Your Ultimate UPSC Study Material To Crack IAS Exam
Comprehensive content tailored For Success
Virtual Private Network (VPN)- UPSC Current Affairs
May 11, 2022
Today we will discuss Virtual Private Network (VPN) in detail in our daily edition of the Current Affairs Dialog box. Read further to enhance your UPSC Preparation and also find the topic’s relevance to the UPSC CSE syllabus
Prelims: General Science
Mains: Awareness in the fields of IT, Space, Computers, Robotics, Nano-technology, Bio-technology and issues relating to Intellectual Property Rights.
Clickhere to read yesterday’s edition of Current Affairs in case you missed it
Why in the News?
Recently, the Computer Emergency Response Team (CERT-In) has issued a directive that Virtual Private Network (VPN) companies in India must collect and maintain customer data for at least 5 years.
Image Source: The Indian Express
Discuss the role of the Computer Emergency Response Team (CERT-In) in upholding the cyber-security framework in India.
About New Guidelines of Computer Emergency Response Team (CERT-In)
Under the new directions, VPN providers will need to store validated customer names, their physical addresses, email ids, phone numbers, and the reason they are using the service, along with the dates they use it and their “ownership pattern".
In addition, CERT is also asking VPN providers to keep a record of the IP and email addresses that the customer uses to register the service, along with the timestamp of registration.
Most importantly, VPN providers will have to store all IP addresses issued to a customer and a list of IP addresses that its customers generally use.
What data will VPN companies be sending to the Government?
CERT-In will reportedly require companies to report a total of twenty vulnerabilities including unauthorised access of social media accounts, IT systems, attacks on servers which further includes:
Targeted scanning/probing of critical networks/systems.
Compromise of critical systems/information.
Unauthorised access of IT systems/data.
Defacement of website or intrusion into a website and unauthorised changes such as inserting malicious code, links to external websites etc.
Attack on servers such as Database, Mail and DNS and network devices such as Routers.
Identity Theft, spoofing and phishing attacks,
Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks.
About Virtual Private Network (VPN)
The first VPN was developed in 1996 by Microsoft employees, among whom was India-born Gurdeep Singh Pall.
Virtual Private Network (VPN) is a service that helps internet users to stay private online by hiding their (Internet Protocol) IP addresses.
VPN establishes an encrypted connection between the user’s computer and the internet, providing a private tunnel for their data, making them anonymous and blocking anyone from tracking their movements like where they are going or what they are doing.
It is the IP address - a special number unique to the user's internet network– that helps websites, law enforcement agencies, cybercriminals or anyone else looking into an individual’s internet activities and track down their accurate location.
Without a VPN, the user’s IP address is visible to the web. VPNs obscure the user’s internet usage by jumping the signal off multiple servers.
VPN extends through encrypted connections over the Internet.
Since the line is encrypted between the network and the device connected to it, the traffic remains private.
Accelerate your UPSC Preparation with an in-depth video on What is Delimitation in J&K?, by Vishakah Dagur, our Current Affairs Faculty:
Types of VPN
Remote Access VPNs: It uses a secure remote server to connect the users to a private network. A remote-access VPN creates a virtual tunnel between the user's device and the private network to route the user's data.
Site-to-Site VPNs: These types of VPNs are commonly used by large organisations where multiple users need to access shared resources in various locations.
Client to Server VPNs: This type of VPN is particularly useful while accessing insecure public WLANs. It allows clients to connect to the corporate network from their homes and work as if they were present at the office.
Peer-to-Peer (P2P) VPNs: This service is compatible with a peer-to-peer network. This service is useful for users who are searching for a file on a P2P network.
It can locate copies of the file and tries to create connections with the sources that include parts of or the entire requested file.
Safety: It offers safety on the web.Without a VPN connection, websites can see our IP address, and use it to accurately identify your identity and your location.
Encryption: A VPN protects our internet traffic, keeping it encrypted the whole time.
Location Spoofing: VPNs can bypass geo-restrictions.
Getting through online censorship: Many countries have blocked access to various websites, where we simply will not be able to visit the site if we are from that particular region.
A VPN allows you to bypass such restrictions.
Reduced Internet Speeds: Since VPNs require Internet traffic to be routed via a VPN server, it could take longer to reach your destination website.
Restricted Access: VPN users are also often actively denied access to certain websites and services, which you simply won’t be able to visit or use if you’re connected to a VPN.
Privacy: Free VPN providers often log all Internet activity and then sell it to advertisers and others.
Scale of VPN usage in India
Virtual Private Network (VPN) adoption jumped manifold in India in the first half of 2021 as companies moved to secure communication networks as more employees worked from home.
Of India’s 1.38 billion population, VPN installation penetration went up from only 3.28 per cent population in 2020 to 25.27 per cent in the first six months of 2021.
Computer Emergency Response Team (CERT-In):
CERT-In has been operational since 2004.
Ministry: Ministry of Electronics and Information Technology
CERT-In is the national nodal agency for responding to computer security related incidents.
CERT-In has been designated to serve as the national agency to perform the following functions in the area of cyber security:
Collection, analysis and dissemination of information on cyber incidents.