June 1, 2016
Q and A: What You Don't Know About VPN's
June 1, 2016
- Some free VPN providers keep logs, which can get you tracked.
- VPN's use many protocols like PPTP etc., which are vulnerable to an attack.
PPTP (Point-to-Point Tunneling Protocol):
Point-to-Point Tunneling Protocol was developed by a consortium founded by Microsoft for creating VPN over dialup networks. As such, it has long been the standard protocol for internal business VPN (Intranet VPN). PPTP is very insecure (even its co-creator Microsoft has abandoned it and it has been compromised by the NSA).
- Not secure at all (MS CHAPv2 authentication is vulnerable ) Check it out
- Definitely compromised by the N.S.A. Check this Microsoft Security Advisory
L2TP (Layer 2 Tunneling Protocol) / L2TP with IPsec (Layer 2 Tunneling Protocol with IP Security):
Layer 2 Tunnel Protocol is a VPN protocol that, on its own, doesn't provide any encryption or confidentiality to traffic that passes through it. For this reason, it's usually implemented with the IPsec encryption suite to provide security and privacy. L2TP/IPsec is a good VPN solution for non-critical use, although it has been severely compromised/weakened by the NSA. However, for a quick VPN setup without the need to install extra software, it remains useful. It's:
- Easy to set up.
- Available on all modern platforms.
- Faster than OpenVPN.
- May be compromised by the N.S.A (unproven) Check out this source
- Likely deliberately weakened by the N.S.A. (This remains unproven).
- Can have problems with some firewalls.
OpenVPN is a fairly new open source technology that uses the OpenSSL library and SSLv3/TLSv1 protocols, along with number of other technologies. It provides a strong and reliable VPN solution. One of its major strengths is that it's highly configurable, and although it runs best on a UDP port, it can be set to run on any port, including TCP port 443. This makes its traffic impossible to differentiate from traffic using standard HTTPS over SSL (which is used by Gmail). This makes it extremely difficult to block. It's:
- Extremely secure.
- Highly configurable. (Oh yeah.)
- Can bypass firewalls.
- Open source. (That's why I trust them.)
- It needs third-party software.
- It can be a hassle to set up.
Secure Socket Tunneling Protocol was introduced by Microsoft in Windows Vista and, although it's now available for Linux, RouterOS and SEIL, etc., it's still largely a Windows-only platform. It has similar advantages to OpenVPN (such as the ability to use to TCP port 443 to avoid NAT firewall). It's
- Very secure (it depends on the cipher used, but usually has a very strong AES).
- Completely integrated into Windows (Windows Vista SP1, Windows 7, Windows 8).
- Supported by Microsoft.
- Is capable of bypassing most firewalls out there.
- It only really works in a Windows-only environment.
- It's proprietary standard is owned by Microsoft, so it can't be independently audited for backdoors.
- Use well-known VPN providers who assure that they don't keep logs.
- Don't trust free VPN providers. (Nothing is free in this world.)
- Try to use VPN's that use OpenVPN or some similar protocol because it's secure and don't even think of using PPTP.
- Tip me some Cybytes (I would love that).
- Drop a mail at firstname.lastname@example.org (I am always waiting).
- Provide your views in the comments section (I will be glad to read them).
- Share this knowledge as much as you can (You are a great person).