Howto VPn

Howto VPn

In our "How to securely" series we asked our followers what tools they would like a simple guide on to help them stay secure online. There seemed to be a lot of confusion as to what a VPN is and why you should or should not use one. So we asked Peter to help.

Howto VPN

In our “How to securely” series, we asked our followers what tools they would like a simple guide to help them stay secure online. There seemed to be a lot of confusion as to what a VPN is and why you should or should not use one. So we asked Peter to help.

Why are you using a VPN?

The very first question to ask is, why are you using a VPN? There are a lot of misconceptions as to what a VPN offers in the way of safety and security. Here are two myths I hear bounded about all the time.

Myth 1: A VPN secures my traffic

A VPN provides a secure tunnel for traffic from your device. It secures only the traffic from you to the VPN server. From the VPN server onwards, your traffic is dependant on the protocols your traffic is using.

Myth2: A VPN anonymises my traffic

No. False, and very dangerous. The vast majority of VPN providers will immediately hand over your source IP address to any government agency asking for it if there is a good cause. If an ISP provides an abuse complaint to the VPN provider, you can bet on that abuse complaint finding its way to your inbox. We do, however, have three recommendations for “no log” VPN providers below.

So what does a VPN do?

Very simply, a VPN will protect your connection to the internet from your device to the VPN service. It is excellent if you are using it to connect to your business. You are then creating a secure connection into your business and joining that network. It is very effective at protecting you when on the move and connecting to the internet via third-party hotspots. It is the perfect defence from eavesdropping attacks and poisoned or malicious wireless hotspots.

Which VPN Provider?

Let us start with what we use at Hedgehog. Our VPN to our office is OpenVPN. It is cheap, easy to administer and maintain and does the job. When we are on the road, we use ProtonVPN. We use ProtonMail for our email because we love PGP encryption, so ProtonVPN makes a lot of sense us. Of course, there are other options.


ExpressVPN is well-known for its zero-logs privacy policy and is BVI based. It is a high-end VPN with advanced features such as military-grade OpenVPN encryption, DNS leak protection, and a killswitch to stop you from ever accidentally leaking unencrypted data to your ISP. Also, ExpressVPN provides stealth mode, for concealing VPN use from your ISP and evading firewalls in locations such as Iran and China. 


PrivateVPN is a Swedish business with a raved-about service. It may be smaller and younger service than the other providers, but it continually impresses users. PrivateVPN has a zero-logs policy. That means it can be trusted to keep your data trail clear. The Windows client features a killswitch but at this time it not on on the other apps. PrivateVPN is better for Windows users who need healthy levels of privacy, but I wouldn’t use it on other platforms. 


VyprVPN is, like ProtonVPN, Swiss-based; a location that is generally agreed to be great for privacy services. Like the two provides above, VyprVPN has a zero logs policy. It has all the critical features you would expect to get from a premium VPN service. A killswitch, stealth mode, DNS leak protection, and OpenVPN encryption is available with this provider. And, it has easy to use apps for all platforms. This VPN has servers located in over 70 countries, and it is worth giving a test run using its 30-day money-back guarantee.

But I want more Anonymity

Check out our How to Tor and How to be Anonymous guides. They will be on our blog in the next couple of weeks. Until then, surf safe.

  • Recent Articles
Author Details
Founder & CEO at Hedgehog Security

Peter has been in the Information Security world since 1999 and in IT in general since 1996. His work history contains a unique blended balance between the development of exceptional technical capabilities and business knowledge. Peter is a proud father of twins and enjoys GT endurance racing on the weekends.

We would like to keep you informed about our services. Please tick the options below to receive occasional updates via

  • penetration testing steps
    Peter talks to FindMyUkCasino
  • Malware
    SB Tech Breach

    Last week saw SB Tech Breached by the hacking group Maze. It seems that every week the group are announcing more victims.  GameOn asked our CEO Peter Bassill, to give us some insight into the attack. The GameOn article is here.

  • Privacy
    Howto VPn

    In our “How to securely” series we asked our followers what tools they would like a simple guide on to help them stay secure online. There seemed to be a lot of confusion as to what a VPN is and why you should or should not use one. So we asked Peter to help.

  • WhatsApp
    How To Whatsapp Safely

    WhatsApp is among the fastest-growing instant messengers out there, and almost a social network in its own way. But if you are using it, there are some steps you should take to protect your security and privacy.

  • Morrisons Breach Update

    The UK’s highest court ruled that Morrisons can not be liable for a criminal act of a person seeking to harm their business. On April 1st, 2020, a panel of five justices unanimously ruled that Morrisons was not “vicariously liable”.

  • Remote Working Considerations

    With the current pandemic situation, we all need to be taking remote working considerations. While adjusting the work paradym, it is vital to keep a mind’s eye on the security and safety of the businesses information assets

  • Securing Zoom
    How To: Securing Zoom

    In this guide we are looking at how to go about securing zoom. Since the onset of the global pandemic, we have seen surge in “zoom bombing”. This is where people with malicious intent look for in-progress zoom meetings to join and cause trouble.

  • Software Security
    Dell EMC iDRAC memory corruption Vulnerability

    A critical vulnerabiltiy has been identified in Dell EMC iDRAC7, iDRAC8 and iDRAC9. Some unknown processing is affected by this issue. Manipulation with an unknown input can lead to stack based memory corruption.

  • Hiscox Sues for Failing to Disclose Data Breach

    On March 27th, Hiscox Insurance Company Inc. filed a complaint against law firm Warden Grier for concealing a data breach that occurred back in 2016.

  • Software Security
    Privilege escalation on Nginx Controller up to 3.1.x Controller API

    A critical vulnerability has been identified in Nginx Controller up to 3.1.x (web server,) affecting an unknown code block of the component Controller API.

Share on facebook
Share on google
Share on twitter
Share on linkedin
Share on pinterest
Scroll to Top