Connect with us

Tech

US security agencies release guidance on how to correctly handle VPNs

Ultimately, it is of great importance that users become aware while using VPNs, but also when dealing with location services.

disconnect vpn premium
Image: KnowTechie

VPNs or Virtual Private Networks emerged as an important security tool to protect users browsing the Internet by hiding crucial details related to their identity and location. However, these are powerful tools that need to be used responsibly and still demand considerable attention. 

As a result, the Cybersecurity and Infrastructure Security Agency (CISA) and the US National Security Agency (NSA) have released a step-by-step guide for companies and the public to be aware of what this technology entails and how it should be used. The NSA’s guide comes as part of an initiative to help protect the Department of Defense, the Homeland Security Systems, the Defense Industrial Base, private companies, and individuals alike.

For those who are not familiarized with this type of software, VPNs are used to hide the IP address of Internet users by allowing their network signal to be redirected through a remote server. However, if the service provider is not reliable then the network signal’s security may be compromised. Therefore, it is important to choose a reliable VPN, that offers protection for several devices and is up to date with the latest operating systems’ versions.

The agencies’ guide highlights that an uncertified VPN can expose virtual credentials to cybercriminals, allowing them to remotely control multiple devices, and access sensitive data from all computers connected to a given network, such as settings and passwords. According to CISA and NSA, these types of threats are on the rise.

laptop
Image: Unsplash

Main Recommendations

The recommendation is that users purchase VPNs from vendors that constantly update their services by fixing bugs and improving their security. There are also tips on how to avoid compromising your VPN servers. In general, these are basic rules that must be followed for those buying the services and also for providers.

One of the main pieces of advice is to apply patches and update all systems as soon as they become available while following developers’ recommendations and specifications carefully. Additionally, it is also important to update credentials, such as passwords, regularly to avoid compromising your personal information during any type of data leak.

When it comes to choosing a VPN product it is best to use tested and validated services, such as those featured in the National Information Assurance Partnership (NIAP) Product Compliance List, but also opt for software that employs strong authentication methods such as multi-factor authentication.

The complete guide is available on the NSA’s official website.

facebook logo on smartphone screen
Image: Unsplash

Past Recommendations

This is not the first time the NSA released guidance on how to keep sensitive data safe. In past reports, the agency drew attention to how users’ location accounts for valuable data capable of revealing personal details, including the number of people in a given location or an individual’s routines. The recommendations relate to the need for users to consider what information they are willing to disclose while using their devices and to be aware of the risk they pose.

One of NSA’s main points of guidance is for users to only enable their smartphones’ location service when they need it. However, according to the agency, disabling this feature only partially reduces the risk of exposure. In fact, when the GPS and location services are disabled, users’ locations are only blocked for applications installed on the device. On the other hand, the phone can use the location data and even communicate it to the network provider.

Alternatively, even without any network signal or connection, devices can still communicate and store data related to location via Wi-Fi and Bluetooth connections. Additionally, websites are also capable of extracting information from browsers to obtain this data. To minimize tracking, the NSA recommends disabling the Bluetooth and Wi-Fi when they are not required. If users want to take its protection even further, they can activate the ‘airplane mode’ whenever the device is not being used.

In-application tracking is another key factor in limiting data exposure. The NSA advises users to turn off or reject permissions to share location data with applications whenever possible, including browsers. Another issue, closely related to this, is the advertiser ID. This is a code or system identifier that allows applications to monitor the activity of a smartphone for advertising purposes. Some applications ask users to agree to this service as part of their app use, but according to the NSA, users can still agree to this as long as they clear their records at least once a week.

The report also draws attention to the fact that exposure of device locations does not only occur on smartphones, but also on other devices with wireless connections, such as smartwatches, smart wristbands, vehicle communication systems, and even smart home products.

Ultimately, it is of great importance that users become aware while using VPNs, but also when dealing with location services. In fact, the protection of private details is a task that must be enforced by both app developers, network providers, and users.

Have any thoughts on this? Let us know down below in the comments or carry the discussion over to our Twitter or Facebook.

Editors’ Recommendations:

Chris has been blogging since the early days of the internet. He primarily focuses on topics related to tech, business, marketing, and pretty much anything else that revolves around tech. When he's not writing, you can find him noodling around on a guitar or cooking up a mean storm for friends and family.

Click to comment

You must be logged in to post a comment Login

Leave a Reply

More in Tech