Virtual Private Network (VPN)

Used by millions of people and organisations worldwide. A VPN creates a secure connection between you and a VPN server. Let’s dive into the details!

Life without a VPN

Here are two scenarios aimed to demonstrate the risks involved when a VPN is not in use. I’ll answer likely questions near the end of this blog post.

Scenario 1 - Your home network

You have a router at home provided by an ISP (Internet Service Provider). It has its own WIFI and a password associated with it.

By default, some of your internet activity is visible to your provider.

How? Here’s how:

1. You visit corebear.net
2. Your router will send a request to the ISP’s DNS Server to resolve the site’s IP address.
3. It will return that IP address.
4. The ISP may log this activity with the site.

But I trust my ISP! Fair enough. I agree with you. Let’s look at a few more scenarios.

Scenario 2 - Your local café

Disclaimer: This is a basic scenario. Real-world threats can be more advanced and nuanced.

Family or corporate-owned café. Delicious pastries and free WiFi.

1. You visit corebear.net
2. The café router resolves the FQDN and returns an IP Address.
3. Your device loads this site accordingly.

Stop! You’re assuming the WiFi is secure and set up correctly. You’re assuming that malicious actors aren’t touching it because it’s just a small fish in a large lake.

Wrong! Did you know:

1. There are millions of compromised devices in the world.
2. These compromised devices can automatically scan the internet for other vulnerable machines.
3. A vulnerable machine may be the same router you’re connected to while eating that delicious pastry.
4. That same router may be exposing its admin control panel to the internet. Meaning anyone from the internet can connect to it.
5. It may also be using the default admin credentials.
6. It then may also have an option to change the DNS Server.

The next time you visit a site. The malicious actor could return the wrong IP address. An IP address of a compromised machine that is also serving a malicious payload.

Let’s break this down. Most devices, such as your laptop, are typically configured to use the router’s DNS server. But if the router is compromised, it could enable a man-in-the-middle attack in which the malicious actor can poison the IP address returned. This could then make it easy to compromise you, too.

Life with a VPN

A VPN can be useful in multiple scenarios.

Scenario 1 - Home network

1. Corebear.net is blocked by your ISP due to content restrictions.
2. You turn on your VPN.
3. As a result, the restrictions are bypassed.

Scenario 2 - Preventing Privacy Violations

Disclaimer: This is likely not applicable to those protected by GDPR.

1. You visit a forum for marriage advice.
2. Your ISP knows this and sells this data to advertisers.
3. Your spouse receives an advertisement for a divorce lawyer.

Instead, a VPN can protect you against this type of invasion of privacy. If you want to learn more about this. Please visit Privacy Guides, which features independent privacy guides and resources. Please note that Privacy Guides is not affiliated with Corebear.

Scenario 3 - Corporate Network

As you learn more about Tech. You may eventually learn why it’s so important to restrict access on corporate networks, for example. One small part of this involves using a VPN. Here’s an example highlighting the importance:

1. You’re travelling for business.
2. Your company-issued laptop contains sensitive sales data.
3. You connect to a compromised hotel WiFi network.
4. The sensitive sales data is stolen.

If you are connected to the same network but with a VPN enabled. It’s a lot less likely that you would be a victim.

Pause Point - At this stage of the post, I expect you now have a basic understanding of a VPN. This was emphasised through the scenarios above.

I believe the likely scenario we’re now addressing for the average reader is securing your phone or other personal devices when connected to risky WiFi networks, such as those at your local café or hotel.

To solve a large part of the risks involved. You may want to consider using a VPN. Now you’re probably thinking a few questions:

1. Can I do this for free?
2. Should I self-host or just purchase a VPN?
3. Is it expensive?

Good questions!

Can I use a free VPN?

Yes, you can. But should you? No, I wouldn’t suggest it. It costs money to host a VPN. If you remove the incentive for the operator, then the only logical result is that you become the incentive.

This can touch you in a few ways, for example:

Scenario 1 - Piggy Backing

There are many free VPN providers that stipulate that they can piggyback on your connection. This means they can use your WiFi network.

In turn, they sell access to your connection for a fee.

There can be legitimate use cases, but you’ll often find that malicious actors take advantage.

But why? An actor could be involved in criminal activity. Then law enforcement could put the blame on you, as it was technically your device and your connection. I’m sure this has occurred many times and has likely placed people in bad situations. For that reason, you should never use a free VPN.

Scenario 2 - Slow Speeds

You may come across freemium VPN providers. They offer a free service, but gently nudge you to purchase the premium version. I don’t agree or disagree with the business model here. But generally speaking, the same scenario 1 may apply. Additionally, you may experience slow speeds and a lack of choice regarding the location of the VPN server.

Should I self-host or just purchase a VPN?

Another good question, and it can depend on your circumstances. The good news is that this blog post will soon cover how you can do it quickly & securely. But let’s answer the question. Here are a few reasons:

Self-Host:

1. You want full control over the VPN Server.
2. You value your full privacy.

Purchase a VPN:

1. You want a VPN quickly.
2. You don’t mind paying more.
3. You value multiple locations.
4. You lack the confidence to self-host.

Is it expensive?

At least $7 per month. It can be cheaper to buy a VPN for a year from a known provider. Or it can be cheaper to self-host. Either way, you can expect to budget about $7 per month. This can be lower or higher depending on your needs.

How do I host my own VPN Server?

Very simple!

1. You purchase a Virtual Private Server.
2. Install an OS such as Debian.
3. Connect to the server.
4. Update it and install packages such as fail2ban
5. Enable automatic security updates.
6. Visit the NYR Wireguard VPN GitHub Repository.
7. Run the script and go through the prompts.

Questions & Answers

What VPN software should I be using?

You have a few options, but the recommended option is WireGuard. It’s a popular VPN used by millions of people. It’s also highly secure, as its codebase is much smaller than that of other VPN software like OpenVPN.

Additionally, once you host WireGuard. Even when you open the port to the internet, it doesn’t expose it the way a typical port does. It will appear closed unless you present the correct key. This is a big selling point for self-hosted VPNs.

How does a FQDN lookup work?

A fully qualified domain name (FQDN) lookup is the process of resolving a website name to an IP address. Your computer then uses that IP address to talk with the website.

Your machine will automatically ask the configured DNS server to query an authoritative DNS server for the IP address of the website you’re looking to resolve.

Results are cached depending on the TTL value in the DNS record. Additional caching can occur depending on your DNS server settings.

For example, I am hosting this website, and in my DNS provider’s control panel, I have configured a specific IP address to be resolved when people query corebear.net. I’ve then configured the web server at that address to respond to queries for my FQDN.

My web server is configured to answer on ports 80 and 443. When someone visits corebear.net, they resolve my IP, and then the program listening on ports 80 (HTTP) and 443 responds. By default, it will redirect the visitor to port 443 (HTTPS) to ensure communication is secure via a certificate for the visitor and my web server.

If you want to learn more about this topic. Please visit our Domain Name System (DNS) blog post.

Why would my ISP block a website?

In the UK, we have the Online Safety Act. We also have many other reasons as to why a website is blocked. Which I agree with. But in other parts of the world, you will likely find non-legitimate reasons to block a site.

The most common reason is politically motivated censorship.

What privacy can I expect from my ISP?

Ignoring the marketing material of VPN providers and those with vested interests in you buying their products. Those who benefit from GDPR likely have less to worry about than those in jurisdictions without such a law.

Outside the EU. There may be ISPs that sell data obtained through using their services to third parties. Ignoring the possibility that nation states can and certainly are collecting data at scale for many different use cases, it’s likely your ISP will have details of any collection policies within their terms and conditions. Therefore, I would recommend reviewing that.

Can I use a VPN for illegal purposes?

It’s not a matter of yes or no, unfortunately. No, because it’s illegal. Yes, because technically, you can commit a crime with or without a VPN. The whole idea behind a VPN is to secure your internet connection between point A & B.

The simple answer is don’t do it.

Here’s a real scenario that came to mind while writing this answer. I recently watched a live stream of a protest in the UK. It involved protesters and police in riot gear. Some of the protesters were throwing bricks over a wooden fence towards the police.

What they didn’t realise was a few things:

1. The event was being live-streamed by many people.
2. Their faces were captured doing the act.
3. The police will likely see the same footage and use facial recognition to eventually arrest the offenders.

In theory, the same applies to committing an illegal act while using a VPN. You may think you’ll get away with it. You may believe so genuinely. But the reality is, there are countless ways for law enforcement to unmask the person behind it. Therefore, the simple answer is don’t do it. Even if in that moment you believe the police cannot see you physically throw the brick over that fence to harm a person. What you don’t realise is that right next to you is someone recording your act live to an audience.

If you’re interested in Cybersecurity. There are countless resources online that you may find interesting. One of those is a site named Krebs on Security. The site inspired me in the past to learn more about computers and how to secure them. Thank you, Brian!

What is a compromised device?

A compromised device is any device controlled by an unauthorised actor. This includes devices connected to the internet and those that aren’t. Here are a few scenarios:

• An ISP has 100,000 clients. Each with their own ISP-issued router. The ISP does not update the firmware of those routers. A malicious actor discovers a firmware vulnerability that compromises the routers.
• A Smart CCTV camera phones home to the manufacturer. The primary use case is to keep the firmware up to date and the camera free of software defects. Eventually, the model is discontinued. The domain name is forgotten about and expires. A malicious actor purchases the domain and figures out how to compromise any of those old devices connecting to it.

What is a malicious payload?

A malicious payload is often an action or a set of actions that is unauthorised or unexpected. For example, you visit a website to download a program that you used on your old computer. You don’t know it, but the site is compromised, and instead, a malicious payload is bundled with the same program.

You run the program and install it. It works fine, but unbeknownst to you, you have now been infected with a computer virus.

That concludes this blog post. I hope this has been both helpful and eye-opening!