Question

Consider the computer attacks in the previous chapters. How would a VPN protect a user from one or more of them?

Answer 1

Virtual Private Network :

             Browsing w/o VPN                                                                  Browsing with VPN

->Internet traffic of websites that don't use                       ->Internet traffic of websites is safe ,

   HTTPS can be seen and modified by anyone                             no matter if they are using HTTPS or

   on your network.                                                               not.

->Anyone on your network will be able to see                     ->No one on your network can know

   what websites you are visiting.                                                     what websites you are visiting.

No VPN At All:

I’ll use this scenario as the base: you’re in an open WiFi hotspot, connecting to a remote resource like your email, or your bank.

All the connections are unencrypted. That includes:

• The connection from your laptop to the wireless access point (aka hotspot).
• The connection from the wireless access point to the ISP providing the internet connection.
• The connection from that ISP to the rest of the internet.
• The connection to the specific service you’re using.

The largest area of concern is the connection from your laptop to the WiFi access point. That open WiFi signal traveling through the air can be “sniffed” (or read) by anyone in range with a laptop and the appropriate software.

Lately, however, there’s been concern about the fact that your ISP can monitor what you’re doing. Specifically, they can see every remote site or service you connect to, and can examine all data not otherwise encrypted you exchange with those servers.

WPA Encryption :

The traditional approach to protect yourself from open WiFi sniffing is to use WPA1 encryption built into the WiFi specification.

This secures the path between your computer and the WiFi’s access point. Hopefully, it’s how your home WiFi is configured, so as to prevent nearby homes or others from connecting to your WiFi, and through it, to your network, without the appropriate encryption password.

There are problems with this approach:

• Most open hotspots at coffee shops, airports, and elsewhere don’t use encryption; the password requirement would confuse their customers more than it’s worth. That’s why these hotspots are called “open”.
• When WPA is used, it protects only the connection between your computer and the WiFi access point. Everything past that point in the diagram above remains “in the clear”.

That last point becomes important because all the traffic is visible to the hotspot’s owner, should he or she care to peek, and to the internet service provider to which that hotspot is connected.

A VPN Service:

To protect yourself further, a VPN is a common solution.

A VPN securely encrypts the entire path from your computer to the VPN provider. No one along that path can see your data: not other WiFi users, not the people managing the hotspot, and not the hotspot’s ISP.

For open WiFi, or other situation with questionable security (such as connecting to the internet at your hotel), a VPN can be a great solution.