VPN Over Open Wireless Networks – CompTIA Security+ SY0-401: 1.5

If you do any work on open wireless networks, you may want to consider using a VPN. In this video, you’ll learn how VPNs are able to secure all of your network traffic over an insecure open wireless networks.

<< Previous Video: Site SurveysNext: Control Types >>

Using an open wireless access point that’s at a coffee shop or a hotel or a school has some significant security concerns associated with it. As you’re sending information to that access point, it’s being sent in the clear. There’s no wireless encryption that happens to be going on because it’s an open access point.

This is probably different than the access point you have at home, where you’ve implemented WPA2 encryption. But because this is an open access point and you want to have as many people using it as possible, you don’t generally see it being implemented with any wireless encryption.

Because of this, everything you send can be seen by anybody else who can receive that radio signal. This means that they could be sitting anywhere nearby and be able to see everything that’s happening. They can look at your data that you’re sending.

They can read your emails that you happen to be looking at. They can see what websites you happen to be visiting. Even if you’re visiting some sites via HTTPS, you’re still going to have other traffic from your desktop or your laptop that can still be seen over this wireless network.

That’s why it’s increasingly common that people use a VPN, or virtual private network, to protect the data that’s going through these open wireless access points. That means that every single bit and byte that’s leaving your computer is going to be encrypted. You don’t have to worry about visiting a website and using encrypted protocols. You don’t have to worry about setting up your email client in a way that everything will be encrypted. With a VPN, everything going out of your computer is encrypted, whether you configured it that way or not.

Here’s how this works. You’ve got your laptop at the coffee shop. And you need to communicate to a corporate network or back to some other location on the internet.

The way that you do this is generally install and run a piece of software on your machine that then creates an encrypted tunnel to what we call a VPN concentrator. This VPN concentrator is specifically designed to be able to handle the encryption and decryption required. So it usually has a very beefy set of CPUs that’s able to perform this very quickly. You’re creating this encrypted tunnel, which means everything between your device and the VPN concentrator is going to be protected. Even if somebody was to capture that data on the wireless network, they would have no idea what to do with it because they would not be able to decrypt it.

It’s the VPN concentrator that then does the decryption, turns it back into the in-the-clear traffic, and sends it through to the corporate network. That’s why it’s increasingly common for people to use these VPN software VPN concentrators, especially when you’re in an environment where somebody might be listening in to your conversations.