How does business protect its data through Virtual Private Network and Tor?

Information technology security, a word that’s so distant but discussed frequently everyday especially in the business world. What exactly is information technology and what role it plays in daily business settings? A thousand answers may be given by a thousand different interviewees. By definition, “information technology security is the protection of computer systems and networks from information disclosure, theft of or damage to their hardware, software, or electronic data, as well as from the disruption or misdirection of the services they provide.” Simply put, information technology security is a way to prevent your data from being accessed by identities you are not intended to give. However, information technology is an extremely broad topic, involving tons of different components. In this blog, the primary focus is on network security, a type of security designed to protect the usability and integrity of your network and data.

source: https://vpnhaus.ncp-e.com/2017/business-benefits-of-staying-anonymous-online/

Virtual Private Network

VPN is used widely used in the corporation to protect its data traffic between employee’s devices outside of the corporate network and the servers within the corporate network. VPN extends a corporate network through encrypted connections made over the Internet, which means data was encrypted at the data link layer and network layer through different symmetric and asymmetric encryption technics, such as RSA, SHA, and SSL. Because the traffic is encrypted between the device and the network, traffic remains private as it travels. However, VPN only creates a tunnel between endpoints and servers, it is not able to encrypt information such as IP addresses and some activities monitored by your internet service providers.

source: https://www.cloudflare.com/learning/ddos/glossary/open-systems-interconnection-model-osi/

Tor 

Tor stands for anonymity network, s free and open-source software for enabling anonymous communication by directing Internet traffic through a free, worldwide, volunteer overlay network consisting of more than seven thousand relays to conceal a user’s location and usage from anyone conducting network surveillance or traffic analysis. Tor is using a specific type of network routing technic called onion routing. Tor didn’t encrypt the data being transferred but simply encapsulated the data in layers of encryption.

source: https://en.wikipedia.org/wiki/Tor_(anonymity_network)

Let’s take a step back, as you all may know, for a message to be delivered from source to its destinations, the message has to be sent from the device, traverse different routers(connecting point) and routes(cables), and then arrive its destination, similar to a physical package being sent from one city to another city, with freeways and connecting hubs. What’s special about onion routing? Similar to onions that have a lot of layers, data(the core of the onion) is being encapsulated with these layers of encryption. Whenever a message arrives at a router/connecting point, a layer is “peeled” so that the connecting point understands where is the next router/connecting point to send the message to. Since each connecting point/router only understands the next and the previous router/connecting point of this message, it is neither able to figure out its destinations and sources nor able to have an overview of the routes the message traversed.

Thus, Tor is an incredible privacy tool, while VPN can increase privacy by encrypting the data. Use them together would provide incredible security for corporate users.

source: https://www.cybersolutions.ga/2015/09/what-is-onion-routing.html

Business Cases:

VPN and Tor can be used in business in three main ways: to support basic information processing tasks, to help decision-making, and to support innovation. Information technology security is used to help streamline tasks from computing and printing payroll to creating presentations. The financial department is using information technology security to assist in sending sensitive data for analysis and protecting data from being manipulated and monitored by threats. The business also uses information technology to save customers’ data. Network security plays an important role in all of these business cases.

However, there are also drawbacks and risks of using top security measures to protect its data. The first and foremost one is efficiency and speed. With all of these complicated security placed on top of the data being transferred, large computation power and time is needed to make encryption and decryption. If the data being transferred is time-sensitive, companies may consider balancing its efficiency and security.

8 comments

  1. olivia_levy8 · ·

    Great job digging into this topic! I took a class last semester in which we spoke a little bit about using Tor and the professor did a demo for the class as well. I had not thought of it much in a business context so your blog really added another angle. The few things I remember about the demo were that the user interface was just ok. It definitely seemed a little dated which is a trade off. I also remember that when he pulled up Tor and went to any website, let’s say Amazon, the browser was in German since that was the connection point that they had him coming from. This could be a little annoying and time consuming to constantly switch the language, as you mentioned with the drawbacks. One personal use he did mention was when a family member was sick with cancer, when doing research he would do it in Tor, not as much to not be tracked but more for the sake of not having targeted ads reminding him of the illness and situation during work and everyday tasks. Great blog overall!

  2. I do have TOR installed on my machine, and I can definitely notice a performance lag when I use it compared to Chrome/ Firefox.

  3. shaneriley88 · ·

    Fascinating post Lewis! I never fully knew what Tor was. The logic behind it makes total sense now. I appreciated the simple description you used for both VPN and Tor. Knowing that you come from a computer science I can appreciate the thought behind the blog and the effort you went through to keep things simplified. My work laptop uses VPN and I use DuckDuckGo on my MacBook. Does DuckDuckGo use the same techniques that Tor does?

    1. I’m glad you use VPN and DuckDuckGo to protect your data. I didn’t use DuckDuckGo before, but it seems like duckduckgo is a search engine that doesn’t track your activities. While Tor is used to protect you from attacks of ISP and Man-in-the-middle (they attack you by inspecting your data transferred in cables/routers)

  4. sayoyamusa · ·

    Excellent post, Lewis! I didn’t know Tor, but your clear explanation, especially analogy of onion has made it clear what it is and how it works. While I guess cybersecurity is not an “exciting” area of information technology, it is definitely critical and a must-do thing for companies. In fact, my company (more specifically, one of the group companies abroad) had a serious cyberattack by hackers a year ago…Thank you for educating me about one of the most relevant topics! This will be helpful for me to catch up with what was happening back in my company.
    As your awesome post has inspired me to take a quick look at more information about Tor, I’ve found the article saying, “one of the common misconceptions is that Tor is only used by criminals.” Now I know that most reliable people (you and Prof. Kane) are using it, I would be comfortable with this tool, but this reminds me that technology always has a dark side.
    Here’s the link to the article: https://www.eff.org/deeplinks/2014/07/7-things-you-should-know-about-tor

  5. lourdessanfeliu · ·

    Very informational post! I never knew what TOR was and how it worked but now I feel I have a good sense of how it works. The same with VPN, I use it every day at work but never really understood the theory of what VPN is.

  6. I echo Lourdes’ sentiment. Very informational. VPN itself is utilized alot in business today to enable remote workers to have access securely to company files. What I didn’t know until after reading the article is how Tor can be used for business. Previously, I thought that Tor was a browser primarily used outside of work that allowed people to browse without fear of being tracked by cookies and such. I could see how companies that are IT light might use Tor so that they don’t incur millions in Cyber Security costs.

  7. Chuyong Liu · ·

    Very good post! Especially I have just read Jie’s post about VPN and was thinking about digging deeper into how it could protect users as an extra layer of security. I have heard from my tech friends about building VPN is like building a ladder. I have never properly understood that frame until I saw your picture demonstration. It seems like a business can be protected with VPN and tor technologies but I am curious why cybersecurity issues can still be such a big issue that tens of thousands of firms are deeply bothered with.

%d bloggers like this: