The Dependability of VPN Protocols In the Nutshell
VPN is an example of providing a controlled connectivity over a public network such in coffee shops and airports. Virtual Private Networking utilizes a concept called an IP tunnel, a virtual point-to-point pipe which communication travels between two nodes. This creates a very powerful separator between the traffic inside the virtual pipe and the public Internet connection. The virtual link is created within the router at the entrance to the tunnel by providing it with the IP address of the router at the far end of the tunnel.
A VPN connection can be established today without installing 3rd party software as VPN functionality is embedded with Windows, MacOS and Linux. Whenever the router at the entrance of the tunnel wants to send a packet over this virtual link, it encapsulates the packet inside an IP datagram, similar to a sealed box, which no one can read until it arrives at its destination. The virtual tunnel makes sure that nobody from the outside can monitor the transmission of packets between the two nodes, hence establishing a strong security link free from snooping and espionage.
VPN used to be a technology only used by the corporate computer users, that scenario no longer applies today due to the tight competition of VPN vendors. For many cybersecurity professionals, the commoditization of the VPN market made the Internet a more secure space. Users can even try the VPN service for a hundred or so megabytes a day of traffic until they are sure that the vendor meets their needs for encrypted traffic.
The earliest version of the VPN system was using a technology similar to a DSL Internet connection – PPTP. Point-To-Point Tunneling Protocol is very friendly to old hardware and older versions of Windows, MacOS, and Linux. It is considered as a legacy protocol for VPN which no mainstream consumer VPN vendor promote today as a flagship product.
PPTP then later was partnered with L2F protocol first established by Cisco under an umbrella named L2TP/IPsec. Edward Snowden, the controversial former NSA subcontractor who is now exiled in Russia exposed that the intelligence agency he worked for had been exploiting the weakness of L2TP/IPsec for years until his he appeared in public to spill the beans. Snowden has not fully revealed the details on how NSA breaks L2TP/IPsec VPN, but with an allegation about its weakness, it is enough to dismiss the use of the protocol as insecure.
Secure Socket Tunneling Protocol establishes a strict 1-to-1 tunnel type of VPN system. It uses Transport Layer Security (TLS), entry-level VPN providers offers this type of VPN due to simplicity. The tunnel only exists between the user and the vendor’s server, hence the IP address that will reflect on the website visited is the IP of the vendor’s server and not the user.
Internet Key Exchange 2, AKA IKEAv2 is a Microsoft-solution for VPN. This is bundled with Windows, however just like L2TP/IPsec before it, this protocol has been cracked with a public revealed exploit. This is unsafe to use.
OpenVPN is the most used protocol for VPN online, highly supported by various vendors and well understood by security professionals. Being an open-source protocol, improvements are regularly released as well as bugs are corrected as soon as it is discovered. We recommend that users choose a vendor that either supports SSTP or OpenVPN, as those implementations have proven their security long enough to be considered dependable and reliable.
Julia Sowells862 Posts
Julia Sowells has been a technology and security professional. For a decade of experience in technology, she has worked on dozens of large-scale enterprise security projects, and even writing technical articles and has worked as a technical editor for Rural Press Magazine. She now lives and works in New York, where she maintains her own consulting firm with her role as security consultant while continuing to write for Hacker Combat in her limited spare time.