I recently encountered a problem that, after much research, I’ve concluded is a bit of an epidemic. It’s not entirely unique to Australia, but due to the nature of schools’ IT departments and their reliance on vendor lock-in, I suspect it will be experienced by many teachers and students in the country.
The Problem: VPNs and WiFi
VPNs (Virtual Private Networks) are very useful for providing confidentiality, authenticity, and integrity to your network traffic, while travelling on public WiFi. These are the fundamental building blocks of a strong encryption infrastructure. For the uninitiated, let’s also establish the different types of VPNs.
1. PPTP VPNs (Point-to-Point Tunneling Protocol) – This is the most popular type of VPN, and is considered to be a “secure” VPN solution. It is, as the name suggests, point-to-point. This means your traffic is encrypted and tunneled between the gateway and your device (often a laptop or mobile phone) when you use it. The main downside of this type of VPN is that it is only as secure as your WiFi connection, and can be easily compromised by a malicious actor with access to the same network.
2. L2TP/IPsec VPNs (Layer Two Tunneling Protocol/Internet Protocol Security) – This type of VPN is generally considered to be more secure than PPTP, as it was originally designed to be used between points of trust. That is, you can establish a VPN with another entity (such as a VPN provider) so that you can be sure all of your traffic is encrypted and protected. The downside to this type of VPN, aside from the fact that it tends to be more complex and, therefore, potentially more susceptible to attacks, is that it can be a pain to configure.
How Does WiFi Work?
Wifi (Wireless Fidelity) is the combination of various wireless technologies (such as Wi-Fi, Bluetooth, and NFC) that work together to provide a quick and easy way for users to connect to a wireless network.
Because WiFi is wireless, it is, by its very nature, extremely mobile-friendly. You can take a WiFi access point (such as the one offered by Google for businesses) and move it around to provide coverage where you need it. This makes it ideal for schools as you don’t have to worry about fixed networking infrastructure or the location of the server.
VPNs and WiFi Are…Wait…Why Are They Together?
The above descriptions should answer the question as to why VPNs and WiFi don’t always mix well together. While WiFi is, generally, a more secure and reliable protocol when used separately from other protocols and networks, when used in conjunction with VPNs, they can cause more problems than they solve. The key problem is that when you’re online, you’re usually on more than one network – such as WiFi at home and the Internet when you’re at work. While it is possible to configure your devices to route all network traffic through a VPN (called tunneling), this can be a little difficult. Imagine trying to configure your phone or laptop to always use your school’s VPN when connected to WiFi – unless you want to end up somewhere else whenever you log on to your school’s network!
Solution? Use a VPN On a Separate Network!
This is where a “man in the middle” attack comes in. When you’re on a public network (such as at a café or airport), an attacker can intercept your traffic and gain access to all your personal data. This includes your banking details, your email messages, and the contents of your laptop or mobile phone. Imagine how frightened you would be if an attacker managed to access your personal data while you were on holiday and needed to make a quick financial transaction? You would be forced to change your bank details, and, subsequently, have all your financial information exposed. This is why you should never use public WiFi while on vacation. It might be tempting to do so while in an airport or other public spaces, but even then, it’s not advisable.
Even when you’re on school property and using school equipment (such as a VPN), your school’s network is not completely safe. If someone has physical access to your computer or mobile phone, they can log into your account and see all of the personal data you’ve stored on it. From there, they can gain complete control over your device and access your personal information. Remember: the more networks you’re connected to, the more at risk you are of an attack. This is why you should avoid being logged into multiple accounts on a single device, which could lead to all kinds of trouble. For example, let’s say you have a Gmail account and a Dropbox account that you use on a daily basis. If someone compromises your Gmail account, they can access all your data stored in Dropbox. So, while it’s not exactly what we want from a protection perspective, being able to access both accounts from a single log-in on a school computer can lead to a compromise of your personal details. The lesson here is to keep your devices and equipment as safe and secure as possible and to avoid using public WiFi whenever possible. Most importantly, if you want to use a VPN on school property, use a different network than the one that your device is currently logged into. This will prevent any risk of exposure.
One More Thing
When you’re using the Internet, you’re usually on more than one network. The above descriptions should have given you a pretty good idea of why this is the case. Basically, whenever you’re connected to another network, such as the one at your home, there’s a chance an attacker could “listen in” and steal your data. This is called a Man-in-the-middle attack and it’s why you should use a VPN when you’re online. Doing so prevents others from reading your data, which in turn makes it much harder for hackers to steal your information or use your device for malicious purposes. You can learn more about VPNs in general (including their history) here.