What is… a VPN?

On your own network, you get to set the security rules.

You can make sure your router has a decent password; you can keep everything patched; you can run security software on all your devices; and so on.

But once you’re on the road, whether it’s free Wi-Fi at the coffee shop or the business network in the airport lounge, you don’t have the same control.

For all you know, the network you’re using might not merely have been hacked by crooks, it might have been set up by crooks in the first place.

One solution is to be careful, and stick to secure websites for sensitive work such as uploading documents or online banking.

But you are probably giving away plenty of information anyway:

• Some secure websites include links to insecure sites, which leave a visible trail.
• Some applications use secure connections, but don’t bother to check if they’re talking to an imposter server.
• Some applications use insecure connections, but don’t tell you.
• When a program connects to, say, https://bank.example/, it first asks the network, “I need bank.example. Where do I find it?”

In other words, your computer’s internet connection is a bit like a conversation two rows behind you on the bus: even if most of it is inaudible, you can nevertheless be pretty sure what it’s about.

That’s where a VPN, short for Virtual Private Network, comes in.

The idea is surprisingly simple.

You get your computer to encrypt all your network data (even if it’s already encrypted!) before it leaves your laptop or phone, and send the scrambled stream of data back to your own network.

When the scrambled data is safely back on home turf, it is decrypted.

Only then is it sent onto the internet in its unscrambled form, just as if you were at home.

The encrypted internet link, known in the trade as a tunnel, acts like an long, secure, extension cable plugged into your own network.

Unless the crooks can crack into the encrypted tunnel itself, they’re no better off at hacking you than if you were back at home or in the office.

So, you have neutralised any advantage the crooks were hoping for because you were on the road.

And that, very briefly, is a VPN.

Pros of a VPN

• Your internet connection appears to originate from your own network. If that coffee shop Wi-Fi turns out to be a rogue network, you won’t get blocklisted because you used it.
• All your data is encrypted automatically as it passes through the untrusted network. You won’t leak or overlook anything by mistake.
• You are protected in the same way that you would be at home or work. Any email filtering, web filtering and threat blocking tools work just as you’d expect.

Cons of a VPN

• Your network traffic takes two extra hops, out and back through the encrypted tunnel. When you’re far from home, this can slow your connection down.
• Your computer has to connect to the VPN server and establish the encrypted tunnel before you can get online. This typically takes only a few seconds, but can feel a lot longer if you are in a hurry.

Learn More

• Further reading. Serious Security: Understanding the ‘P’ in ‘VPN’
• How to do it. Use a VPN to secure your branch offices with Sophos RED
• Get a free trial. Try the Sophos UTM in your business, with built-in VPN.
• Run your own VPN at home. The Sophos UTM is 100% free for home use.

(Can’t view the video in the window above? Watch in higher resolution directly from YouTube. Can’t hear the sound clearly? Click on the Captions icon in the video player to turn on closed captions.)