top of page
Search

VPN Protocols

  • Nov 4, 2020

Virtual private networks can use different protocols.


1. OpenVPN is the most widely used VPN protocol, and is considered to be the most secure protocol. There are actually two different versions of OpenVPN - OpenVPN with UDP (User Datagram Protocol), or OpenVPN with TCP (Transmission Control Protocol). The latter is slower, but more stable.

ree

2. Internet Protocol Security (IPSec) differs from OpenVPN in that it does not require a third party application. It works on the network level, rather than using SSL (secure socket layer), like OpenVPN.


3. WireGuard is an experimental VPN protocol that has not been widely adopted. It should offer faster performance, and it was designed for use on cell phones since it switches between network interfaces without dropping the connection.


4. Point-to-Point Tunneling Protocol (PPTP) is an older protocol with security vulnerabilities that should be avoided.

 
 

Split Tunneling

  • Nov 2, 2020

The Tip of the Night for September 30, 2019, discussed using a VPN application to encrypt internet traffic while on public wifi networks. When considering which virtual private network service to subscribe to, check to see if split tunneling is an option. Split tunneling will allow a user to connect to a work server securely, while simultaneously connecting directly on a public network for web searches or video streaming for which the user has no confidentiality concerns. You don't want to slow down traffic by sending it through a VPN server for no reason.


VPN apps like Private Internet Access will allow you specify which applications should use the virtual private network.


ree

Split tunneling can also direct that any traffic to a specific location or from a specific location be done through the VPN.


 
 

State Laws Require Businesses to Will o' WISP

  • Oct 25, 2020

In 2018, Michigan enacted its Data Security Act which applies to persons and entities with licenses from its Department of Insurance and Financial Services.


In order to comply with the act it is necessary to :


1. Prepare a Written Information Security Program (WISP).

2. File a certificate of compliance with the Department each year.

3. Report breaches to the Department within 10 days after discovery.


Massachusetts also has cybersecurity regulations which require that a WISP be filed. A template of a WISP that complies with Massachusetts law and the Gramm-Leach-Bliley Act has been prepared by Thomson Reuters and is available here on the website of the International Association of Privacy Professionals (IAPP). A WISP should cover the following:


1. Define personal information and sensitive information.

2. Designate a person responsible for implementing the WISP.

3. Provide for regular risk assessments.

4. Direct the distribution of information security policies within the organization.

5. Monitor service providers to ensure they comply with WISP.

6. Establish Incident response procedures.


 
 

Sean O'Shea has more than 20 years of experience in the litigation support field with major law firms in New York and San Francisco.   He is an ACEDS Certified eDiscovery Specialist and a Relativity Certified Administrator.

The views expressed in this blog are those of the owner and do not reflect the views or opinions of the owner’s employer.

If you have a question or comment about this blog, please make a submission using the form to the right. 

Your details were sent successfully!

© 2015 by Sean O'Shea . Proudly created with Wix.com

bottom of page