By: Owen Dubiel
May 4, 2021
VPN Protocols Guide
By: Owen Dubiel
May 4, 2021
Using a VPN service when online is one of the most critical professional and personal steps anyone can take to improve their overall security stance. But choosing a VPN service can be easier said than done. Understanding your goals for the service and understanding which protocols are needed to best suit those goals is essential. The last thing anyone wants is to purchase a subscription to find out the VPN protocols supported are those that don't fit your needs. This article will review some of the most commonly used VPN protocols, use cases, and even some recommendations on specific solutions.
Point-to-point tunneling protocol is considered the "Original" when it pertains to VPN-related protocols. Supported by most operating systems, PPTP is widely accepted as the popular choice for enterprise VPN protocols. It is easy to set up, support and deployed to most systems without much rework or configurations. Since PPTP is configured natively into most operating systems, it is relatively easy to find a VPN solution that will support it. Some popular options include NordVPN, PureVPN, and ExpressVPN.
IKEv2 is most commonly found within VPN solutions tailored towards devices. IKEv3, being the predecessor, is very stable and encompasses an acceptable level of security. IKEv2 is an open-source protocol and is not frequently set up without deploying internet protocol security (IPsec). IPsec is a framework of protocols used to encrypt communications between the network and packet layers. A popular option for a VPN solution that supports IKEv2 is WatchGuard. They are one of the only solutions supporting the three central mobile operating systems (iOS, Windows, Android).
SSTP or Secure Socket Tunneling Protocol is simply a means of transporting typical PPP traffic through an encrypted SSL/TLS tunnel. Unfortunately, one of the pitfalls of SSTP is that it is only native to Microsoft as they created it and currently support it. If you are a Windows shop, to begin with, then this may be the approach to take. Keep in mind that becoming too reliant on one vendor for everything could cause an availability issue in the future. Variants of Windows vulnerabilities could exploit SSTP, and also Microsoft is known for automatically collecting performance metrics on its solutions. Nord VPN is one of the preferred solutions that helps to automate the deployment of SSTP. The protocol is built-in by default to Windows devices.
Layer 2 Tunneling Protocol is an extension of the PPTP protocols and the L2F protocol from Cisco. Using PPP to encapsulate the packet and the L2F protocol from Cisco to create a differentiating connection point and additional control outside of the standard PPTP protocol is the best of both worlds. Most ISP providers utilize L2TP to connect to the various devices that they have to manage. Even though the protocol is widely used and accepted, its overall security downgraded due to an NSA breach. Some popular options for L2TP include ExpressVPN, IPVanish, and BulletVPN.
It's key to understand the type of activity occurring over this VPN channel to decide on a protocol and a provider. For example, if you are not sending sensitive data over the wire, a solution like BulletVPN with L2TP enabled may be a good fit. At the same time, a financial company that houses and works with sensitive data may need to consider using a more secure protocol like IKEv2. For more information on VPN protocols, check out Cybrary's website to understand how to find the best fit for your personal or professional use cases.