VPNs and VPN services have been receiving a lot of heat this week. On Monday, NordVPN acknowledged that an "exit node" was breached in their Finland data center.
NordVPN was not open about the breach and only acknowledged the 2018 issue after pressure from security researchers that started providing details via Twitter.
A positive outcome from the news is that internet users everywhere are now taking notes on VPNs and wondering if they need them. Many users attempt to use VPNs to remain anonymous and protect their security. But the question is, do VPN services help?
One common argument that users have for VPNs is that they add security. While it is true that VPNs add encryption to the transport of your data, this extra level of protection is not required if you're using a secure website that uses the latest TLS standards. In other words, you don't need a VPN to use your bank's website.
Users also like to use VPNs as they believe it protects them from advertiser tracking. Unfortunately, for these users, advertisers use much more sophisticated algorithms and tools today, and adding a VPN to your toolset does not provide much of an advantage as IP addresses are not that important for tracking.
Another advantage touted by some is that a VPN provides anonymity. Users believe that they are protecting themselves from having their browsing logs or history from being sold to third parties nor shared with federal authorities. The truth here is that while many companies claim that they do not share your data, there is insufficient evidence to prove that this is the case. And, if government authorities were really after your history, like advertising agencies, there are many tools that they can use to track you.
Additionally, another risk is that the VPN service itself may be a target for hackers, and this can include you in a new risk group.
With all of the negativity, VPNs are not dead. VPNs still serve a purpose today. Two good use cases still exist in the world today. The first is for businesses to limit access to resources that they own and control. This first use case becomes more important as many companies move to the cloud. In this use case, the company needs to run its VPN service to allow them to configure it as required.
The second use case for VPNs is for open and public networks. Open WiFi networks are easy targets for hackers. These networks are vulnerable to Man in the Middle Attacks (rogue access points), Snooping, and Malware distribution. Running a VPN, in this case, protects your laptop and offers user protection for unencrypted services like DNS. While any VPN is probably better than no VPN, we recommend that companies host their VPNs for this use case. Self-hosting places the VPN on a trusted network, enables monitoring, allows you to track patching, and gives you full control of the setup.
Need help with your VPN for your remote employees and traveling staff? MSJ IT is here to set up, maintain, and run your VPN.