Tag: private sever

Does Your VPN Protect From Cybercriminals, or Invite Them In?

The Coronavirus pandemic forced a variety of new adjustments on people. Most offices had to close down, and workers had to turn to their home offices to do work. Schools, universities, most places of education did the same and introduced home learning. Most entertainment outlets were no longer accessible either – the movies, theatres, concerts, everything got canceled or delayed. Home computers and laptops became an essential piece of technology at home. We use them for work, study, and fun. But can you trust them to be secure enough not to lead to trouble? You might be thinking, ”Well, I have a VPN, I’m safe.” But are you?
What is a VPN, and what does it do? VPN stands for virtual private network, and its general role boils down to two words – connectivity and security. A VPN extends a private network across a public network and allows users to exchange data across shared or public networks as though their devices connect directly to the private network. VPNs shield your original IP address and protect your data. If you join a VPN to your router, it covers all your devices connected to said router. Like, phone, PC, laptop, gaming console, smart TV, and other IoT devices.

On the diagram, you can see a standard VPN network configuration. The blue lines represent encrypted tunnels from different networks to your company infrastructure. After packet inspection with the red line, your Firewall sends the traffic to your VPN server. Finally, the VPN server decrypts the traffic and sends it to your local corporate network.

In Corona-times, VPNs are a godsend for employees who aim to reach and use corporate resources. They connect to the company VPN and go about their daily business. The question is, do they use a company device to do their work, as a company PC or laptop, or do they use a home one? That makes all the difference. If you connect the company VPN on your home network, you expose your company to malware. Think about it. What if you, or a family member, carelessly clicked on something they shouldn’t have, and now malware lurks on the PC that you’re connecting to your corporate network?
Another issue with that scenario is what type of VPN the home-office employee turns to exactly? Is it a consumer VPN server based in a different country? That’s risky.
Employees find themselves in a completely new situation, unique to both them and their employer. What had previously gotten used only on rare occasions or emergencies is now used on a regular day-to-day basis, given that 100% of the workload gets done from home. That makes workers vulnerable to targeted attacks. There are already examples of that. According to Sultan Meghji, CEO of Neocova (a cloud-based suite of banking solutions company), several bank CFOs became victims of criminals and state-based attackers.
Cybercriminals are on the lookout for easy targets. They search for open WiFi and encryption that they can break easily. Don’t be that easy target! An excellent way to up your home cybersecurity is to update your router. Ask yourself whether the router you use daily is older than your phone. If yes, replace it ASAP.
Another way to keep the office and home systems safe is education. Employers should educate their employees on cybersecurity and the best practices to implement for the most protection.

The Legality of Private Servers

The legality of privately owned servers is a much-discussed topic with large grey areas and varying laws in different countries.

In general, that legality is determined by a sample amendment, similar to this one: “the right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.”

In other words, this means that the government and other institutions, organizations, and people, in general, do not have the right to search or control privately owned servers. They should not check what the servers store, except that there is reasonable evidence of illegal content.

A warrant to search a privately owned server would not be issued out of false claims because a judge has to examine whether the given evidence is sufficient. However, web servers are usually quite transparent, and illegal content on them is easily detected.

How is that a grey area then, and how liable are those individuals owning servers?

In the case of illegal content linked to a specific web server, people on the internet can see the server’s content and report it if they deem it inappropriate. If many people do this, it will eventually get removed in many cases.

However, if it is not a web server, then people would have no real reason to examine it without evidence of illegal content. Responding to other people reporting illegal content on one’s server by instantly removing it can make the server owner less liable.

Private Game Servers – Legal or Not?

One interesting legal case is the video gaming industry. Online games usually connect to a central server. That presents the issue of the game being unplayable once the online game and its server are gone.

Many people have chosen to counter this issue by setting up their game servers. That also allows them to change the game, revive old games for nostalgia’s sake or change aspects about it to meet their own needs, and so on.

But how legal is it to set up a private server without the game developer’s permission? Usually, this can happen through leaked or stolen codes, which is illegal in itself as it breaches copyright.

Furthermore, private server hosts often take donations to keep the server running. Emulating current servers is more troublesome than bringing back old games that no longer exist.

More Grey Areas

Another grey zone is whether you are the one hosting the server or playing on it. While hosting may easily be illegal, playing on private servers is not. People doing it can still get in trouble, in any case.

There is a difference between official laws and license agreements that the user has with the gaming company and developer. Playing on private servers can infringe the contract you have entered into with the game developer.

Since copyright is usually concerned with distribution issues rather than private use, it is unlikely you will get fined. Still, if you want to support the game developer because you love the game and want to see more of it coming to life, you should play on the official servers instead. Not to mention connecting to a not official game server can expose your machine to cyber attacks. Most of these not official game servers do not have proper cybersecurity defenses.

The only reason and grey zone that would warrant playing on private servers is if the game’s developers abandoned it with no official server left.