Q and A: What You Don't Know About VPN's

Hello Awesome Geeks on Cybrary.it!Today, I'm going to write about VPN's as part of my series on different security services including Proxies, VPN's and TOR.You guys can read my previous article, What They Never Told You About Proxies to know my views on proxies and more.I'll try to write this article in non-geeky vocabulary (again), so that everyone can understand it. I have a habit of making some mistakes in my articles so, please forgive me for any mistakes. So, let's get started.....VPN's :- Q. What is a VPN?A. VPN stands for Virtual Private Network. It's a network created with public means of connectivity like the Internet. This kind of network is used around the globe for its great features like encryption, tunneling, cost efficiency and more. It's your number one choice if you want to move from a proxy to a more secure service. Q. Why do we use VPN's?A. All traffic between you and the server is encrypted, which means most people can't get into it that easily. This allows you to use your computer for sensitive tasks, like performing logins into websites without worrying about someone eavesdropping. You can also evade web filtering and blocking by using VPN. Q. How does a VPN work?A. Its work depends upon the protocol and standard implemented for the VPN; I'll just talk about how a simple VPN's work. Whenever you connect to a VPN network, a Point-to-Point connection is established between you and the network. All traffic gets encrypted on your side and gets decrypted on the other end. The encrypted traffic passes through a virtual tunnel, which starts from one end (you) and ends on the other side (network). This process is performed two ways - from client to server and server to client. This prevents anyone from grabbing the data getting transferred. VPN uses heavy-duty encryption. Q.  So where are the Problems?A. Well, getting hacked while using a VPN is difficult, but it's not impossible. Here are some limitations of a VPN:

• Some free VPN providers keep logs, which can get you tracked.
• VPN's use many protocols like PPTP etc., which are vulnerable to an attack.

 Q. Tell me more about Protocols used by VPN's?A. This topic is very difficult and a big mess, so I'll only talk about common VPN protocols and the flaws (without going too deep into the river). This will help you pick the right protocol for the job.

PPTP (Point-to-Point Tunneling Protocol):

Point-to-Point Tunneling Protocol was developed by a consortium founded by Microsoft for creating VPN over dialup networks. As such, it has long been the standard protocol for internal business VPN (Intranet VPN). PPTP is very insecure (even its co-creator Microsoft has abandoned it and it has been compromised by the NSA).

Problems :

• Not secure at all (MS CHAPv2 authentication is vulnerable ) Check it out
• Definitely compromised by the N.S.A. Check this Microsoft Security Advisory

L2TP (Layer 2 Tunneling Protocol) / L2TP with IPsec (Layer 2 Tunneling Protocol with IP Security):

Layer 2 Tunnel Protocol is a VPN protocol that, on its own, doesn't provide any encryption or confidentiality to traffic that passes through it. For this reason, it's usually implemented with the IPsec encryption suite to provide security and privacy. L2TP/IPsec is a good VPN solution for non-critical use, although it has been severely compromised/weakened by the NSA. However, for a quick VPN setup without the need to install extra software, it remains useful. It's:

• Easy to set up.
• Available on all modern platforms.
• Faster than OpenVPN.

Problems :

• May be compromised by the N.S.A (unproven) Check out this source
• Likely deliberately weakened by the N.S.A. (This remains unproven).
• Can have problems with some firewalls.

 

OpenVPN :

OpenVPN is a fairly new open source technology that uses the OpenSSL library and SSLv3/TLSv1 protocols, along with number of other technologies. It provides a strong and reliable VPN solution. One of its major strengths is that it's highly configurable, and although it runs best on a UDP port, it can be set to run on any port, including TCP port 443. This makes its traffic impossible to differentiate from traffic using standard HTTPS over SSL (which is used by Gmail). This makes it extremely difficult to block. It's:

• Extremely secure.
• Highly configurable. (Oh yeah.)
• Can bypass firewalls.
• Open source. (That's why I trust them.)

Problems:

• It needs third-party software.
• It can be a hassle to set up.

 

SSTP:

Secure Socket Tunneling Protocol was introduced by Microsoft in Windows Vista and, although it's now available for Linux, RouterOS and SEIL, etc., it's still largely a Windows-only platform. It has similar advantages to OpenVPN (such as the ability to use to TCP port 443 to avoid NAT firewall). It's

• Very secure (it depends on the cipher used, but usually has a very strong AES).
• Completely integrated into Windows (Windows Vista SP1, Windows 7, Windows 8).
• Supported by Microsoft.
• Is capable of bypassing most firewalls out there.

Problems :

1. It only really works in a Windows-only environment.
2. It's proprietary standard is owned by Microsoft, so it can't be independently audited for backdoors.

 Q. What defensive measures can I take?A. Luckily, when there's a disease, there's a cure. Here are the counter measures you guys can take:

• Use well-known VPN providers who assure that they don't keep logs.
• Don't trust free VPN providers. (Nothing is free in this world.)
• Try to use VPN's that use OpenVPN or some similar protocol because it's secure and don't even think of using PPTP.

 Q. What VPN providers do you recommend?A. Here are some VPN dudes I like and recommend:

• Bitmask VPN (http://bitmask.net)
• Air VPN (http://airvpn.org)

 Some final words:Well, you guys just read an article on VPN and its pros and cons. Sorry if this article got a bit boring, but I'm quite sure that you guys are going to be glad that you read this one. VPN's, if properly used, are highly secure but make sure that you do it the right way.My next article will be about the TOR network and its security. Make sure you read the article about proxies. If you want to support me, you can do the following things:

1. Tip me some Cybytes (I would love that).
2. Drop a mail at usmanaura47@gmail.com (I am always waiting).
3. Provide your views in the comments section (I will be glad to read them).
4. Share this knowledge as much as you can (You are a great person).