NCSAM/2011–Post 9–Use a VPN
Not everyone has the option of a VPN (Virtual Private Network), so I’m feeling somewhat naughty even suggesting it.
Where possible, use a VPN
When using a Wi-Fi network, if possible, connect to a secure VPN before doing anything.
Getting a VPN
If you have a Windows Server system, it’s really quite easy setting up a VPN for your domain. You have the choice of IPsec, PPTP, or SSTP – all of which are perfectly adequate. IPsec and PPTP are going to be compatible with the majority of systems, including non-Windows systems, but if you’re using only Windows machines, my favourite is the SSTP (Secure Sockets Tunneling Protocol) VPN, simply because it works through most firewall configurations, as it uses the Secure Universal Firewall Tunneling Protocol, on port 443.
That’s a little geek humour, as 443 is supposed to be for HTTPS – secured web traffic – but is used for all manner of other secured protocols, as firewalls generally allow it to pass through unmolested.
Connecting to your VPN
Most enterprise VPNs come with custom software to connect – but for home VPNs, you generally can use the software built in to your operating system.
On Windows, connecting to a VPN is as simple as creating the connection (which you only do once), and then connecting to it every time you roam from your home network.
For Windows 7, the steps are as follows:
- Open the Control Panel’s Network and Sharing Center
Click on “Set up a new connection or network” Choose “Connect to a workplace”; click Next. If asked about using an existing connection, select “No, create a new connection”, then click Next. When asked “How do you want to connect”, select “Use my Internet connection (VPN)”. For the Internet address, enter the IP address that you use to reach your home router from the Internet.
- You can do this either from the Control Panel => Network and Internet => Network and Sharing Center, or from right-clicking the network icon in your system tray, and selecting “Open Network and Sharing Center”.
Give it a destination name that means something to you. If you’re not ready to connect yet, select the “Don’t connect now” option. Click Next. Supply username and password – this is so that you can log on to the VPN server, and bad guys can’t. Click Create. You’re done.
- I like to use a free dynamic DNS service to register a domain name, so that my server can always be reached even when my ISP decides I need to have a new IP address. <sigh>Roll on IPv6!</sigh>
For the future
I think it would be appropriate for home router manufacturers and home server operating systems to come with simple configuration options for VPN, to allow users to more safely use even hostile wireless environments.
Let me know what you use for your home VPN.