Cybersecurity Expert Dr. Lecturer Ahmet Şenol made important evaluations about the advantages and potential risks offered by VPN (Virtual Private Network) technology regarding security and privacy rights. He said, “Since VPN connections use secure encryption mechanisms, intermediary parties can only see encrypted communication, and this encryption is considered secure because it cannot be deciphered in a reasonable time (it takes years). Secure communication can be established if VPN service is obtained from the right source and VPN setup is done correctly.”
Dr. Lecturer Ahmet Şenol, Head of Üsküdar University Cybersecurity Master's Program, made important evaluations about the advantages and potential risks offered by VPN (Virtual Private Network) technology regarding security and privacy rights.
VPN is also used to access blocked addresses
Dr. Lecturer Ahmet Şenol noted that VPN is one of the preferred technologies for secure communication on the internet, which is considered an insecure network. He said, “It is also a method used to access blocked addresses or use restricted applications. The ability to connect to sites and applications restricted by the government or content provider, and the anonymity of the connected person while connecting to these addresses, are among the reasons for using VPN. To give a clear example, a person in Turkey connects to a blocked site via a VPN connection as if connecting from a location in, for instance, the Netherlands, and since this site is not blocked in the Netherlands, it allows the connection.”
With VPN, they can connect from home to the office network and benefit from the local network facilities at the company
Dr. Lecturer Ahmet Şenol stated that VPN also allows individuals to connect from home to the office network and utilize the local network facilities at the company. He explained, “Another use of VPN is that individuals can connect to their organization/company networks from home via VPN, as if they physically went to the company and their computer was connected to the local area network at the company, they can send printouts to the company printer, use shared folders at the company, and benefit from the company network's capabilities. To give a concrete example, while a university student cannot download an article from their home internet, they can connect to the university’s VPN service and download that article by utilizing the university's article library agreement (as if they went to the university with their computer and connected to the network from there).”
VPN service must be obtained from the right source!
Dr. Lecturer Ahmet Şenol also stated that banks can connect their branches to each other using VPN technology and establish secure connections over the internet infrastructure, which is considered insecure. He said, “Since VPN connections use secure encryption mechanisms, intermediary parties can only see encrypted communication, and this encryption is considered secure because it cannot be deciphered in a reasonable time (it takes years). Secure communication can be established if VPN service is obtained from the right source and VPN setup is done correctly.”
What are the security vulnerabilities that can be encountered when using VPN?
Addressing the security vulnerabilities that can be encountered when using VPN, Dr. Lecturer Ahmet Şenol said, “The company providing the VPN service may log (record) your identity and which sites you visit. Another risk is that the encryption mechanism of the application provided by the VPN service company may be weak, making it possible for the encryption to be broken and the communication to be eavesdropped on and recorded. The VPN may be misconfigured; a user or company lacking configuration skills might think they are communicating via a confidential and encrypted connection while, in fact, communicating without security. If the VPN user code and password are compromised by someone else (as a result of social engineering or carelessness), unauthorized individuals or attackers could infiltrate the institutional network.”
What are the potential risks of free VPN services?
Dr. Lecturer Ahmet Şenol also issued warnings about the security vulnerabilities of free VPN services, continuing as follows:
“The encryption mechanism of free VPN services may be weak. They may log the user's real IP address along with the sites and addresses visited. This recorded information can be provided to advertising companies or intelligence units of oppressive governments. Some free VPN applications may contain malicious software, send sensitive information from your computer to a third address, or share your communication with third parties.”
What should be considered when choosing a secure VPN?
Listing the criteria to consider for a secure VPN choice, Dr. Lecturer Ahmet Şenol concluded his words as follows:
“Paid VPNs can generally be said to be more secure. VPN providers that declare they do not log (record) communication traffic can be preferred. Attention should be paid to the laws of the country where the VPN provider company is based, ensuring they strongly protect individual privacy. Comments from other VPN users can also be taken into account. Audit results from organizations that audit VPN companies can be considered when choosing a VPN service. VPNs using modern protocols like OpenVPN, IKEv2/IPsec, WireGuard can be preferred. VPN providers with servers in more countries and a high number of servers can be preferred.”