Category Archives: Internet Security
Sullivan County uses NYSSOC to combat cybersecurity threats – Spectrum News
Cybersecurity threats are a worldwide issue.
New York state is working to combat this with its New York State Security Operations Center (NYSSOC).
Sullivan County is the first county to start utilizing the NYSSOC.
It allows the state to monitor for cyber threats with a goals of preventing them and improving responses to incidents.
The county, as well as the state, as well as the nation, are under attack constantly from foreign adversaries just looking to wreak havoc on the infrastructure and environment that we work in and with. So, it's important for us to know what's happening quickly, to be able to respond quickly, and to mitigate those risks as quickly as possible, said Commissioner of Information Technology Services and CIO for Sullivan County Lorne Green.
The NYSSOC facility is based in Brooklyn and is dedicated to detecting and responding to real-time threats 24/7.
Anything that they see that, you know, red flags, anything, even some minor occurrences that go through, they will alert us. And then, we can take action on those to either let them know that this is a low priority, high priority, medium, and then, whatever that comes through as, we can take action, said Deputy CIO for Sullivan County Dan Smith.
OfficialssaidSullivan County went live with NYSSOCin late March. It wasselected due to relationships with New York State Homeland Security and the States Center for Internet Security.
Officialscollected log data from security appliances and servers to feed to NYSSOCto get the project rolling.
They then parch that data and put it into their recording solution for analysis and further determination as to whether or not there are any incidents that need to be addressed, Green said.
One ofthemajor aspects of thiseffortis ensuring threats are being tracked even when local information technology services staff members are not there.
I can sleep a whole lot better at night, Green said.
Having the tools in place to make it easier for us to function and to allow people to do their jobs without as much worry, you know, of just regular things coming in and possibly taking us down, it's just it's very reassuring mindfully, Smith said.
Expertssaid the publicshould feel more confidenttheir information is beingprotected because of these changes.
We are attempting to stay on top of the cyber threats that exist and that we are taking appropriate action to mitigate when those occur to protect their data, Green said.
According to Green, Tompkins County will be the next to launch this, and 45 counties have shown interest in subscribing to NYSSOC.
View post:
Sullivan County uses NYSSOC to combat cybersecurity threats - Spectrum News
Wi-Fi Hacking Happens. Here Are 10 Expert-Recommended Tips to Prevent It – CNET
You'll get faster speeds using an Ethernet connection, but there's no denying the convenience of Wi-Fi. The technology makes it possible to connect numerous devices around your home, from laptops and phones to security cameras and streaming sticks, but it's not without its flaws. Aside from a little speed loss, the main concern with Wi-Fi is that it also makes it easier for others -- perhaps unwanted users and devices -- to connect to your network.
Consider the information on your Wi-Fi-connected devices and how accessible that information might be if someone gained access to your Wi-Fi network: credit cardnumbers, bank records, login credentials, live camera feeds.
A secure home network will help reduce the risk of getting hacked and having someone access your sensitive information. Not only that, it will keep away unwanted or unauthorized users and devices that would slow down your connection or freeload on the internet service you pay for.
It's fairly simple to create and maintain a secure home Wi-Fi network. Below, you'll find 10 tips for securing your network. Some are more effective than others at keeping hackers and freeloaders at bay, but all are useful in their own way.
Keep in mind that nothing can guarantee absolute security from hacking attempts, but these tips will make it harder for anyone to compromise your network and data. (For more Wi-Fi tips, check outhow to tell if your internet provider is throttling your Wi-Fiand ourtips on how to speed up your Wi-Fi connection).
Here are the basics for protecting your home Wi-Fi network. Keep reading for more information on each below.
1. Place your router in a central location.
2. Create a strong Wi-Fi password and change it often.
3. Change the default router login credentials.
4. Turn on firewall and Wi-Fi encryption.
5. Create a guest network.
6. Use a VPN.
7. Keep your router and devices up to date.
8. Disable remote router access.
9. Verify connected devices.
10. Upgrade to a WPA3 router.
Strong network security starts with a smart setup. If possible, place your router at the center of your home. Routers send wireless signals in all directions, so strategically placing your router in a central location will help keep your connection to the confines of your home. As a bonus, it will likely also make for the best connection quality.
For example, if you have internet in an apartment where neighbors are immediately to the left and right of you, placing your router next to a shared wall could send a strong, and tempting, signal their way. Even if you aren't in an apartment, a good router can cast signals next door or across the street. Placing your router in a central location will help reduce how far those signals travel outside your home.
This should go without saying, but I'm still going to cover it to emphasize its importance. Creating a unique password for your Wi-Fi network is essential to maintaining a secure connection. Avoid easily guessed passwords or phrases, such as someone's name, birthdays, phone numbers or other common information. While simple Wi-Fi passwords make them easy to remember, they also make it easy for others to figure them out. (Here's how to access your router settings to update your Wi-Fi password.)
Be sure to change your password every six months or so or whenever you think your network security may have been compromised.
Along the same lines of password-protecting your Wi-Fi network, you'll also want to keep anyone from being able to directly access your router settings.
To do so, go ahead and change your router's admin name and password. You can log in to your router settings by typing its IP address into the URL bar, but most routers and providers have an app that lets you access the same settings and information.
Your router login credentials are separate from your Wi-Fi network name and password. If you aren't sure what the default is, you should be able to find it on the bottom of the router. Or, if it's been changed from the default somewhere along the way, here's how to access your router settings to update the username and password.
Most routers have a firewall to prevent outside hacking and Wi-Fi encryption to keep anyone from eavesdropping on the data sent back and forth between your router and connected devices. Both are typically active by default, but you'll want to check to ensure they're on.
Now that you know how to log in to your router settings, check to make sure the firewall and Wi-Fi encryption are enabled. If they're off for whatever reason, turn them on. Your network security will thank you.
Before sharing access to your main home network, consider creating a separate guest network for visitors. I'm not suggesting your guests will attempt anything nefarious with your main Wi-Fi connection, but their devices or anything they download while connected to your network could be infected with malware or viruses that target your network without them knowing it.
A guest network is also ideal for your IoT devices, such as Wi-Fi cameras, thermostats and smart speakers -- devices that may not hold a lot of sensitive information and are perhaps more easily hackable than a smarter device such as a computer or phone.
There are a few reasons to use a good VPN, and network security is one of them. A virtual private network hides your IP address and Wi-Fi activity, including browsing data.
VPNs are probably more useful when connected to a public network, but they can still add a level of security and privacy to your home network. Some VPNs are better than others, but like anything, you often get what you pay for. Free VPN services are available, but paying a little extra (just a few bucks per month) will deliver a much better, more secure service.
While software updates can be annoying, they have a purpose, and it often includes security updates. When companies become aware of potential or exposed security vulnerabilities, they release updates and patches to minimize or eliminate the risk. You want to download those.
Keeping your router and connected devices current with the latest updates will help ensure you have the best protection against known malware and hacking attempts. Set your router to automatically update in the admin settings, if possible, and periodically check to make sure your router is up to date.
Remote router access allows anyone not directly connected to your Wi-Fi network to access the router settings. Unless you need to access your router while away from home (to check or change the configuration of a child's connected device, for example), there should be no reason to have remote access enabled.
You can disable remote access under the router's admin settings. Unlike other security measures, disabled remote router access may not be the default.
Frequently inspect the devices connected to your network and verify that you know what they are. If anything on there looks suspicious, disconnect it and change your Wi-Fi password. After changing your password, you'll have to reconnect all your previously connected devices, but any users or devices that are not authorized to use your network will get the boot.
Some devices, especially obscure IoT ones, may have odd default names of random numbers and letters you don't immediately recognize. If you encounter something like that when auditing your connected devices, disconnect them. Later on, when you can't start your robot vacuum cleaner from your phone, you'll know that's what it was.
WPA3 is the latest security protocol for routers. All new routers should be equipped with WPA3, so if you buy a new router, you should have nothing to worry about. However, many people rent their routers directly from the provider, which may not include the most up-to-date equipment.
If your router was made before 2018, you might have a WPA2 device, which lacks the same security protocols as newer WPA3 devices. A quick search of your device's model should tell you when it came out and any specific features, such as whether it has WPA2 or WPA3. If you've got a router with WPA2, call your provider and negotiate for a better, more recent router.
Again, even with the most recent and effective methods of protecting your home network, security will never be 100% certain. As long as there is the internet, hackers and cybercriminals will find ways to exploit it. But with the tips above, you can better keep your network secure from anyone trying to use your connection or access your data.
For more, check out how to find free Wi-Fi anywhere in the world and the ideal location for your router.
Link:
Wi-Fi Hacking Happens. Here Are 10 Expert-Recommended Tips to Prevent It - CNET
WatchGuard report reveals drastic surge in evasive malware – SecurityBrief New Zealand
The latest Internet Security Report from WatchGuard Technologies reveals a drastic growth in evasive malware, a resurgence of "living-off-the-land" attacks, escalating cyberattack commoditisation, and a continued decline in ransomware, amid potential thwarting attempts by international law enforcement targeting ransomware extortion groups.
WatchGuard Technologies, one of the global front-runners in cybersecurity, derived these findings from its unified analysis of top malware trends, as well as threats to network and endpoint security. Most prominently, the data underscores a considerable surge in evasive malware, contributing to a significant rise in total malware. It also highlights the security risk posed by threat actors who exploit on-premise email servers as primary targets.
Corey Nachreiner, Chief Security Officer at WatchGuard, commented, The latest research from the Threat Lab demonstrates that threat actors utilise diverse techniques while searching for vulnerabilities to exploit. This includes targeting older software and systems, stressing the urgency for organisations to adopt a defence-in-depth approach to counter such threats.
Nachreiner continued, Updating the systems and software that organisations depend on is a fundamental step in addressing these vulnerabilities. Furthermore, modern security platforms run by managed service providers can deliver the comprehensive, unified security that organisations require, enabling them to tackle the latest threats effectively."
The Q4 2023 Internet security report discovered that evasive, basic, and encrypted malware all saw a rise, causing an 80% increase in total malware compared to the previous quarter. TLS and zero-day malware instances also surged. Although both JS. Agent. USF and Trojan.GenericKD.67408266 entered the top five most widespread malware variants, both redirect users to malicious links and attempt to load DarkGate malware onto a victims computer.
Another significant finding is the resurgence of "living-off-the-land" techniques with script-based threats increasing by 77% from Q3. Exchange server attacks related to the ProxyLogon, ProxyShell, and ProxyNotShell exploits emerged as four of the top five most extensive network exploits, indicating the need to decrease the dependence on on-premises email servers for better security.
The ongoing trend of cyberattack commoditisation, especially towards "victim-as-a-service" offerings, saw Glupteba and GuLoader establish their presence as two of the most prolific variants during Q4. The former is particularly notorious due to its extensive global victim targeting and its multi-faceted malware-as-a-service (MaaS) capabilities.
In contrast, the report points to a 20% decrease in ransomware detections during the last three months of 2023. This decline suggests successful international law enforcement actions against ransomware extortion groups effectively disrupting their activities.
With data sourced from WatchGuard's active network and endpoint products, the report offers valuable insights into the latest cybersecurity threats and protection methods. This collaborative approach underscores WatchGuards commitment to a unified security platform and to its continuous efforts to combat the myriad of challenges in the ever-evolving threat landscape.
More here:
WatchGuard report reveals drastic surge in evasive malware - SecurityBrief New Zealand
Defending Our Schools: The State of Cybersecurity in K-12 – EdSurge
K-12 leaders tasked with preparing students for the future workforce are doing so amid ever-increasing cyber threats. The dynamic landscape of in-person, virtual and hybrid schooling has made schools vulnerable targets for cyber threat actors (CTAs). While many K-12 organizations struggle to obtain resources to strengthen cybersecurity, those that employ security best practices consistently report higher levels of cyber maturity.
Over the past 20 years, the Multi-State Information Sharing and Analysis Center (MS-ISAC) has been committed to its mission of fostering collaboration and information sharing across 16,000 U.S. State, Local, Tribal and Territorial (SLTT) government entities, with K-12 organizations representing the largest and fastest-growing segment. In pursuit of its mission, the Center for Internet Security, Inc. (CIS) and MS-ISAC collected data for the 20222023 school year through the Nationwide Cybersecurity Review (NCSR) and other first-hand sources, presenting findings in the CIS MS-ISAC Cybersecurity Assessment.
The rest is here:
Defending Our Schools: The State of Cybersecurity in K-12 - EdSurge
WatchGuard Report: 55% of Malware Attacks in Q4 2023 Were Encrypted, a 7% Rise from Q3 – The Fast Mode
WatchGuard Technologies on Wednesday announced the findings of its latest Internet Security Report, detailing the top malware trends and network and endpoint security threats analyzed by WatchGuard Threat Lab researchers. Key findings from the data show a dramatic surge in evasive malware that fueled a large increase of total malware, threat actors targeting on-premises email servers as prime targets to exploit, and ransomware detections continuing to decline, potentially as a result of law enforcements international takedown efforts of ransomware extortion groups.
Among the key findings, the latest Internet Security Report featuring data from Q4 2023 showed:
Consistent with WatchGuards Unified Security Platform approach and the WatchGuard Threat Labs previous quarterly research updates, the data analyzed in this quarterly report is based on anonymized, aggregated threat intelligence from active WatchGuard network and endpoint products whose owners have opted to share in direct support of WatchGuards research efforts.
For a more in-depth view of WatchGuards research, download the complete Q4 2023 Internet Security Report here: https://www.watchguard.com/wgrd-resource-center/security-report-q4-2023
Corey Nachreiner, chief security officer at WatchGuard
The Threat Labs latest research shows threat actors are employing various techniques as they look for vulnerabilities to target, including in older software and systems, which is why organizations must adopt a defense-in-depth approach to protect against such threats. Updating the systems and software on which organizations rely is a vital step toward addressing these vulnerabilities. Additionally, modern security platforms that are operated by managed service providers can deliver the comprehensive, unified security that organizations need and enable them to combat the latest threats.
See the rest here:
WatchGuard Report: 55% of Malware Attacks in Q4 2023 Were Encrypted, a 7% Rise from Q3 - The Fast Mode
Generative AI, cyber insurance fill out city CISO toolbelts – StateScoop
Local government cybersecurity officials said during an online event Tuesday that procurement, cybersecurity insurance and generative artificial intelligence are all tools they can use to combat ransomware.
Officials said they continue to be concerned with ransomware attacks, a longstanding threat to the public sector that rose 51% during the first eight months of 2023 compared to the same period a year earlier, according to the Center for Internet Security.
Unfortunately, Atlanta several years ago had a ransomware attack. So that is very fresh in their minds, Atlanta Chief Information Officer Alan Greenberg said during StateScoop and EdScoops Cybersecurity Modernization Summit. They are very incentivized to make sure they put in all of the proper protections.
Local agencies often have strict procurement rules to ensure government has the opportunity to spend tax dollars on the most effective and cost-efficient technologies. But those slow processes can become obstacles to rapid response.
This is a lessons learned make sure you understand your entitys emergency procurement process, said Brian Gardner, chief information security officer of Dallas, which last year suffered a ransomware attack that knocked offline the court system and Dallas Police Department website. When you have a [cyber] event, you dont want that to be a tripping point for yourself to slowing your ability to recover down.
Gardner urged security officers to familiarize themselves with state and local emergency contracting protocols so they can be ready for cyberattacks.
Kim Lagrue, New Orleans security chief, said shes an advocate for cybersecurity insurance, which can help offset costs from common cyber risks, including data breaches and ransomware.
Cybersecurity insurance gave us a blanket move forward, Lagrue said. But many areas, small municipalities, smaller organizations, struggle to afford cyber security insurance, as the premiums have escalated so high.
According to a 2022 survey by the nonprofit CompTIA , 92% of local governments have a governmentwide cybersecurity policy for employee behavior and operations. The report found that while cyber policies can help mitigate the cost of malicious attacks, they do not always provide municipalities enough coverage to offset the full cost of recovery.
Officials said that generative artificial intelligence is making ransomware attacks more sophisticated, but likewise gives governments a powerful tool to detect threats. Lagrue said its important to educate government employees on cybersecurity awareness and emerging technologies.
Were talking to people at the mayoral level and our CIO or city managers level and saying these are the things that our environment could face as technologies evolve and expect that ransomware or our security threats will advance, Lagrue said. We are giving them good use-cases for generative AI and just being hyper vigilant about what generative AI could bring to an organization.
Link:
Generative AI, cyber insurance fill out city CISO toolbelts - StateScoop
These Are the Best Antivirus Apps for Macs in 2024 – Lifehacker
There are certainly fewer viruses around targeting Macspartly because it makes more sense for bad actors to target Windows, which has a significantly bigger user basebut macOS is certainly not immune to viruses. Don't think that just because you own an Apple computer, you don't have to worry about malware.
Your Mac comes with some impressive security features built right in, including XProtect and Gatekeeper, but there's no harm in installing extra protection for extra peace of mindthe right antivirus tool is only going to improve your Mac's defenses, and some of the best anti-malware software developers out there offer packages for macOS.
What's more, they often come with extras besides the virus-fighting capabilities, including web tracker blocking and junk file removal. Here we've picked out our current favorites, weighing up everything from the ease-of-use of the interface to the range of features.
Malwarebytes for Mac offers a clean, straightforward interface. Credit: Lifehacker
Malwarebytes is an antivirus tech veteran, and its Malwarebytes for Mac software comes with a variety of useful features: An at-a-glance look at your computer's current safety status, basic VPN features to improve the privacy of your web browsing, and quick and easy manual scans that run a comprehensive audit of all the files on your system.
Okay, it's not the most feature-packed security tool out there, but it does the basics (like scheduled scanning) very well, and couldn't be any easier to use. The basic Malwarebytes for Mac scanner is free, while the Premium version (from $6.67 a month after a 14-day trial) offers round-the-clock protection and the additional VPN shield for connecting to the web.
Intego Mac Internet Security X9 gives you a comprehensive set of features. Credit: Lifehacker
Few companies take Mac security as seriously as Intego does, and it makes several antivirus packages available for macOS, including Intego Mac Internet Security X9: It'll protect against viruses and other network attacks, and comes with protections against fraudulent websites and email threats too, all wrapped up in an intuitive interface.
A lot of what Intego Mac Internet Security X9 does to keep your computer safe happens automatically without much input from you, including malware definition updates, but you can run scans manually. You'll have to pay from $49.99 per year to use the software on your system, but you can try it out free of charge for 14 days to see if you like it first.
Bitdefender Antivirus for Mac includes some useful extras. Credit: Lifehacker
Bitdefender is another of the long-serving security software brands that you can trust, and it offers a variety of solutions to protect your Mac. Bitdefender Antivirus for Mac is the cheapest of those solutions, which will set you back $59.99 per year after the 30-day trial has expired (though at the time of writing, you do get a discount on your first year).
In return for that cash you get real time protection against viruses and ransomware, you get the blocking and removal of adware on the web, you get a basic VPN service, and you get additional tools for staying safe while shopping and banking online. Everything is handled in a smart interface that keeps you right up to date with your security status.
AVG Antivirus Free is a simple and free solution. Credit: Lifehacker
If you're in the market for a free and lightweight antivirus tool for macOS, then AVG Antivirus Free fits the bill: It's not particularly advanced (hence the free bit), but it can do a comprehensive virus scan of your system for you, and if you need extra protection and features then there are premium options too (starting at $59.88 for the first year).
Everything is straightforward to use, from the smart scan that you can launch manually, to the file shield feature that interrogates every new file that gets added to your system to make sure it's safe to use. You also get an impressive level of customization, considering this is a free piece of software, so you can turn off features you don't think you need.
Avast Free Antivirus is one of the more advanced free options. Credit: Lifehacker
Another free antivirus tool for macOS that's worthy of your consideration is Avast Free Antivirusand as with the AVG package, more advanced programs are available if you're prepared to pay (from $49.99 for the first year). It's a little more advanced than the AVG option above, but they're pretty similar (AVG and Avast are run by the same company).
The extra options you get here versus the AVG package include a network scanner, and a traffic monitor for measuring the data usage of your appsso you can tell if an app is using up more bandwidth than it really should. The smart scan is straightforward to use, and you'll also get advice about potential security vulnerabilities before they're exploited.
Excerpt from:
These Are the Best Antivirus Apps for Macs in 2024 - Lifehacker
Commonwealth training on internet safety praised by Papua New Guinea judges | Commonwealth – Commonwealth
Judges in Papua New Guinea have commended a new Commonwealth training course aimed at upskilling them to handle cybercrime cases and make the internet safer for their citizens.
Supported by the United Kingdom, the Commonwealth Secretariat partnered with the Papua New Guinea Centre for Judicial Excellence to organise the training in the capital city, Port Moresby on 12 and 13 February 2023.
More than 40 judges and magistrates attended the training, engaging in simulations to deepen their understanding of cyber threats and computer-based offences.
They were equipped with practical skills to apply internationally recognised good practices within their jurisdictions, gather electronic evidence admissible in courts, and foster cross-border cooperation to prosecute cybercrimes.
Covering topics ranging from protecting user data to authenticating digital evidence, the training course aimed to address the challenges judicial officers often face in tackling cybercrimes, particularly in developing countries.
During the opening session, Justice Les Gavara-Nanu, a Supreme Court judge, commended the timely training and drew attention to the changing landscape of Papua New Guineas criminal justice system.
He underscored the challenge posed by the surge in cybercrime, which requires new approaches to evidence-gathering compared to traditional crimes.
Justice Gavara-Nanu continued:
We need assistance from the Commonwealth Secretariat to deal with these types of cases, from investigation [and] detection to prosecution and adjudication which is what concerns judges and magistrates as adjudicators.
John Carey, Judge Administrator of the Papua New Guinea Centre for Judicial Excellence, echoed Justice Gavara-Nanus sentiments, expressing full support for the training on behalf of the countrys Chief Justice, Sir Gibuna Gibbs Salika KBE.
Reports indicate a disproportionate increase in cybercrimes in the Asia-Pacific region, accounting for 31 per cent of all incidents remediated around the world in 2023.
Cybersecurity threats were estimated to cost organisations in the Asia-Pacific region about US $1.75 trillion in economic losses roughly the size of the worlds 13th largest economy, South Korea.
Addressing the participants remotely, Commonwealth Assistant Secretary-General Professor Luis G. Franceschi said:
Our research shows a particular need for enhancing the skills of judicial officers to effectively adjudicate cybercrime cases.
The knowledge and skills you will gain through training will help you identify practical solutions to the many challenges faced by our countries in making the internet a safer place for everyone.
He urged judges and magistrates to remain vigilant against cyber threats by regularly updating their security protocols, practices and policies while pledging the Commonwealths full support to them in this endeavour.
In her remarks, Anne Macro, the UKs Commissioner to Papua New Guinea, reiterated her countrys commitment to ensuring a safe and trusted cyberspace for all. She emphasised that the UK would continue working with international partners, including the Commonwealth Secretariat, to achieve this goal.
Established in 2018, the Commonwealth Secretariat has trained more than 1,000 law enforcement officers, prosecutors, and judicial officials from 55 Commonwealth member countries.
See original here:
Commonwealth training on internet safety praised by Papua New Guinea judges | Commonwealth - Commonwealth
Best VPN Services of 2024: Reviewed by Experts – Security.org
NordVPN delivers privacy through a number of features, an automatic kill switch and Double VPN, which as the name implies, doubles the VPN encryption for extra privacy. NordVPN has also stayed true to its promise not to keep IP addresses and VPN usage logs.
Our speed with NordVPN varied, but overall, NordVPN was reliably fast. Our speed test readings averaged 225 Mbps and 218 Mbps for downloads and uploads, which was about 90-percent of our 250 Mbps fiber-optic internet network. Thanks to its consistency, we consider NordVPN one of the fastest VPNs we tested. It never once let us down when it comes to bandwidth-heavy activities like streaming and downloading torrent.
>> See More: Download Torrent Privately with The Top VPNs
NordVPNs encryption is beyond reproach. It offers military-grade encryption, a.k.a. 256-bit AES, the highest encryption standard there is. There are additional safety and security measures in place as well. Whenever we connected to NordVPN, for example, it gave us access to a private DNS server, making sure we were not using our internet providers public DNS which could lead to IP address leakage.
With a NordVPN subscription, we ramped up our online privacy with its advanced features, 256-bit AES encryption, and top-notch VPN protocols, namely OpenVPN and NordLynx. We personally enjoyed using NordLynx on our Android, as we found that its about five-percent faster than OpenVPN. We also enjoyed lots of useful extras, like Threat Protection, which kept us out of malicious websites and kept ads out of our browsing experience. NordVPN, in our opinion, is more than just a VPN; its a multi-purpose tool for online privacy.
The VPN protocol is everything for a VPN, which is why its great that NordVPN offers two of the fastest, most reliable, and most secure VPN protocols: OpenVPN and WireGuard in the form of NordLynx. Heres a quick comparison, and for a more in-depth look, heres our comparison of the top VPN protocols.
NordVPN worked well with OpenVPN and NordLynx, but we found the latter more suitable for mobile devices because its lightweight, it adds less overhead data (useful for those in a data plan), and its faster. Our average Android download speed was 225 Mbps with NordLynx and 216 Mbps with OpenVPN. OpenVPn was still our top choice for privacy though, because it was more flexible and robust in terms of encryption.
Although not exactly a cheap VPN, we got more than our moneys worth from NordVPN thanks to its impressive feature-set. It protected us from malicious websites and trackers, gave us rare VPN features like Double VPN, and we found no fault in its performance. Wed happily pay the $1 per month extra cost of NordVPN compared to its competitors. Take a look at its pricing:
FYI: For a limited time, you can get three months of free service if you subscribe to the Standard, Plus, and Complete plan for either one year or two years. The cheapest subscription, Standard for two years, costs only $80.73 or about $2.99 per month.
So, which NordVPN plan is best for you? It depends on you. The Plus and Complete plans include extra digital security tools like a password manager and secure cloud backup, but even the cheapest Standard plan gives all the features we mentioned above.
NordVPN offers best-in-class digital security, making it the ideal option for those who are ultra-concerned about their privacy. That said, even novice and casual VPN users can benefit from NordVPNs impressive suite of extra features.
Surfsharks recent move to the Netherlands might raise some eyebrows since the country is a known member of the Nine Eyes, a government alliance with laws that could undermine the confidentiality of VPNs. However, we didnt bat an eye because Surfshark is known for its privacy practices. Just as we were wrapping up our Surfshark tests, Cure53 released a positive audit report on the privacy of the VPNs server infrastructure.
The speed we got from Surfshark was a mixed bag. We got excellent download speed readings that averaged 228 Mbps, but in some instances, the upload speed dropped to as low as 91 Mbps less than half of our internet speed. The average upload speed, however, was 167 Mbps.
Surfshark more than just kept our online traffic private; it also made sure to keep our VPN use a secret through Camouflage Mode. Enabled automatically in our Windows Surfshark app, this mode made our encrypted traffic seem like normal traffic, which is handy if youre in a country or network that restricts VPN usage. A colleague traveled to China recently and used Surfshark with no issues, despite it not being a government-approved VPN. We should mention that thanks to Camouflage Mode, Surfshark is one of the best VPNs that work in China.
>> Learn More: Must-Have VPNs for Traveling
Surfshark is a feature-rich VPN that offers beyond what most VPNs provide. In addition to the standard functionalities of VPNs, such as encryption and tunneling, Surfshark delivers a host of useful extras, such as the Camouflage Mode we previously discussed. Its also one of our favorite VPNs for Firestick, making it easy to stream content from all over the world.
On top of that, Surfshark can be your all-in-one digital security solution with its new Surfshark One offering, which combines malware protection, data leak detection, a secure search engine, and webcam protection for desktops. Head over to our page on Surfshark pricing to see all your payment options and see us take the antivirus software for a spin in our Surfshark One antivirus review.
VPNs encrypt and hide your browsing data, but those who have access to your network can tell if youre using a VPN based on how your data packets look. This could spell trouble if youre in a restrictive network (like office or school networks) or country (like China) that monitors the use of VPNs. But like we stated, a colleague was able to use Surfshark in China without any problem because Camouflage Mode made their traffic blend in. In VPN terms, this is also known as obfuscation.
Pro Tip: Another feature you might find useful is Alternative ID. Essentially, Surfshark creates an online alias (name, email address, etc.) to use for signing up for email newsletters or creating accounts on websites with shady or vague privacy policies. Alternative ID isnt included in the Surfshark VPN subscription, but is included in Surfshark One.
A nice little side-effect of using a VPN is gaining access to streaming content available outside your country. You can use it to unblock Hulu, for example, if youre outside the U.S., or access Disney+ shows that are not available in your country.
And its not just for Disneys streaming service although yes, Surfshark is one of the best VPNs for Disney+. Surfshark works quite well with any streaming service, including Netflix, HBO Max, Spotify, and even YouTube. It was also one of the most reliable VPN for Prime Video. So the next time youre shopping for the best Hulu VPN or any streaming service, for that matter for your travels abroad, consider taking a look at Surfshark.
Surfsharks Camouflage Mode is a solid stealth-mode VPN feature for users worried about government restrictions. If you think you might get into trouble if you connect to a VPN in school, at the office, or countries that are not VPN-friendly, Surfshark is for you.
Based in the U.S., a member of the Five Eyes alliance, we had reservations about Private Internet Access, but it was immediately cleared after reading its privacy policy and seeing how they operate. We especially liked that users can opt out of providing usage metrics even though they are anonymous like device identifiers and connection events. Most VPNs, even our top-picks NordVPN and Surfshark, collect that data automatically.
Private Internet Access Windows speeds were fast during our tests, averaging 236 Mbps for downloads and 223 Mbps for uploads. Its one of the fastest VPNs for Windows. Its macOS and smartphone connections were also decent (200+ Mbps average), so overall, were happy with how PIAs speed turned out.
By default, Private Internet Access uses 256-bit AES encryption, but it was one of the few VPNs we tested that allow users to choose between 256-bit and 128-bit AES. The latter is less secure, but tends to be faster than 256-bit, which is why we preferred it for less privacy-demanding tasks like streaming Netflix or online gaming.
>> See More: Best Xbox VPNs
Private Internet Access speed on Windows was one of the reasons we considered it one of the best VPNs for Windows, but we also liked how easy it was to customize. The Windows app gave us endless options to personalize how our VPN connected, how it encrypted our data, and how it tunneled our traffic through the VPN. Its that flexibility that allowed us to optimize our VPN connections for different activities from simple browsing to work and even online gaming.
>> Related: The Top VPNs for Online Gaming
Not everything you do online requires Pentagon-level encryption, especially since tougher encryption can slow down your network. With Private Internet Access, we set the balance between speed and security. Fresh off the installation, we got maximum security from 256-bit AES encryption, but whenever we needed faster speeds, we switched to 128-bit AES, which is still secure but significantly speedier. We even found an option to turn off encryption altogether (proxy mode), which came in handy when we just wanted to change our IP address location to access anime from Netflix Japan.
Read More: Best Proxy Servers
A VPNs app can make or break the service. Private Internet Access is a great VPN with just as great an app thats easy to learn to use. Even our office intern, who apparently has never heard of VPNs before, learned to use it in no time. Because of that user-friendliness, Private Internet Access app has garnered high ratings from users.
One thing we really liked about the apps was their flexibility and customizability, which allowed us to fine-tune our connections and get the most out of our Private Internet Access subscription. For example, PIAs split tunneling feature is so advanced, it offers both conventional and inverse split tunneling (see our split tunneling guide for a detailed explanation).
With conventional split tunneling, we were able to exclude apps and websites from a VPN connection. One of the programs we use at work doesnt allow VPN traffic, so we set it to bypass PIAs tunneling on our computers. That way, we can continue to use it while keeping the rest of our device VPN-protected.
On the other hand, inverse split tunneling let us set apps that could connect to the internet only via a VPN connection. For this, we set apps like browsers to make sure were always on a secure line whenever were browsing.
>> Learn More: Are Private Browsers Really Private?
While PIA has pretty good mobile apps, the desktop apps offer the best functionalities. So this VPN is best for people who mostly use desktops for work and play.
UltraVPNs privacy policy discusses how it doesnt log data, but without third-party audits like we saw from Surfshark, theres no way to concretely prove or disprove it. However, when India passed a law requiring VPNs to collect user data, UltraVPN was among the VPNs that abandoned their India servers. It still offers India IP addresses last time we checked, but those are from virtual servers located in Singapore. Thats a good indication of the companys commitment to privacy.
>> More Options: The Best VPNs for India
UltraVPN uses a proprietary VPN protocol called Hydra from its sister company Hotspot Shield, highly-touted for its speed, but UltraVPNs speed wasnt exactly top-notch. Our download and upload speed dropped to about 160 Mbps about 40-percent less than our baseline network speed (250 Mbps). UltraVPN was still fast, but not as fast as NordVPN, thats for sure.
OpenVPN and WireGuard are the default protocols of many VPNs. We like those options because they are proven and tested, but UltraVPNs use of Hydra has a unique appeal. This protocol is exclusive to a few VPNs, so cyberattackers have less interest in exploiting it. It may not be as secure as OpenVPN, but in our tests, UltraVPN has proven enough that it encrypts traffic and hides IP addresses well (no IP address leaks whatsoever).
VPNs need not be complicated. While advanced and innovative features can be useful for some, especially those that need airtight privacy, a simple VPN that can do the job, is affordable, and is easy to use is the kind of perfect VPN for others. UltraVPN checked all those boxes. Thats why we think UltraVPN is the best day-to-day VPN.
While it lacked the advanced features and customizations we saw from Private Internet Access, UltraVPNs performance as a VPN was rock-solid. It gave us decent speeds, bug-free apps for desktops and smartphones, and a respectable number of VPN servers to choose from (1,000 servers in 125 locations). For its price $7.99 monthly or $1.99 per month if you sign up for two years its definitely a cost-effective solution for online privacy.
UltraVPN makes use of a VPN protocol called Hydra. Originally developed by Hotspot Shield, Hydra promises to deliver fast speeds, agile connections, and good security. Its actually one of the best VPN protocols after OpenVPN and WireGuard.
We especially liked UltraVPNs agility when using the Hydra protocol. It reconnected automatically and swiftly even when we changed Wi-Fi networks or switched from mobile data to Wi-Fi and vice versa on our phones. It left very little opportunity for attack. It also made day-to-day use a little bit easier as we didnt have to check our connection as often as we did with less agile protocols like OpenVPN.
FYI: Hydra proved great at protecting IP addresses. It passed our three sets of tests for DNS and WebRTC leaks, two common types of leaks that could happen to VPNs. So even though UltraVPN lacks the commonly offered protocols OpenVPN and WireGuard, Hydra is a great alternative.
>> See Also: What Can Someone Do With My IP Address?
UltraVPN can be quite affordable in terms of pricing. Even its monthly subscription, which is typically the priciest subscription plan of a VPN, costs only $7.99. Just for comparison, our top-pick NordVPN costs $12.99 with a monthly subscription.
If youre looking for a VPN for long-term use, UltraVPNs pricing gets even better. If you sign up for two years, youll pay only $47.76 per month. Thats an average of just $2 per month. See the pricing breakdown below.
The bottom line is, whether youre looking for a short-term or long-term VPN, UltraVPN is a practical choice.
UltraVPN is a good day-to-day VPN for average users, especially with its affordable pricing and easy to use apps. While it doesnt offer as many features as other options, UltraVPN is reliable and fast.
NortonVPN collects more information from users than other options. For example, while Private Internet Access let us opt out of providing aggregate usage data (bandwidth use, device ID, etc.), Norton logged mobile device data and aggregate bandwidth usage. Its still a no-logs VPN, though, as it did not log which websites we visited and IP addresses we used.
Norton Secure VPN ranked 12th in our VPN speed comparison, which is still decent considering we tested 35 VPNs in total. The download speed was impressive. It kept the speed loss to less than 12-percent. However, the upload speed (averaged 84 Mbps) and latency (averaged 120 ms) could be improved.
Norton Secure VPN had a particularly nifty feature where it automatically detected whenever we connected to a suspicious Wi-Fi network, such as password-less coffee shop Wi-Fi, and secured our connection with a VPN tunnel. While not rare, features like that one offer good digital security.
Norton is perhaps most famous for its Norton antivirus software and LifeLock (one of the best identity protection services; read more in our LifeLock review) but it also has a VPN, and its not half bad. Every time we connected to the macOS app, we got a different shared IP address, which is more preferable than static IP addresses because it made it difficult to trace us online. Not only did the IP address change everytime, but the IP addresses it provided us were shared with other users as well. Since online anonymity is what were after, we were satisfied with this VPN app.
Learn more: Static vs Dynamic IP Addresses
How much does the Norton Secure VPN cost, you ask?
Well, if you only sign up for a month on one device, its $4.99. However, for 10 devices for a year, the cost is only $59.99, which amounts to only about $0.50 a per device per month. If you need a VPN for the whole family, this plan is incredibly affordable, and one of the best VPN deals weve seen in a while.
Norton Secure VPN encrypted our web activity and hid our IP address using AES-256, the same encryption that the U.S. government and military use, so you know its secure.
Beyond that, in some locations, the VPN encrypted our web activity and changed our IP addresses multiple times, a process called multi-hop or double hop. That made it that much harder to track us online, from our personal emails to the items we bought on Etsy. No one needs to know about our obsession with vintage cookie jars, after all.
Norton Secure is best for those who are just starting to utilize cybersecurity tools to protect themselves online. Besides being easy to use, Norton Secure is from a brand most famous for its antivirus software.
You might be getting tired of VPNs that say they have a no-logs policy with no data to back it up, but Hotspot Shield actually has proof. In a transparency report, the company released that it received 56 subpoena and government requests in 2018, but that it hadnt been able to provide any information because, again, it doesnt log VPN usage and IP address information.
As you might remember, Hotspot Shield created the Hydra protocol used by UltraVPN. While its supposed fast speeds didnt materialize when we tested UltraVPN, we saw Hydras speed potential from Hotspot Shield. It was the fastest VPN we tested in terms of download speed, averaging 242 Mbps. Thats only four-percent less than our baseline internet speed.
Hydra is Hotspot Shields only VPN protocol. It doesnt use the tried-and-tested OpenVPN or even the newer protocol WireGuard that has been making waves in the VPN market recently. Although it has proven itself in speed, Hydra still has a lot to prove in terms of security. We would have liked to see more VPN protocol options from Hotspot Shield even NordVPN, which has NordLynx, still offers OpenVPN as an option.
Hydras speed played a huge part in why we picked Hotspot Shield. When it came to Netflix-watching parties, Hotspot Shield had us covered with fast speeds on our Mac and Windows computers. We also didnt experience huge delays or lags on Netflix when we used the app on our Android devices, which came in handy during commutes.
Of course, its fast speed was advantageous in more ways than just watching Netflix. Whether for downloading, streaming, or just general browsing, Hotspot Shield kept our data safe without sacrificing speed.
Money Saver: To get discounts, sign up for long term-lengths; typically, one or two-year subscriptions are cheaper than monthly plans.
These days, we see a lot of proprietary VPN protocols VPN protocols made and developed by a VPN company from the best VPN brands. Not many of them, however, can claim to be as fast as Hotspot Shields Hydra Catapult VPN protocol. Thanks to Hydra, the only VPN protocol offered by Hotspot Shield, we notched record-high download speeds during our recent VPN speed testing (more on that below).
Hydra is also plenty secure. Its actually built around OpenVPN, (which if you can remember is one of the most secure VPN protocols), but Hotspot Shield tweaked it a little to give it a boost in speed without compromising security.
We recently tested and compared the speeds of the top VPNs, and even though Hotspot Shield didnt take the top spot, it was right up there. We were most impressed by the download speed, as Hotspot Shield only made a negative 3.17-percent impact on our regular internet speed. That meant that with our roughly 250 Mbps connection, Hotspot Shield maintained an average download speed of over 240 Mbps.
>> Related: What Is ISP Throttling?
Hotspot Shield has strong streaming potential. Plus, Hotspot Shield is affordable, so its best for young people looking to expand their entertainment options without spending much.
Back in 2016, IPVanish faced backlash after providing the U.S. government with data that helped in the arrest of a child predator. Nobodys saying the company should have helped a criminal, but what IPVanish provided to law enforcement demonstrated conclusively that the company was making records of user activity. Thats a no-no for any VPN. Since then, IPVanish has taken a page of Surfsharks playbook. In addition to saying in its privacy policy that it collects no user datano IP addresses, no timestamps, and no browsing histories, IPVanishs has also hired independent firms to audit its service and verify that its complying with that policy.
IPVanish was the second fastest VPN weve tested overall, considering its impressive upload and download speeds as well as network latency. We measured only four- and five-percent decrease in download and upload speeds, respectively, and the VPN kept our network latency well below 80 ms. We tested IPVanish on a Windows laptop and subsequently named it one of the best Windows VPN because of its speed.
IPVanish security doesnt stand out in any particular way, but its admirable that it comes complete with all the features were looking for in a secure VPN. It has a kill switch, it offers several VPN protocol options, it uses 256-bit AES encryption, and it passed our DNS and WebRTC leak tests. All things considered, its a solid and secure VPN.
From Our Notes: IPVanish disconnected unexpectedly once during testing due to server maintenance, which showed us that its kill switch works. Because it stopped all internet connections on our device, the kill switch alerted us that we were no longer getting protection.
What sets IPVanish apart from other companies is its commitment to customer service. We cant tell you how much trouble we have sometimes getting companies to respond to our technical questions. Many VPNs dont offer phone support, and a fair number dont provide answers 24/7.
IPVanish has friendly customer service agents you can talk to any time, via both phone and online chat. Yet, the company doesnt charge any more than other VPNs. A one-year subscription, for example, is just $2.99 a month.
All VPNs can fail at any time without warning; thats just the reality. Thats also why we recommend looking for a VPN with a kill switch just like IPVanish. Its not that IPVanish is unreliable. It only ever got disconnected unexpectedly once, apparently due to server maintenance, but it showed us the kill switch in action. Without it, we would have kept browsing thinking IPVanish is protecting our data. But because it halted our devices network connection the moment IPVanish disconnected, the kill switch alerted us that we were no longer getting protection. We reconnected through a different server and got back online moments later.
All of the VPNs weve reviewed have privacy policies that outline what types of data they collect, why they collect those types of data, and how they use the data. Not all of them, though, have been audited like IPVanish.
The Leviathan Security Group, an independent security and privacy auditing firm, audited IPVanishs privacy and security practices just this year. Theyve found that IPVanishs claim that it doesnt log browsing and usage data is true. The firm also determined that IPVanish is non-invasive to its users privacy, making it a solid VPN for privacy-conscious users.
IPVanish has great mobile apps and its also affordable, so students looking to improve their digital security and privacy, not to mention access blocked sites on their schools network, could benefit from this VPN.
Privacy is ExpressVPNs bread-and-butter, and it made sure to use state-of-the-art technology to remain a top option. It has invested in making its VPN servers run on RAM, which we consider more private than traditional VPN servers that run on hard drives. If you remember, another VPN that offers RAM-only servers is Surfshark, which is number two on this list. That speaks to how high-quality ExpressVPNs network is.
ExpressVPN was middle-of-the-pack in terms of speed. It wasnt great, but it also wasnt bad. It was speedy enough to let us stream movies in 4K resolution. With ExpressVPN connected, our download speed averaged 230 Mbps while our upload speed averaged around 210 Mbps.
ExpressVPN uses a combination of 256-bit AES encryption and its speedy and lightway VPN protocol called Lightway to protect user traffic. It was a solid pairing. We found no IP address leaks from the Lightway protocol and its speed was well-within the average. We also liked how quickly Lightway established tunnels less than five seconds on average which meant we could connect to ExpressVPN anytime without hassle, even when were commuting via the subway.
ExpressVPN excels at doing the one thing every VPN should be able to execute well: Encryption. It uses 256-bit AES as the standard, and then improves on that by offering a swath of secure VPN protocols. ExpressVPN even came up with its own VPN protocol that is both well-encrypted and agile.
Another reason why we like ExpressVPN is how easy it was to install on our Firestick. With the VPN installed, we were able to stream different media libraries from all over the world.
Sure, the slightly higher cost of ExpressVPN may be a bit hard to swallow, but ExpressVPN is nothing if not one of the most secure VPNs around.
ExpressVPN is at the forefront of VPN technology. In addition to adopting existing VPN protocols, it developed a proprietary protocol that is both secure and fast, called Lightway. This VPN protocol runs on only 2,000 lines of code, much less than protocols like OpenVPN. And as a result, its lightweight and it provides a smooth user-experience.
Heres how it compares to OpenVPN:
There are VPNs that we consider leaky because their technology doesnt effectively block IP address and browsing data leakage. ExpressVPN is far from being that, though. Its one of the most secure VPNs on the market, capable of blocking DNS leaks and WebRTC leaks.
In fact, once youre connected to ExpressVPN, you can use its websites WebRTC leak detector to make sure it isnt leaking your IP address through your browsers WebRTC feature. Each time we tested ExpressVPN for those leaks, we didnt find any just the result we were hoping for.
ExpressVPN offers agile data protection, which is particularly ideal for frequent travelers. It has strong privacy features, and its lightweight proprietary VPN protocol also makes it a good travel companion, as it runs fast on most mobile devices and computers.
In our previous tests of CyberGhost, we found that it logged IP addresses in an anonymized format (the IP address is on record, but not tied to a specific user). This raised concerns from us, but fortunately, CyberGhost adjusted its privacy policy. Last we checked, they no longer store IP addresses; just the country of origin of connection requests. Thats an improvement.
Like many of the VPNs here, such as Norton Secure VPN and Ivacy, CyberGhost provided fast download speeds but significantly slower upload speeds. Our upload speed went down by 70-percent, which meant we only got about 75 Mbps from our 250 Mbps network. Fortunately, the download speed, which is usually what matters most to us because we like streaming, remained high with an average reading of 223 Mbps.
In terms of security, we liked CyberGhosts IP address masking in particular. Normally, when trying to access sites like Netflix and Disney+ that block VPNs, theyd occasionally detect that were using VPNs. For example, in our X-VPN review, while we were eventually able to stream Netflix, two of the 10 servers we tried were detected. With CyberGhost, we connected to 10 different servers in different locations, and all of them worked. That was, to some degree, proof that CyberGhost was hiding our IP address well.
CyberGhost has over 7,500 servers in 91 different countries, so although we only tested it out in the United States, wherever in the world you are, you probably wont have trouble connecting either.
The company is based in Romania, not a member of those international surveillance networks we keep mentioning; plus, Romania as a country has almost no data retention laws of its own, making CyberGhost a great pick for privacy.
FYI: CyberGhost offers split tunneling on Android devices only, so if youre using a Windows, Mac, or iOS device, youll only be able to access private and not public networks.
CyberGhost offers a wide array of subscriptions to choose from, and this makes the VPN very flexible. You can sign up for a month subscription to try things out, or go all-in on a one-, two-, or three-year subscription. The best part is, youll get a discount depending on the length of your plan.
The highest discount is over 80-percent off, which you can get by signing a three-year subscription. All in all, youll pay only $56.94 every three years, which breaks down to just over $2 per month.
Read the original post:
Best VPN Services of 2024: Reviewed by Experts - Security.org