Ever experienced a breach of your privacy or security while online? A compromise of your credit card details, for instance? Did you ever wonder how it became possible that your boss knew you streamed the first three episodes of the latest season of the Game of Thrones on the torrent account, using the office’s broadband connection? Ever thought how IoT prototyping can breach your security? Welcome to the subterranean region of the Internet, where nothing or no one is guaranteed privacy or security. Except you use a VPN. But using VPN without some theoretical knowledge is not one stop solution for safety against VPN logging, Botnet attack, DDoS, eavesdropping etc.
VPNs are used for everyday online activities like torrenting or another peer-to-peer trafficking of digital assets like movies, music, e-books, personal data, and the likes. For example, there is a sizeable proportion of users who access streaming services from behind a virtual private network. By doing so they can access the content they might not have otherwise had legal access to. Dark hats, who frequent the darker recesses of the Internet using virtual private networks to hide their persons as they commit dark crimes like stealing and selling off of credit card information on the Internet.
|Table of Contents|
What Is a VPN?
It is an acronym for a Virtual Private Network. Such a network is a conceptual one you own inside the public Internet network, accessible to and only by you. This VPN you own is a “black hole” — any site (Uniform Resource Locator/ URL) you visit inside of it or anything you do in it — is not known to anyone or any government on earth. Now that’s an incredible technology. Here’s a site, Cooltechzone, where one can get to learn much more about this amazing technology. VPN refers to a virtually private, self-contained communication network. It is virtual as it is not a physical connection of own self but an existing communication network used as a transport medium. The VPN serves to bind subscribers of the existing communication network to another network. Conventional VPN purely a software product. For different reasons, these days the internet users require some kind of VPN. The need includes access to websites otherwise blocked by a country, ensuring privacy etc. Unfortunately, most of the common users lack enough knowledge to judge the products and easy setup.
How do VPNs work?
At the core of the virtual private network is encryption technology. What the technology does is it encodes any information one is going to send over a network in such a way that only authorized persons may have access to it. Any unauthorized person who succeeds in accessing the message will see only drivel.
An encryption algorithm or a cipher is at the heart of this technology. With it, you encode the originating message prior to sending it over the network. Once sent and received at its destination, the receiver of the message uses the same algorithm or cipher to decode the encrypted message. The message may be intercepted end route the destination from the source, but it would be meaningless to the interceptor because he or she would not be able to decode it. VPN technology empowers ordinary people to take charge of security and privacy online, as this person testifies in this blog post.
Encryption Technologies in Use by the VPNs
There are several encryption technologies, or algorithms, in use today. They work by creating a “black hole” or a secured channel or tunnel of communication between your device — a cell phone or a computer — and the VPN server, making it impossible for anyone to “see” where you visit or what you do inside the black hole. 3 very common encryption technologies available today are:
- IP Security (IPSec)
- Layer 2 Tunneling Protocol (L2TP), a blend of Cisco’s Layer 2 Forwarding Protocol (L2F) and Microsoft’s Point-to-Point Tunneling Protocol (PPTP);
- Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols
Common VPN review websites take the following into account to rate the VPN service :
- Number of simultaneous connections
- Number of servers
- Geographical distribution
- Ad blocking
The above parameters no way closest to judge any networking service. Thankfully, there are some existing tests, available free of cost to check some of the breech .
This is an example of web service which checks DNS leaks – IPLeak and Check IP. The above two services are our minimum recommended testing sites as a basic test.
Now, we want to check the interruption. In order to check the active leaks, we will connect to the VPN server and visit the test site. We can simulate interruptions by manually interrupting the internet connection by physically disconnecting the computer from the ethernet cable or WiFi while the VPN client is running. Then we will reconnect to the internet and load test websites to check for any VPN leaking. In the same way, using the above-mentioned services, we can check for any DNS leak and WebTRC leak. DNS leaks are plain text files and very important to test for a leak when your works are sensitive in nature. Even your search terminologies will be fully transparent with DNS leaks. DNS leak matters little for sysadmin works.
There is free software developed by different VPN services for the advanced test of VPN, such as ExpressVPN test tools on GitHub.
Windows operating system itself has VPN logging which may be turned on or off. Some of the VPN client software for Microsoft Windows may also provide that option. This VPN log on the local computer is referred to as a VPN client log. The VPN Client log on the Microsoft Windows operating system can be viewed from Computer Management. To open Computer Management, we can navigate to the Windows start menu, find and open Event Viewer. In the Event Viewer program, we will find the pane named Actions and click select Create Custom View or Filter Current Customer View. Thereafter, we can select the event severities option under the Event level option. Then click the Event sources pull-down menu. Thereafter we can select the event sources. This will give us a way to investigate the sources we would like to view. The name of the event sources can be VPN Client or vpnagent or vpnui or DHCP – DHCP-Client indicating the provider’s Windows application. We will save the filter as Custom View, then select the log event in the event browser page located (at the top). The Event Properties option in the middle of the pane will give us log details for an event. We can double-click an event to bring up a new Event Properties window.
VPN in the Field of Internet of Things
The Internet of Things (IOTs) is another area where a virtual private network’s encryption technologies find good use. IOT is a generic term that describes the phenomenon whereby we have our everyday devices — from the simplest, for example, your cellphone; to the most complex, for example, a heart pacer beating in your chest — are all connected to the internet. IOT converges several practical fields of computer science — real-time analytics, machine learning, embedded systems; to mention a few. Though useful, it puts lives and resources on the line! Imagine the catastrophe, if a group of hackers is able to hijack the controller software server for all heart pacers surgically installed by a health-care insurance corporation’s facilities; literally tens of thousands! Check out this article for more in-depth information about security issues inherent in the IOT.
Using VPN in the field of Internet of Things (IoT) is complex. There are DNS spoofing, DNS cache poisoning in the network which make the topic difficult.
IoT devices are targets of the botnets to create disaster such as Distributed Denial of Service (DDoS). Botnet malware can lie dormant till the attacker sends a command over the internet. IoT devices typically do not have an antivirus protection layer making it more difficult to detect. Man in the Middle attack is another risk which the developers should be aware of. The eavesdropping potential for IoT devices is creating scepticism among the general public.
Virtual private networks are a necessity in today’s technologically-driven world. Many new users are not aware of the fact that in the VPN industry, most VPNs leak privacy. It can deliver a worse effect than not having any VPN at all! In simple word, many of the VPN services can leak IP address, even the DNS requests. These leaks expose you, which can put you towards the worse situation depending on your online activities in the oppressive countries. As a conclusion, it can be said that VPN for IoT is just a basic tool which does the intended job. Networking security is never easy and there are too many parameters to check. Device level security is another big point to think about.