Q and A: What You Don’t Know About VPN’s

June 1, 2016 | Views: 13411

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

Hello Awesome Geeks on Cybrary.it!

Today, I’m going to write about VPN’s as part of my series on different security services including Proxies, VPN’s and TOR.

You guys can read my previous article, What They Never Told You About Proxies to know my views on proxies and more.

I’ll try to write this article in non-geeky vocabulary (again), so that everyone can understand it. I have a habit of making some mistakes in my articles so, please forgive me for any mistakes.

 

So, let’s get started…..

VPN’s :-

 

Q. What is a VPN?

A. VPN stands for Virtual Private Network. It’s a network created with public means of connectivity like the Internet. This kind of network is used around the globe for its great features like encryption, tunneling, cost efficiency and more. It’s your number one choice if you want to move from a proxy to a more secure service.

 

Q. Why do we use VPN’s?

A. All traffic between you and the server is encrypted, which means most people can’t get into it that easily. This allows you to use your computer for sensitive tasks, like performing logins into websites without worrying about someone eavesdropping. You can also evade web filtering and blocking by using VPN.

 

Q. How does a VPN work?

A. Its work depends upon the protocol and standard implemented for the VPN; I’ll just talk about how a simple VPN’s work. Whenever you connect to a VPN network, a Point-to-Point connection is established between you and the network. All traffic gets encrypted on your side and gets decrypted on the other end. The encrypted traffic passes through a virtual tunnel, which starts from one end (you) and ends on the other side (network). This process is performed two ways – from client to server and server to client. This prevents anyone from grabbing the data getting transferred. VPN uses heavy-duty encryption.

 

Q.  So where are the Problems?

A. Well, getting hacked while using a VPN is difficult, but it’s not impossible. Here are some limitations of a VPN:

  • Some free VPN providers keep logs, which can get you tracked.
  • VPN’s use many protocols like PPTP etc., which are vulnerable to an attack.

 

Q. Tell me more about Protocols used by VPN’s?

A. This topic is very difficult and a big mess, so I’ll only talk about common VPN protocols and the flaws (without going too deep into the river). This will help you pick the right protocol for the job.

PPTP (Point-to-Point Tunneling Protocol):

Point-to-Point Tunneling Protocol was developed by a consortium founded by Microsoft for creating VPN over dialup networks. As such, it has long been the standard protocol for internal business VPN (Intranet VPN). PPTP is very insecure (even its co-creator Microsoft has abandoned it and it has been compromised by the NSA).

Problems :

L2TP (Layer 2 Tunneling Protocol) / L2TP with IPsec (Layer 2 Tunneling Protocol with IP Security):

Layer 2 Tunnel Protocol is a VPN protocol that, on its own, doesn’t provide any encryption or confidentiality to traffic that passes through it. For this reason, it’s usually implemented with the IPsec encryption suite to provide security and privacy. L2TP/IPsec is a good VPN solution for non-critical use, although it has been severely compromised/weakened by the NSA. However, for a quick VPN setup without the need to install extra software, it remains useful. It’s:

  • Easy to set up.
  • Available on all modern platforms.
  • Faster than OpenVPN.

Problems :

  • May be compromised by the N.S.A (unproven) Check out this source
  • Likely deliberately weakened by the N.S.A. (This remains unproven).
  • Can have problems with some firewalls.

 

OpenVPN :

OpenVPN is a fairly new open source technology that uses the OpenSSL library and SSLv3/TLSv1 protocols, along with number of other technologies. It provides a strong and reliable VPN solution. One of its major strengths is that it’s highly configurable, and although it runs best on a UDP port, it can be set to run on any port, including TCP port 443. This makes its traffic impossible to differentiate from traffic using standard HTTPS over SSL (which is used by Gmail). This makes it extremely difficult to block. It’s:

  • Extremely secure.
  • Highly configurable. (Oh yeah.)
  • Can bypass firewalls.
  • Open source. (That’s why I trust them.)

Problems:

  • It needs third-party software.
  • It can be a hassle to set up.

 

SSTP:

Secure Socket Tunneling Protocol was introduced by Microsoft in Windows Vista and, although it’s now available for Linux, RouterOS and SEIL, etc., it’s still largely a Windows-only platform. It has similar advantages to OpenVPN (such as the ability to use to TCP port 443 to avoid NAT firewall). It’s

  • Very secure (it depends on the cipher used, but usually has a very strong AES).
  • Completely integrated into Windows (Windows Vista SP1, Windows 7, Windows 8).
  • Supported by Microsoft.
  • Is capable of bypassing most firewalls out there.

Problems :

  1. It only really works in a Windows-only environment.
  2. It’s proprietary standard is owned by Microsoft, so it can’t be independently audited for backdoors.

 

Q. What defensive measures can I take?

A. Luckily, when there’s a disease, there’s a cure. Here are the counter measures you guys can take:

  • Use well-known VPN providers who assure that they don’t keep logs.
  • Don’t trust free VPN providers. (Nothing is free in this world.)
  • Try to use VPN’s that use OpenVPN or some similar protocol because it’s secure and don’t even think of using PPTP.

 

Q. What VPN providers do you recommend?

A. Here are some VPN dudes I like and recommend:

 

Some final words:

Well, you guys just read an article on VPN and its pros and cons. Sorry if this article got a bit boring, but I’m quite sure that you guys are going to be glad that you read this one. VPN’s, if properly used, are highly secure but make sure that you do it the right way.

My next article will be about the TOR network and its security. Make sure you read the article about proxies. If you want to support me, you can do the following things:

  1. Tip me some Cybytes (I would love that).
  2. Drop a mail at usmanaura47@gmail.com (I am always waiting).
  3. Provide your views in the comments section (I will be glad to read them).
  4. Share this knowledge as much as you can (You are a great person).
Share with Friends
FacebookTwitterLinkedInEmail
Use Cybytes and
Tip the Author!
Join
Share with Friends
FacebookTwitterLinkedInEmail
Ready to share your knowledge and expertise?
23 Comments
  1. Thank you for the great Article good jb keep it going 😉

  2. The concern I have is that I don’t know or trust VPN owners. If I worked for a three letter government agency (“the number shall be three; four is way out”) I’d simply start a VPN company through shell companies or sell them equipment with backdoors.

  3. It’s very useful, thank you. I just want to add that nowadays it is also possible to check the ip and vpn for anonymity. With the help of such free services as vpn check https://2ip.io/privacy/ for example. It shows the efficiency of you anonymity (vpn) in percentage rate and tries to single out your real ip.

  4. thank you very much got. new things

  5. Thank you very much for the useful info.
    hope you will soon give us the rest of it all

    Thanks once again

    Stay Blessed…Peace

Page 4 of 4«1234
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel