect you when using public WiFi networks by encrypting your location and activity and by providing a secure connection between you and the internet. Since your IP address is hidden from your ISP and other third parties, you can often get around geo-restriction by connecting to a VPN server in other locations. And you can use streaming services without your ISP detecting it and slowing down your speeds.
There are other types of VPNs that differ in how they work from the above example, a personal VPN. For instance, a site-to-site VPN is an encrypted connection between two or more networks on an ongoing basis. In the case of a major cloud provider like AWS and its site-to-site VPN offering, it can provide a secure, encrypted connection between your office or data center, directly to an AWS gateway and ultimately your private cloud resources. Read about the other types of VPNs here.
VPNs also come in various protocols which will determine how data is routed through a connection. With these, you’ll get different levels of security and specifications depending on your specific needs. You can explore these further here.
While VPNs seem to offer many advantages, there are a number of setbacks:
With these shortcomings in mind, a few alternatives have surfaced to better improve your online security.
Overall, a VPN is a decent tool for anyone wanting to protect their online privacy or security with public WiFi usage, remote access to private networks, or access to geo-restricted content. However, it’s important to choose a reputable VPN provider/solution as well as to understand that it’s not foolproof. And, with the emergence of Zero Trust tools over TCP, we can ultimately do better than the implicit broad access that remote access VPNs provide — by restricting users and devices to only the gateway(s) they are individually authorized to access. Read about how Teleport fully implements a BeyondCorp and Federal Zero Trust Architecture Strategy and how we ensure that only trusted devices are used to access infrastructure.