Virtual Private Networks (VPNs) π
Protect your privacy
A Virtual Private Network (short: VPN) is a mechanism that which allows you to remotely connect your computer to a private network over a public channel such as the internet. The VPN routes your traffic over the VPN provider. This means you donβt access the internet directly anymore, but your VPN provider does it for you.
Itβs about securing network traffic.
An interesting side-effect is that the websites youβre using now donβt see your IP address. They see the IP address of the VPN server. This means you can work around content area restrictions, e.g. when youβre on vacation abroad and still want to use your Netflix account to watch the same series.
What is a VPN good for?
- Bypass geographic restrictions, e.g. Netflix
- Privacy: Hide your IP address. Just be aware that there are other ways to track you, e.g. cookies or browser fingerprinting. It also helps to hide which websites youβre using from the local wifi operator. If privacy is your main concern, then you want to look for a no-logs policy VPN provider.
- Personalized Pricing: If you think you get a different price because of the location youβre from, then a VPN might help. Iβm just not sure if that is really the case. Please leave a comment if you have first-hand experience with that.
- Security in insecure Wifi: A VPN protects you from DNS Hijacking.
See also
Whatβs next?
In this series about application security (AppSec) we already explained some of the techniques of the attackers π and also the techniques of the defenders π:
- Part 1: SQL Injections ππ
- Part 2: Donβt leak Secrets π
- Part 3: Cross-Site Scripting (XSS) ππ
- Part 4: Password Hashing π
- Part 5: ZIP Bombs π
- Part 6: CAPTCHA π
- Part 7: Email Spoofing π
- Part 8: Software Composition Analysis (SCA) π
- Part 9: XXE attacks ππ
- Part 10: Effective Access Control π
- Part 11: DOS via a Billion Laughs π
- Part 12: Full Disk Encryption π
- Part 13: Insecure Deserialization π
- Part 14: Docker Security π
- Part 15: Credential Stuffing ππ
- Part 16: Multi-Factor Authentication (MFA/2FA) π
- Part 17: ReDoS π
- Part 18: Secure and Private Instant Messaging π
- Part 19: Cryptojacking π
- Part 20: Backups π
- Part 21: CSRF π
- Part 22: Cookies π
- Part 23: Clipboard Hijacking π
- Part 24: Certificates π
- Part 25: Server-Side Request Forgery (SSRF) π
- Part 26: Content Security Policy (CSP) π
- Part 27: Race Condition Attacks in Blockchains π
- Part 28: JSON Web Tokens (JWT) π
- Part 29: Social Engineering (including Phishing) π
- Part 30: Virtual Private Networks (VPNs) π
- Part 31: Font Manipulation π
- Part 32: Network Separation π
- Part 33: (Sub)domain Takeover π
- Part 34: Single-Sign-On π
- Part 35: Man-in-the-Middle (MITM) Attacks π
- Part 36: Mobile Device Management (MDM) π
- Part 37: Insider Threats π
- Part 38: Data Loss Prevention (DLP) π
- Part 39: Clickjacking π
- Part 40: Web Application Firewalls (WAF) π
- Part 41: Brute Force Attacks π
- Part 42: Security Information and Event Management (SIEM) π
- Part 43: Cache Poisoning π
- Part 44: HTTPS and TLS Best Practices π
- Part 45: Path Traversal Attacks π
- Part 46: Application Security Testing (AST) π
- Part 47: DNS Rebinding π
- Part 48: Zero Trust Architecture π
- Part 49: Watering Hole Attacks π
- Part 50: Identity and Access Management (IAM) π
- Part 51: Scareware π
- Part 52: Penetration Testing π
Let me know if you are interested in more articles around AppSec / InfoSec!
I love writing about software development and technology π€© Donβt miss updates: Get my free email newsletter π§ or sign up for Medium βοΈ if you havenβt done it yet β both encourage me to write more π€
