Friday, February 8, 2019

What is a VPN? A Beginner's Guide.

VPN

The world has changed a lot in the last couple of decades. Instead of simply dealing with local or regional concerns, many businesses now have to think about global markets and logistics. Many companies have facilities spread out across the country, or even around the world. But there is one thing that all companies need: a way to maintain fast, secure, and reliable communications wherever their offices are located.

As the popularity of the Internet has grown, businesses have turned to it as a means of extending their own networks. First came intranets, which are sites designed for use only by company employees. Now, many companies create their own Virtual Private Networks (VPNs) to accommodate the needs of remote employees and distant offices.

Also read: Best Free VPN that you can trust.

There is an increasing demand nowadays to connect to internal networks from distant locations. Employees often need to connect to internal private networks over the Internet (which is by nature insecure) from home, hotels, airports or from other external networks. Security becomes a major consideration when staff or business partners have constant access to internal networks from insecure external locations.

What is a VPN?

What is a VPN?

VPN (Virtual Private Network) technology provides a way of protecting information being transmitted over the Internet, by allowing users to establish a virtual private “tunnel” to securely enter an internal network, accessing resources, data, and communications via an insecure network such as the Internet.

How VPN Works?

How VPN works
Also readWhat is 5G Network?
  • VPN transmits data by means of tunneling. Before a packet is transmitted, it is encapsulated (wrapped) in a new packet, with a new header. This header provides routing information so that it can traverse a shared or public network before it reaches its tunnel endpoint. 
  • This logical path that the encapsulated packets travel through is called a tunnel. When each packet reaches the tunnel endpoint, it is “decapsulated” and forwarded to its final destination. Both tunnel endpoints need to support the same tunneling protocol. 
  • Tunneling protocols are operated at either the OSI (Open System Interconnection) layer two (data-link layer), or layer three (network layer). The most commonly used tunneling protocols are IPsec, L2TP, PPTP, and SSL. A packet with a private non-routable IP address can be sent inside a packet with a globally unique IP address, thereby extending a private network over the Internet.
Also readWhat is Dark Web?

VPN Security:

VPN Security

  • VPN uses encryption to provide data confidentiality. Once connected, the VPN makes use of the tunneling mechanism described above to encapsulate encrypted data into a secure tunnel, with openly read headers that can cross a public network. Packets passed over a public network in this way are unreadable without proper decryption keys, thus ensuring that data is not disclosed or changed in any way during transmission.
  • VPN can also provide a data integrity check. This is typically performed using a message digest to ensure that the data has not been tampered with during transmission.
Also read: Understanding 2.4 GHz and 5 GHz Network

Types of VPN:

  1. Firewall VPN: This is equipped with both firewall and VPN capabilities. This type of VPN makes use of the security mechanisms in firewalls to restrict access to an internal network. The features it provides include address translation, user authentication, real-time alarms, and extensive logging.
  2. Hardware VPN: A hardware-based VPN offers high network throughput, better performance, and more reliability since there is no processor overhead.
  3. Software VPN: A software-based VPN provides the most flexibility in how traffic is managed. This type is suitable when VPN endpoints are not controlled by the same party, and where different firewalls and routers are used. It can be used with hardware encryption accelerators to enhance performance.
  4. SSL VPN: An SSL VPN3 allows users to connect to VPN devices using a web browser. The SSL (Secure Sockets Layer) protocol or TLS (Transport Layer Security) protocol is used to encrypt traffic between the web browser and the SSL VPN device.

VPN Protocols:

  • IPsec enables a system to select and negotiate the required security protocols, algorithm(s) and secret keys to be used for the services requested. IPsec provides basic authentication, data integrity, and encryption services to protect unauthorized viewing and modification of data. It makes use of two security protocols, AH (Authentication Header) and ESP (Encapsulated Security Payload), for required services. However, IPsec is limited to only sending IP packets.
  • PPTP (Point-to-Point Tunnelling Protocol) is an OSI layer two protocols built on top of the PPP (Point-to-point protocol). PPP is a multi-protocol, dial-up protocol used to connect to the Internet. Remote users can access a private network via PPTP by first dialing into their local ISP. PPTP connects to the target network by creating a virtual network for each remote client. PPTP allows a PPP session, with non-TCP/IP protocols (e.g. IP, IPX or NetBEUI), to be tunneled through an IP network.
  • L2TP (Layer 2 Tunnelling Protocol) is a combination of Microsoft PPTP (Point-to-Point Tunnelling Protocol) and Cisco L2F (Layer 2 Forwarding). L2TP can be used as a tunneling protocol to encapsulate PPP (Point-to-Point Protocol) frames to be sent over IP, X.25, Frame Relay or ATM networks. Multiple connections are allowed through one tunnel. Like PPTP and L2F, L2TP operates on OSI layer two. Layer two VPN protocols encapsulate data in PPP frames and are capable of transmitting non-IP protocols over an IP network.
  • Open VPN is an open source VPN protocol. Since this is an open source user can dig into its code to find vulnerabilities. Being an open source this can also be used in other projects. This is one of the most secure VPN protocol that allows users to protect their data using AES-256 bit key encryption with 2048-bit RSA authentication, and a 160-bit SHA1 hash algorithm.
  • IKEv2 (Internet Key Exchange version 2) is a protpcol developed by Microsoft and Cisco. It is a tunneling protocol that provides a secure key exchange session. It is often paired with IPSec for encryption and authentication. It has native support for Windows, iOS and Blackberry devices. Linux and Andriod support are also available via third-party apps.
Also read: What is Blockchain?
Risks and Attacks:

  • VPN hijacking is the unauthorized take-over of an established VPN connection from a remote client and impersonating that client on the connecting network. 
  • Man-in-the-middle attacks affect traffic being sent between communicating parties and can include interception, insertion, deletion, and modification of messages, reflecting messages back at the sender, replaying old messages and redirecting messages.
  • A client machine may also be shared with other parties who are not fully aware of the security implications. In addition, a laptop used by a mobile user may be connected to the Internet, a wireless LAN at a hotel, airport or on other foreign networks. However, security protection in most of these public connection points is inadequate for VPN access. If the VPN client machine is compromised, either before or during the connection, this poses a risk to the connecting network.
  • A connecting network can be compromised if the client side is infected with a virus. If a virus or spyware infects a client machine, there is a chance that the password for the VPN connection might be leaked to an attacker. In the case of an intranet or extranet VPN connection, if one network is infected by a virus or worm, that virus/worm can be spread quickly to other networks if anti-virus protection systems are ineffective.


Popular VPN Services:

Popular VPN Services

There are many contenders in the market out there. Some of them are free and some are paid. Using the paid ones ensures that you are using a service and that can be trusted. However, using a free one has always a threat of your data being compromised.

Here are some of the best VPN services, since these are paid and has a good user base, you can trust one of these. 

1. ExpressVPN

Express VPN


2. NordVPN

Nord VPN


3. IPVanish

IP Vanish


4. PureVPN

Pure VPN


5. TunnelBear

TunnelBear VPN

1 comment:
Write comments

Featured Post

Watched Everything on Netflix and Prime? Here are 5 more New Shows To Binge-Watch

The weekend is around and I am sure you will find some leisure time for yourself and would like to do some outdoor activities but since th...