Five Reasons Why Blocking VPNs is Clearly a Foot in the Mouth Act. Number 03 will Leave You in Splits!
The media is abuzz with the alleged reports hinting that the Government of India might soon ban VPNs to enhance cybersecurity. As swift, intelligent, and effective as that may sound, it is only as logical as banning scalpels to prevent murders. These recommendations cast a big question mark on our national understanding of the cyber domain and belie our image of a budding techno global power!
Besides being purely laughable, this suggested move has several cons associated with it. Let’s take a quick rundown.
[one] VPNs are Implicitly Not Evil!
Virtual Private Networks, by some extrapolations, can be compared to email, messengers, webpage, etc. — just another service on the Internet. A VPN extends a network (primarily private networks) across another network (often the Internet — the public network) and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. The benefits of a VPN include increases in functionality, security, and management of the private network. Encryption is standard, although not an inherent part of a VPN connection.
[two] Work from Home.
It couldn’t have come at a worse time. As a nation, we are still coughing water from the pandemic. The much-talked-about WFH regime has proved to be an effective way to put reins on the growing infections. Work from home setups for most people makes use of VPNs. A VPN enables a person to connect to his office network from his home. If we block the VPNs, we will stop the WFH too.
[three] Banning VPNs is Technically Impossible.
THERE IS NO SUREFIRE WAY TO BLOCK VPNs. Many countries, including China, have already attempted banning VPNs and have failed at it — not because they were technologically challenged, but because they did not consider the inner functioning of this application and were swayed by luddite advisors.
Along with why and how they would be rendered ineffective, these are some common approaches to prevent people from using VPNs.
Block Ports to Block VPN
All internet communication uses logical openings on a system (computer, laptop, iPad, mobile, etc.). These openings (technically, ports) are well numbered, and each number, conventionally, is associated with a certain kind of service. For example, port number 443 is meant to provision all websites using HTTPS; ports number 137 to 139 are used to facilitate printouts through a network printer. Similarly, port no 1194 is conventionally used by the OpenVPN protocol — the most widely used protocol for VPNs.
These port mappings are not etched in stone, and a user can always change them at his convenience. For example, one can run an HTTPS website on port number 115 (instead of the conventional 443) and have it accessed by sharing this information with the portal visitors. By the same logic, when the government blocks port 1194, one can easily select a different port and continue using the VPN. If a user decides to access VPN over port 443 — the government cannot block the port! Because besides blocking the VPN, all HTTPS websites will also stop working.
Domain Blocking
Every application provider on the Internet is referenced using its domain name. For example, if one wants to access Google, the domain name is www.google.com. Similarly, every VPN provider is also referenced using their respective domain names. As a knee-jerk method, the government can go ahead and block the domain names associated with all the VPN providers and make access to the VPN slightly tricky. A user can easily bypass such a hurdle by using a custom HOST file, or by using the services of a secure DNS hinging on some privacy-loving DNS provider. At times one can get lucky by simply trying a new VPN server..
Blocking VPN Traffic
A widespread and notch better method to block VPN is by dropping the ‘VPN’ traffic. Dubbed deep packet inspection (DPI), this technique allows one to identify unique VPN signatures in the SSL traffic. Deep packet inspection is one of the critical components driving the Great Firewall of China.
However, this method can be circumvented by switching protocols. OpenVPN is the most common protocol used for provisioning VPNs. Still, since it is readily detected and blocked by the ISPs, the VPN providers provide the option to switch to different protocols such as PPTP or L2TP/IPSec. The L2TP/IPSec is less likely to be detected.
Some VPN providers have come up with custom obfuscating protocols, which renders the DPI detection method ineffective.
[four] Public Discourses — A Metric to Gauge a Nation’s Standing!
Information Warfare is a convoluted domain for which there exists no playbook. Since most warfare concepts hold good for IW as well, as a nation, one needs to tread these waters carefully.
For instance, one of the most significant barriers to effective deterrence in the information warfare space is the concept of attribution. Like someone correctly said — “you cannot deter unless you can punish, and you cannot effectively punish unless you have attribution.” Notwithstanding that nations exercise deterrence using alternate methods — by showcasing their abilities and understanding via intelligently crafted policies. In this scenario, public discourses concerning technology and especially cybersecurity show the world how good or bad we are in our game! Such a technically challenged address clearly shows us poorly by putting a big question mark on our national understanding of this domain.
[five] The Hydra Effect
The hydra effect or hydra paradox owes its name to the Greek legend of the Lernaean Hydra which grew two heads for each one cut off, and is used figuratively for counter-intuitive effects of actions to reduce a problem which result in stimulating its multiplication.
This step, hopefully, intends to better our stance concerning cybersecurity by curbing cyber-crimes. On the contrary, since the government cannot block VPNs conclusively, many inimical elements will start peddling spurious and even bugged versions of apps/software in the name of a VPN. They would target various sections of our society using befitting garbs, and the problem of cybercrime will multiply manifold
All in all this move is going to be highly counterproductive. Hope it reaches the right ears!!
