With increased attention on copyright enforcement, metadata retention and huge amounts of little and big data collected on everybody, the topic of VPNs (Virtual Private Networks) is increasingly important.
A VPN (Virtual Private Network) is a generic term that is used to describe a communication network that protects your online privacy and secures the information you receive and send. It essentially creates a private network over the public network you are using by creating a point to point connection (client-to-server) using tunneling protocols or/and encryption.
How VPN works
To understand how a VPN protects data, it’s necessary that we first have a clear
understanding of the concept of packets, small data units. When your computer communicates with another computer using TCP/IP (Transmission Control Protocol/Internet Protocol), which is the standard protocol, or language for Internet
communications, the data your computer sends is broken down into small digital
packets. Each packet is given a header that contains important information like
your computer’s address, the destination computer’s address, the amount of data
in the packet and how all the packets have to be recombined to form the original message. The packets are sequenced, sent individually, and assembled into usable data upon arrival. Any packets that are lost in cyberspace are re-requested.
If you have a normal Internet connection, the packets that are sent and received by your
computer can be visible to anybody with the right equipment and software. This is due to the fact that data packets contain text that’s easily readable.
However, if you have a VPN connection, the data sent and received by your computer is transmitted by means of tunneling. Before each packet is transmitted, it’s encapsulated in
a new packet with a new-header. The new header provides routing information so that the packet can traverse a public or shared network, before it reaches the tunnel endpoint. The path that the encapsulated packets travel through is called a tunnel.
When each encapsulated packet arrives at the tunnel endpoint, it’s “de-capsulated” and then forwarded to the destination computer. VPN makes the data sent and received by your computer unreadable by anybody who doesn’t have the proper decryption keys.
Both endpoints of the tunnel must support the same tunneling protocol. Tunneling protocols are operated at either the Open System Interconnection layer 2 (data-link layer), or layer 3 (network layer). The tunneling protocols that are most commonly used
are SSL, IPsec, L2TP and PPTP.
VPN SECURITY
VPN uses encryption to offer data confidentiality. Once your computer is connected to
the internet, the VPN uses the tunneling mechanism that has been described above to encapsulate the encrypted data into a secure tunnel that has openly read headers that can cross a shared or public network.
Packets that are sent or received over a public network through a VPN connection are not readable without the correct decryption keys and as a result it ensures that data isn’t changed or disclosed during transmission.
VPNs can also provide data integrity checks. This is usually performed using a message digest to make sure that the data hasn’t been tampered with during the transmission
process. By default, VPN doesn’t enforce or provide strong user-authentication.
Users of VPNs can enter a simple password and username to gain access to an internal-private network from their home or any other insecure networks. However, VPN supports add on authentication mechanisms, such as RADIUS (Remote Authentication Dial In User Service), smart cards and tokens.
Secure VPN
The following tunneling technologies are commonly used in VPN
1Internet Protocol Security (IPsec)
It was initially developed by the Internet Engineering Task Force (IETF) for IPv6.This standards based security protocol is also generally with the Layer-2 Tunneling Protocol and IPv4. The IPsec design meets most security goals: confidentiality, authentication and integrity.
2Transport Layer Security (SSL/TLS)
It can tunnel the traffic of an entire network (as it does in the SoftEther VPN project and the OpenVPN project) or secure an individual internet connection. A number of vendors provide remote-access VPN capabilities through SSL. An SSL VPN is able to connect from locations where Internet Protocol Security runs into trouble with firewall rules and Network Address Translation. TLS is based on the earlier SSL (Secure Socket Layer)
specification that was developed by Netscape for their Navigator browser. SSL and
TLS are the standard protocols that are used for securing stream based TCP Internet traffic.
3Datagram Transport Layer Security (DTLS)
This is a protocol that is based on TLS that’s capable of securing the datagram transport. It is well suited for securing services and applications that are delay sensitive (and therefore use datagram transport), tunneling applications like VPNs, and applications that tend to run out of socket buffers or file descriptors.
4MicrosoftPoint-to-Point Encryption (MPPE)
It’s a method of encrypting data that is transferred across Point-to-Point Tunneling Protocol (PPTP) VPN connections or Point-to-Point Protocol (PPP) based dial up connections.
5Microsoft Secure Socket Tunneling Protocol (SSTP)
It tunnels Layer 2 Tunneling Protocol or Point-to-Point Protocol (PPP) traffic through an SSL 3.0-channel. It was introduced in Windows Vista Service Pack 1 and Windows Server 2008.
6Multi Path Virtual Private Network (MPVPN)
It enables bidirectional transmission of data over multiple VPN paths. It provides additional security levels due to its patented transmission technique that is called MPSec, which sends data packets randomly over several lines simultaneously. “MPVPN” is a registered trademark that is owned by Ragula Systems Development Company.
7Secure Shell (SSH) VPN
OpenSSH provides VPN tunneling to secure remote connections to inter-network links or a network. OpenSSH server provides a limited number of concurrent tunnels. The VPN feature itself doesn’t support personal authentication.
Speed Of VPN
Speed is one of the most important factors that you should take into consideration when choosing a VPN provider. Not all VPN providers can provide offer top speeds.
Nevertheless, it’s not always the fault of your VPN provider when your VPN fails to perform at its optimum speed. In addition to your VPN service provider, there are 3
main factors that may affect the speed of your VPN.
- Internet Service Provider (ISP) – The speed of your VPN connection largely depends upon the speed of your ISP. Your VPN depends on the ISP as a means of transmitting data. Your VPN works in conjunction with your ISP, it cannot bypass it.
- Distance from VPN Servers – It’s recommended that your preferred VPN provider should have many server locations so that you don’t experience problems with your VPN connection. The greater the distance from the VPN server, the more likely you will experience problems with connectivity and speed.
- VPN Protocol Choice – The choice of a VPN protocol also plays a significant role in the speed of a VPN. Some protocols such as PPTP and OpenVPN are faster than others – namely L2TP over/ IPsec. The speed is affected by the level of encryption. 2TP/ IPsec is usually slower than the other protocols because it encapsulates data twice.
You may also experience slower speeds if your VPN service provider relies on outsourcing as a method of providing services. VPN Providers, who opt to write their own codes and maintain their own servers and hardware are able to provide faster VPN connection speedsthan those who don’t outsource their work.
Anonymity Of VPN
If you have a VPN and your computer connects to the internet, all your information is sent to the VPN site, which then relays the information to the internet. Once the data from
your computer has entered the VPN tunnel, it’s hidden from view by encryption protocols so that nobody, not even your ISP, can be able to see’ it. However, because the VPN server can see all the data that is going into and out of the tunnel (and can trace it back to you), it’s important that you choose a VPN provider you trust, and who does not keep logs of your internet activity. Additionally, most VPNs are paid services, so the VPN providers know the identity of the individuals who are using their VPN services because they will have to use methods of payment like credit cards to pay for their VPN connection.
Hence, if any organization or government sends a warrant or a letter to your VPN provider
they’ll be forced to give them turn over all your information or they will be
imprisoned.
