VSP is a certain screen protected from wiretapping and
interception of the Internet. Imagine that you are sitting somewhere in the
airport and saw with your laptop / iPad an open Wi-Fi network. You will gladly
join her and you will not even suspect that in this way the attacker sitting in
the next chair could intercept all your passwords used during the session. Now
many devices can raise their own Wi-Fi network, so an attacker could easily
lift Wi-Fi on their computer and fumble their 3G Internet, skipping all your
traffic through yourself (and, accordingly, doing anything with it). It can be
protected from this if you use the https protocol to access the site (all
traffic is encrypted). But, firstly, not all sites still use it, and secondly,
it is not included everywhere by default (for example, Facebook), and thirdly,
such connections have recently been compromised and, therefore, are no longer a
The protection from all this is the VPN connection. All your
traffic is encrypted and run through a third-party server, so even if this
traffic is intercepted (you connect to an incomprehensible Wi-Fi or your router
starts to “listen”), it will be encrypted and useless for intruders
(of course, not 100% it’s useless, but at least you’ll have to work hard to
extract something from this).
As a “bonus”, your location (in terms of IP address) on the
Internet changes from physical to where the VPN server is located, to which you
are connected. Thus, for example, you can see content that is only available to
certain countries and is not available in your country. However, do not think
that you cannot be tracked – for this you need to use other technologies.
Two types of VPN providers are common:
1. The first provide unlimited monthly traffic, but only for
one device (i.e., you cannot use the same account on both computers and phones
at the same time, unless it’s the home where you configured the VPN on your
router = all clients will be protected, connected to the router).
2. The second allows you to use on any number of devices,
but with a limited monthly quota for the traffic passed through the server
(correspondingly, the more traffic, the more expensive a month).
The ideal scheme is a combination of two: for a home
computer where you swing a lot, use a provider from the first category.
However, there should be considered that 3G encryption has already been broken.
In addition, as far as I know (correct me, please, if I’m wrong), the data is
encrypted only to the nearest station. That is, it turns out that nothing
prevents the intruders from putting in the neighboring office a mini-cell of
your operator (this is done legally to improve the signal quality in the
office: you need only a fast Internet channel to the office antenna), which is
happy will join your phone and listen to all your traffic (including voice).
The VPN in this case will protect at least the traffic (so, disconnecting, do
not forget to turn it back on).
SH tunnel is a tunnel created by means of an SSH connection
and used to encrypt transmitted data. As the Wikipedia article says, “SSH
(Secure Shell) is an application-level network protocol that allows remote
management of the operating system and tunneling of TCP connections (for
example, for file transfers).”
When using an SSH tunnel, the public traffic of any protocol
is encrypted at one end of the SSH connection, the client, and decrypted on the
other, SSH server.
The SSH protocol supports several work options:
In the first variant, the tunneled application
must have HTTP / SOCKS proxy settings to direct traffic through a local proxy
server to the SSH tunnel. If there are no such settings, then you can use the
program, which sends traffic through a proxy server.
In the second case, you can organize a
practically full VPN connection and do without configuring SOCKS. Beginning
with version 4.3, an open SSH implementation, OpenSSH, can use OSI tunneling
network interfaces of the 2nd and 3rd levels, that is, organize analogues of
Historically, VPN and SSH were meant for different purposes,
which explains their pros and cons.
VPN is designed to provide secure remote access
to corporate network resources. As soon as the computer connects to the VPN
server, it becomes part of the “local” network, and therefore can
receive all its services: shared resources, local VoIP service, it also becomes
possible for NetBIOS-, UDP-, and broadcast requests, policies, etc. Through the
VPN in most cases, the traffic of the entire operating system and applications
SSH was originally intended for secure remote
device management. An SSH connection is a connection to a “specific
device”, not a “network”. Although the SSH masters can do a lot
of cool things with it.
The VPN and SSH protocols are
safe enough except for PPTP. Most possible attacks are reduced to
Man-in-the-middle and the substitution of certificates or keys, but this is a
problem of authentication and user care.