NSA recommends: new perspectives for VPNs

In 2017, around 25% of internet users worldwide had a VPN. In 2021, this number has increased to 31% globally: 1 out of 3 people have used a VPN. The global Virtual Private Network Market size is estimated to arrive at USD 92.60 billion by 2027.

But still, until very recently, VPNs were a dark horse (or even a potential trojan horse) in many countries, especially ones that incline towards authoritarian ruling. “Strong leaderships” are reasonably afraid that VPN services will be used by the non-loyal citizens to bypass the restrictions from The Man.

The most recent examples of such an attitude: China, where VPNs have been illegal since the 2010s, Russia, where some of the most popular VPNs were outlawed in 2021, and India where the government is considering the total ban on VPN services across the country.

The reason for this is worded as always: to prevent drug dealing and terrorism. However, a very small percent of VPN usage correlates to the actual crimes, most of the use is for legal and legitimate purposes. Millions of individuals and businesses rely on VPNs, but only the criminal stuff hits the news and is then used for governments’ benefits.

With this being said, it was fascinating to read the VPN-encouraging joint Cybersecurity Information Sheet released by The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA). It seems to be the first such customer-friendly major instruction from the US government.

The paper contains a scrupulous analysis along with instructions such as what factors users should consider when choosing a virtual private network (VPN) and what are the top configurations for secure deployment. While it’s mainly intended for businesses, there is a lot of universal advice applicable for individual users too.

National Security Agency
National Security Agency

Good VPN by NSA’s standards

The agency recommends using only the strongest, approved cryptographic protocols, algorithms, and authentication credentials. According to NSA, a good VPN requires to have strong cryptography and authentication measures. It is also recommended to ensure that a VPN has protection against intrusions, such as the use of signed binaries or firmware images and integrity validation of runtime processes and files.

NSA reminds us that it’s normal to not be able to inspect the product on your own and using it is a risk that you are voluntarily taking, therefore it is always better to choose the service with an already good reputation.

Cyberscoop observes that this guidance is the continuation of NSA and CISA’s focus on recommending defenses against threats to federal agency employees since the COVID-19 forced everyone to work from home. That was also probably one of the main reasons for changing the attitude towards the VPN in general, “the coronavirus has suddenly given the VPN industry a new life”.

Checklist

The previous minor NSA statement on VPS also contained the list of more detailed advice of on what to do & not to:

  1. Don’t use free VPNs, only paid apps from reputable vendors. Earlier in 2021, the data of 21 million users of 3 free VPNs (GeckoVPN, SuperVPN, and ChatVPN) was exposed and sold on the dark web.
  2. Patch in time the known vulnerabilities and follow the cybersecurity news to stay up-to-date and increase awareness.
  3. Only use cryptographic algorithms that comply with CNSSP: encryption sufficient to protect secret-level information (256-bit elliptic curve, SHA-256, and AES-128) and encryption sufficient to protect top-secret information (384-bit elliptic curve, SHA-384, and AES-256).
  4. VPN providers should follow zero-trust security, i.e., no information about users or their actions should be stored by the service provider.
  5. Run only features that are “strictly necessary” (i.e. which principle of work you can understand).
  6. Don’t use default VPN settings and always configure it yourself. Check if the features that you need are active by default (because it could be otherwise). Read here how to set up your own VPN at home.

Optional customizing

This list is relevant for all users, and additional tips were given specifically for companies so they can reduce attack surfaces, besides constantly patching the program.

So, among which VPNs can you choose following this advice? This year, the number of VPN apps in stores has boomed. In addition to large players and tech giant corporations like Nord (an IT company with an impressive portfolio of products), there are quite a few VPN services that are of the same quality, just less heavily promoted.

In terms of technical stuffing, security protocols, and overall functionality, Switcherry VPN is in no way inferior and even offers a greater number of possibilities to its users. Both have the AES-256 military-grade encryption and a zero-trust informational policy (both are from the NSA checklist). Read more about the safest VPN protocols in this review.

The new perspectives for VPN

VPNs are services destined for a great future, possibly at the high point of the technology’s existence. On one hand, the power of the digital world and the need for users’ security are increasing. On the other, authoritarian governments and self-serving corporations restrict access to certain content, and by doing so, they only create demand for services that will help users to get a better online experience. In a few years, VPNs will become as essential a part of online surfing as web browsers are today. With the number of users rapidly growing, you can join them today with one of the most powerful and functional VPN services out there.

Author: Nicolas Cuts

Product Managers at SwitcherryVPN. Have 5 years background in management and marketing. I never stop learning!

Leave a Reply

Your email address will not be published. Required fields are marked *