How to Create a Secure Business VPN

A Virtual Private network (VPN) uses a public network (usually the Internet) to connect securely to a private network (such as a company's network) to communicate confidentially over the public network. 
Using a VPN will let you share files and resources – including voice, video or data files -- as though you were physically connected on the same network. It's a good option for remote workers and organizations with global offices and partners to share data in a private manner.
To connect entire networks together via a VPN (commonly called site-to-site connections) it's best to make the connection at each location's main network router or gateway, which requires a router or a gateway with built-in VPN functionality. You'll find most VPN solutions also support remote access to users outside of the office; for example, when your employees use Wi-Fi hotspots at hotels, airports, or even their home. This requires that their computer or mobile device supports the same VPN method as your company's VPN solution.
Small Business Computing  recently discussed how using a VPN benefits your small business network. This article, How to Connect Multiple Offices with VPN provides an excellent overview of VPN protocols, VPN routers, firmware and other important tech issues to consider when setting up a business VPN.

Which VPN Is Best for Your Small Business?

When choosing between IPSec and SSL, you might find you need both kinds of VPNs.

Mobile workers are a fact of life for most small businesses and that is often a good thing—for both the company and the employee or contractor. Users who have remote access to your small business network from their home offices or while traveling tend to be more productive and can helps save your company money. The trick, of course, is making sure that the mobile connections to your network are secure. For that, you need an encrypted virtual private network (VPN), which lets remote users safely connect to your network from any location with Internet access.

There are two different types of VPNs: Internet Protocol Security (IPSec) and Secure Sockets Layer (SSL). Both VPNs allow you to remotely access network resources—providing a secure and private link to your network via the public Internet—but in different ways. Choosing the one that’s right for your small business depends on your existing (or planned) network hardware and the type of users who need remote access to the applications and data on your network.

IPSec vs. SSL VPNs

An IPSec VPN provides secure access to your entire small business network by encrypting data traveling between an IPSec gateway, which is installed on a router or security appliance, and an IPSec remote access client installed on an employee’s laptop or smartphone. An IPSec VPN gives users a network experience similar to sitting in the office with native access to all your applications.
An SSL VPN allows users to securely access only specific applications and services on the network via a web browser and is ideal for those small businesses that want to offer secure access to partners, contractors, consultants and suppliers by providing access to only specific applications and services inside their business network. An SSL VPN uses a web browser’s security capabilities to secure private network traffic. No special client application is necessary, so users can log into an SSL VPN from any device with a browser and an Internet connection. Because SSL VPNs use an Internet protocol, the applications users access through this type of VPN must be web-enabled.
In general, an IPSec VPN is more secure than an SSL VPN because it requires a special client and can’t be accessed by non-sanctioned Internet devices, like a public PC at the local library. It also gives employees access to more applications that don’t need a web version to function over the VPN. On the other hand, an SSL VPN makes it easier to give users access to web-based services such as email.
Should you choose one VPN over another, or both?
When deciding which type of VPN to install, the question isn’t so much “Which one is better?” but “Which one is better for my business?”. Both VPNs have their advantages, and you might even decide you need a “hybrid VPN”—an IPSec VPN for a certain group of users such as employees who need to access all the applications and data within the network and an SSL VPN for providing controlled access to specific applications and services that are pertinent to contractors, consultants, suppliers and partners etc.
In fact, depending on which hardware you choose to provide VPN functionality for your business, you don’t necessarily have to choose between the two VPN types. For instance, the HMA Business RV Series Routers has built-in IPSec VPN functionality, and some models, including the RV220W Wireless Network Security Firewall offer both IPSec and SSL VPNs.
See how a Connecticut law firm, Peck & Tuneski, uses a Cisco small business VPN to increase their productivity and billable hours.
Are you currently using a VPN for remote offices or mobile employees? Which did you choose—an IPSec or SSL VPN?
When choosing between IPSec and SSL, you might find you need both kinds of VPNs

How (and why) to set up a VPN today

Marissa Mayer made Yahoo's VPN famous by using it to check on the work habits of her employees. Lost amid today's VPN conversation, however, is the fact that virtual private networks are much more than just pipelines for connecting remote employees to central work servers.

And that's a damn shame, because VPNs can be helpful tools for protecting online privacy, and you need not be an office drone to enjoy their benefits.
A VPN, as its name suggests, is just a virtual version of a secure, physical network—a web of computers linked together to share files and other resources. But VPNs connect to the outside world over the Internet, and they can serve to secure general Internet traffic in addition to corporate assets. In fact, the lion's share of modern VPNs are encrypted, so computers, devices, and other networks that connect to them do so via encrypted tunnels.

Why you want a VPN

You have at least four great reasons to start using a VPN. First, you can use it to connect securely to a remote network via the Internet. Most companies maintain VPNs so that employees can access files, applications, printers, and other resources on the office network without compromising security, but you can also set up your own VPN to safely access your secure home network while you're on the road.
Second, VPNs are particularly useful for connecting multiple networks together securely. For this reason, most businesses big and small rely on a VPN to share servers and other networked resources among multiple offices or stores across the globe. Even if you don't have a chain of offices to worry about, you can use the same trick to connect multiple home networks or other networks for personal use.

This diagram illustrates the difference between using an unencrypted connection and using a VPN-secured Internet connection at your average coffee shop.

Third, if you're concerned about your online privacy, connecting to an encrypted VPN while you're on a public or untrusted network—such as a Wi-Fi hotspot in a hotel or coffee shop—is a smart, simple security practice. Because the VPN encrypts your Internet traffic, it helps to stymie other people who may be trying to snoop on your browsing via Wi-Fi to capture your passwords.
Fourth and finally, one of the best reasons to use a VPN is to circumvent regional restrictions—known as geoblocking—on certain websites. Journalists and political dissidents use VPNs to get around state-sponsored censorship all the time, but you can also use a VPN for recreational purposes, such as connecting to a British VPN to watch the BBC iPlayer outside the UK. Because your Internet traffic routes through the VPN, it looks as if you're just another British visitor.

Pick your protocol

When choosing a networking protocol for your VPN, you need worry only about the four most popular ones. Here's a quick rundown, including the strengths and weaknesses of each.
Point-to-Point Tunneling Protocol (PPTP) is the least secure VPN method, but it’s a great starting point for your first VPN because almost every operating system supports it, including Windows, Mac OS, and even mobile OSs.
Layer 2 Tunneling Protocol (L2TP) and Internet Protocol Security (IPsec) are more secure than PPTP and are almost as widely supported, but they are also more complicated to set up and are susceptible to the same connection issues as PPTP is.
Secure Sockets Layer (SSL) VPN systems provide the same level of security that you trust when you log on to banking sites and other sensitive domains. Most SSL VPNs are referred to as "clientless," since you don't need to be running a dedicated VPN client to connect to one of them. They're my favorite kind of VPN because the connection happens via a Web browser and thus is easier and more reliable to use than PPTP, L2TP, or IPsec.

An SSL VPN server is designed to be accessed via Web browser and creates encrypted channels so that you can safely access the server from anywhere.

OpenVPN is exactly what it sounds like: an open-source VPN system that's based on SSL code. It's free and secure, and it doesn't suffer from connection issues, but using OpenVPN does require you to install a client since Windows, Mac OS X, and mobile devices don't natively support it.
In short: When in doubt, try to use SSL or OpenVPN. Keep in mind that some of the services highlighted in the next section don’t use these protocols. Instead, they use their own proprietary VPN technology.
Now, let's talk about how to create and connect to your own VPN. If you want simple remote access to a single computer, consider using the VPN software built into Windows. If you’d like to network multiple computers together quickly through a VPN, consider installing stand-alone VPN server software.
If you need a more reliable and robust arrangement (one that also supports site-to-site connections), consider using a dedicated VPN router. And if you just want to use a VPN to secure your Internet traffic while you're on public Wi-Fi hotspots and other untrusted networks—or to access regionally restricted sites—consider subscribing to a third-party hosted VPN provider.

Set up a simple VPN with Windows

Windows comes loaded with a VPN client that supports the PPTP and L2TP/IPsec protocols. The setup process is simple: If you're using Windows 8, just bring up the Search charm, type VPN, and then launch the VPN wizard by clicking Set up a virtual private network (VPN) connection.
You can use this client to connect securely to other Windows computers or to other VPN servers that support the PPTP and L2TP/IPsec protocols—you just need to provide the IP address or domain name of the VPN server to which you want to connect. If you're connecting to a corporate or commercial VPN, you can contact the administrator to learn the proper IP address. If you're running your own VPN server via Windows, you can figure out the server's IP address by typing CMD in the Search charm, launching the Command Prompt, and typing ipconfig. This simple trick comes in handy when you're setting up your Windows PC as a VPN server, and then connecting to it so that you can securely, remotely access your files from anywhere.

Windows has a built-in VPN client, but you'll need to provide the connection information (namely, the IP address) for the VPN server you want to use.

Quick note: When setting up incoming PPTP VPN connections in Windows, you must configure your network router to forward VPN traffic to the Windows computer you want to access remotely. You can do this by logging in to the router’s control panel—consult the manufacturer's instructions on how to do this—and configuring the port-forwarding or virtual-server settings to forward port 1723 to the IP address of the computer you wish to access. In addition, PPTP or VPN pass-through options need to be enabled in the firewall settings, but usually they're switched on by default.
If you're using Windows 7 and you need to connect to a VPN or to accept incoming VPN connections in that OS, check out our guide to setting up a VPN in Windows 7.

Connection problems? Try this!

When a user has trouble connecting to our VPN, any of several things can be wrong. Before you start
panicking and desperately checking all possible causes and settings, have a look at our preliminary checklist first.

1. Connect to multiple servers from different areas

This makes sense when e.g. bad routing or geo-specific problems of your ISP are causing connection problems. Cannot connect to a certain country? Try a different one.

This will also show if your connection problems are restricted to a certain VPN server/area or based by issues on your system, preventing you from connecting at all.

2. Try all available VPN protocols

HMA! Pro VPN can be used through all common VPN protocols: OpenVPN-TCP, OpenVPN-UDP, PPTP and L2TP. And that’s exactly what you should try when experiencing any kind of connection issues. See our Wiki for a list of instructions for how to connect using all protocols on various operating systems and devices: http://wiki.hidemyass.com/Connection_Instructions

3. Check for possible causes with 3rd party security applications

We have found that the majority of all connection problems is caused by firewall, antivirus and other 3rd party security applications running in the background. The easiest way to determine if a certain application might be responsible for your connection issues is to simply deactivate/close it temporarily and testing if the problem remains. Once the cause is found, it’s simply a matter of reconfiguring the 3rd party application in question so that it plays nicely with the Hide My Ass! VPN client.

If you’re still having problems, don’t worry, just visit our support page where you can message our friendly support team: http://hidemyass.com/vpn/r4662/vpncontrol/support/

Internet founder Louis Pouzin adds his voice to the global concerns about internet security

As the world continues to panic about internet security, some of the founding fathers of the entire enterprise have gone public with their own misgivings about existing privacy measures. The latest to speak out is Louis Pouzin, the French engineer whose invention of the Cyclades computer network makes him one of five men, along with Sir Tim Berners-Lee and three American developers, who are credited with the creation of the internet.

Speaking to Le Monde, Pouzin reflected that, 'the internet was first conceived without security measures...the idea of it being used by crooks was marginal. We used to say, 'We'll deal with that later.' There never seemed to be any urgency.' Their discovery opened up so many astounding possibilities that it isn't hard to see why everyone got so carried away, but unfortunately, decades down the line from the original inventions, we're definitely feeling the effects of a lack of regulations.

Pouzin's comments about security echo those recently made by Sir Tim Berners-Lee when he and the other gentlemen received the Queen Elizabeth prize for engineering at Buckingham Palace last month (pictured). Berners-Lee famously broadcast the words, 'this is for everyone' at the 2012 Olympic opening ceremony and stated at the time the fundamental principle of the internet as, 'an open thing, it wasn't something that could be controlled by any one government.'

He repeated this ethos when asked about the Edward Snowden claims surrounding internet surveillance: 'when you make something universal … it can be used for good things or nasty things … we just have to make sure it's not undercut by any large companies or governments trying to use it and get total control.'

Both men have remained active in campaigning to protect their creation from coming under the monopoly of one particular nation or corporation. Given the increasingly complex technology used by both 'good guys' and 'bad guys' alike, let's hope the founders of the internet still have what it takes to keep their invention on the idealistic track it started on.

If you have concerns about online security, one way you can use technology to help protect your privacy rather than expose it is through the use of a VPN service. A VPN acts as an additional defensive layer to help keep your connection secure while you use the internet.

63 technology companies ask for permission to release more data about US authority security requests

Following Edward Snowden’s scathing revelations about the NSA and the extent of the US’s spying capabilities, several large technology companies have asked that the US authorities allow them to release more details about security requests.

Companies including Apple, Google, Facebook and Twitter want permission to release regular statistics about the number and size of the data requests they receive. 63 organisations have sent a letter outlining the proposal to President Obama, Congress and NSA Director, General Keith Alexander on Thursday, with the action also supported by campaign groups including the Human Rights Watch and the Electronic Frontier Foundation.

Current permissions allow businesses to release some data about security requests, but in many cases they are required to ask the courts for permission first and restrict the extent of the information made available. Alexander acknowledged the public anger at Snowden's revelations, and argued that the companies are not culpable for complying with the data requests:

‘[These companies] don’t have a choice. Court order, they have to do this. What they want is the rest of the world to know that we’re not reading all of that email, so they want to give out the numbers.’
He went on to indicate that the proposals were something that the authorities would consider, but stressed that it was important to make sure that things like this were carried out correctly, and did not impact on ongoing FBI investigations.

Elsewhere, Anthony Romero, the executive director of the American Civil Liberties Union, has insisted that Snowden 'did [America] a service' by opening up questions regarding governmental access to private data, although this statement was immediately countered by several others attending the same national security conference in Colorado.  Snowden himself remains in limbo, stuck in Moscow airport where he has been for nearly a month as his disclosures continue to make waves all around the world.

If you have concerns about your online privacy, then a VPN service could be just what you’re looking for. A VPN provides your computer with an extra level of security while you’re using the internet to help ensure your connection stays safe and protected.

How to create secure passwords

When choosing a password for whatever purpose, you might use something personal like your pets
name or your birthday. But that’s far from being a secure password!

Sure, keeping a strong, complicated and long password in mind is not easy – that’s why many users make the mistake of using a rather weak password. But why not just making a compromise there? This weeks weekly tip will teach you a bit about passwords, their security and good ways to select a password.

First, the longer a password is and the more different and uncommon characters it contains, the more secure it will be. That’s why your first step should be thinking about possible risks you take when using a comparatively weak password; what damage can be done if your password gets stolen, your account used?

For example: If all that can happen is that someone else is able to play a specific flash-game with your account, then there’s not much to lose. Using a strong password here wouldn’t make much sense.

A whole different story is if your online-banking password gets stolen, or someone gets access to your website administration – this could result in real big damage, financial or legal consequences. Using a strong password here is essential!

In addition, using a weak password can be considered negligent. Should someone have used your WLAN for illegal purposes, you might be responsible for his actions simply because you did not secure it properly.

So after you decided if a strong password is needed, you need to choose what type of password you want to use. You can either use a personal password, or a generated password.
 Personal passwords: As mentioned, many people are using personal passwords like their pets name, their partners middle name, something like that. This alone brings 2 possible problems:

1. The password would certainly not be unique. It’s likely that the password is listed in so-called dictionaries. That means a hacker would only need to try often enough, and sooner or later he would have guessed your password and gained access to your account.

2. Anyone who knows you personally would be able to guess your password. Even a stranger could theoretically fetch personal information about you from the web, your friends or your family and then just keep trying different combinations and possibilities till they succeeds.

 Examples for passwords and terms you should not use:

• your birthdate: No birthdate is unique, and it’s not much effort to find out when you were born
• your pets name: No name is unique, and finding out your pets name is not that difficult
• short and common terms: Terms like “master”, “123456”, “qwerty”, “jesus” or even “password” are the worst possible choices for a password

So using a password that is simply a term of your private life is never a good idea – but that does not mean that you can’t use it. Why not just making it stronger?

You could add a number behind, before or in the middle of that term. For example, if you consider to use the password “buddy”, a stronger version would certainly be “buddy9642” or “bud9642dy”.

Remember: the longer a password is, the better. Many online services fortunately don’t accept weak or short passwords and so force you to select a stronger one.

If supported by the service you are registering for, feel free to use special characters like “@%/()$§?!”.

Using upper/lowercase characters in different combinations also makes sense. You should always keep in mind that each password has a certain chance to get guessed, either by a human or by a computer program.

Obviously a password like “buddy(1924)!” is less likely to get guessed than “buddy”.

A far more secure method for selecting a strong password is to generate one. There are countless password generators on the web with different generator settings.