VPN: All Eyes on Privacy

ISP mandatory data retention laws rolling out worldwide are a reminder that your Internet communications are not just being watched, in many cases they’re being logged and stored.

Affected citizens are uneasy not just with government surveillance but with the magnitude of the attack surface – and a data breach leading to intimate details of their private lives and personal habits, as revealed by their browsing history, being bought and sold on the Dark Web.

It’s no wonder the personal VPN (Virtual Private Network) provider industry is booming.

While VPN may have caught the gaze of the public eye relatively recently, it’s been a staple of the corporate world for over 20 years. In the 1990s, VPN allowed businesses to do away with expensive leased lines, and securely interconnect geographically distributed office LANs over the public Internet. As broadband became the norm, VPN displaced dial-in RAS servers for providing remote workers and travelling “road warriors” with secure remote access to the corporate network from their homes or hotel rooms.

Similarly, Opengear products are purpose built to provide secure remote access, often over public networks such as the cellular WWAN, so VPN is a key part of our solution. In fact, a good number of Opengear’s engineering and management team have backgrounds building enterprise-grade VPN appliances, so it’s a natural fit in more ways than one.

So what should you look for in a VPN?

Strong cryptography: As computing power increases and costs decrease, older ciphers like RC4 and shorter encryption keys like 1024 bit RSA become susceptible to brute force cracking. Protocols that support perfect forward secrecy like IPsec and OpenVPN help protect sessions being logged today against a future compromise of encryption keys. Full details of our products’ services, protocols, ciphers & hashes can be found in this knowledge base article.

Open algorithms and implementations: It may seem counterintuitive, but public code is the safest bet for securing private communications. A security algorithm must stand on the strength of its mathematics, not the ability of its creators to obscure its inner workings. Open, peer-reviewed source code means bugs and backdoors can be identified, disclosed and fixed swiftly and responsibly. These days, proprietary security libraries have become relatively uncommon.

A responsive vendor: Since the PRISM disclosure, the many eyes of the security community have refocused on the open source building blocks that underpin online banking, messaging, remote access and information security generally. Significant vulnerabilities are published regularly in the form of CVE (Common Vulnerabilities and Exposures) reports. The onus is on vendors to disclosure vulnerabilities, and expedite mitigation instructions and patches, but also on users to keep device firmware updated – so sign up for Opengear security notifications via email or RSS.

If you’d like to know more, our knowledge base has further reading on using VPN to help secure your Opengear deployment.