Sophos, the esteemed network-security company, is starting a new series on its always erudite blog. It is called “What Is …,” and it promises to turn “technical jargon into plain English.”
The inaugural post, written by Paul Ducklin, is called “What is … a VPN?”
VPN stands for “virtual private network.” Writes Ducklin:
On your own network, you get to set the security rules.
You can make sure your router has a decent password; you can keep everything patched; you can run security software on all your devices; and so on.
But once you’re on the road, whether it’s free Wi-Fi at the coffee shop or the business network in the airport lounge, you don’t have the same control.
For all you know, the network you’re using might not merely have been hacked by crooks, it might have been set up by crooks in the first place.
One solution is to be careful, and stick to secure websites for sensitive work such as uploading documents or online banking.
But you are probably giving away plenty of information anyway:
- Some secure websites include links to insecure sites, which leave a visible trail.
- Some applications use secure connections, but don’t bother to check if they’re talking to an imposter server.
- Some applications use insecure connections, but don’t tell you.
- When a program connects to, say, https://bank.example/, it first asks the network, “I need bank.example. Where do I find it?”
In other words, your computer’s internet connection is a bit like a conversation two rows behind you on the bus: even if most of it is inaudible, you can nevertheless be pretty sure what it’s about.
That’s where a VPN, short for Virtual Private Network, comes in.
The idea is surprisingly simple.
You get your computer to encrypt all your network data (even if it’s already encrypted!) before it leaves your laptop or phone, and send the scrambled stream of data back to your own network.
When the scrambled data is safely back on home turf, it is decrypted.
Only then is it sent onto the internet in its unscrambled form, just as if you were at home.
The encrypted internet link, known in the trade as a tunnel, acts like an long, secure, extension cable plugged into your own network.
Unless the crooks can crack into the encrypted tunnel itself, they’re no better off at hacking you than if you were back at home or in the office.
So, you have neutralised any advantage the crooks were hoping for because you were on the road.
And that, very briefly, is a VPN.
Read the whole thing. It is completely lucid.
This is a wonderful start to the series.
