Do you need a VPN for Secure Email in a Wireless Hotspot?
LuxSci has been approached by many people asking for VPN (Virtual Private Network) services. When we ask them why, they indicate that they use wireless hotspots (like at Starbucks and other public places) that are insecure and untrusted and they want to be sure that their email is secure and encrypted there.
This is a very legitimate concern. Wireless hotspots are serious danger zones; we have seen many cases of people who have carelessly used insecure connections to email and had their login usernames and passwords stolen in such places. This can lead to identity theft, the leaking of sensitive company or personal information, and other serious problems. Anyone using public wireless hotspots or other untrusted networks for email and other activities that involve personal information need to take care that the information sent to and from their computers is protected. If the transmission of your sensitive information is protected, then you have nothing to worry about and hotspots can be great places to work.
So, why is a VPN a good solution?
A virtual private network creates a secure tunnel between your computer and the location of the network, which is typically your office or a VPN-service provider. When the VPN is enabled, all Internet traffic travels through it first to get out to the Internet. This means that this secure tunnel secures your email, chat, web browsing, and anything else that you may be doing on the Internet, from malicious users of the local hotspot.
So, if you have a VPN, you can turn it on and know you are safe … from people in the hotspot anyway.
There are some downsides to VPN use
Typically, a VPN costs money. You usually have to have special software installed on your computer and the license to use that software will cost you or the VPN provider money. There are open source VPN solutions (like OpenVPN), but they are complex to setup and get working correctly.
Additionally, a VPN only protects your communications between your computer and the VPN itself. So, in the case where the VPN is in your office, your data travels from your computer to the office over the secure VPN. Any information that then goes on and out to the Internet at large is no longer protected and could still be eavesdropped upon.
Use of SSL is a good alternative to the use of a Virtual Private Network
If your concern is in securing access to your email (POP, SMTP, IMAP, and/or WebMail), then use of a VPN is not the only solution. An email service that provides "Secure Email" will give you the option of connecting to your email over SSL (How Does Secure Socket Later (SSL or TLS) Work?).
When you use SSL to connect to your email or WebMail server, then all communications from your computer all the way to your email server are encrypted and protected from eavesdropping. In fact, once you setup your email program (i.e. Outlook or Thunderbird) to use an "SSL-enabled" connection, it will always be secure no matter from where you are connecting.
All modern email clients and web browsers support SSL very well and it is usually just the matter to "checking a box" to turn it on, if secure email services are an option for you.
The advantages of SSL over VPN are:
- You do not have to remember to enable SSL (like you do for the VPN). Once configured, you are always using SSL and are thus secure even if you are in a hurry and would have forgotten to enable your VPN
- SSL protects your communications all the way to the email servers; a VPN only protects you for part of the trip. Of course, if the VPN is next to the email server, this is a moot point.
- SSL is generally much cheaper than using a VPN
- Most web sites that you use that deal in sensitive information will allow you to login securely over SSL so that your web sessions are secured and cannot be eavesdropped upon.
Of course, if you need other types of communication which are not SSL-enabled to be secure, or if you need access to information behind a company firewall, then a VPN will be invaluable for you. Otherwise, SSL-enabled connections provide as much or more security and protect against forgetfulness.
What does LuxSci provide?
LuxSci does not provide VPN services. However, LuxSci does provide SSL for its users’ POP, IMAP, SMTP, and WebMail connections at no additional cost.
Where can you get VPN services?
If you need a VPN and your office doesn’t offer it, you can check out
- Wireless WPA Security Already Cracking — Be Sure to use SSL!
- Do I need to Buy an SSL Certificate to use Secure Email?
- SSL versus TLS – What’s the difference?
- Receive Secure Web Form Submissions in a Secure Email
- The Case For Email Security