What is a VPN?? Pros and cons of virtual private network VPN
For those who are new to the school, new to the field of Information Technology - IT, to those who work ... they must have heard many times from VPNs, or virtual private networks, virtual personal networks ... So what is a VPN really, what are the pros and cons of a VPN? Let's discuss the definition of VPN with Network Administrators and apply this model and system at work.
1. What is a VPN?
A VPN is a virtual private network, Virtual Private Network, a network technology that helps create a secure network connection when participating in a public network such as the Internet or a private network owned by a service provider. Large corporations, educational institutions, and government agencies use VPN technology to allow remote users to connect to their networks securely.
1 VPN system can connect many different sites, based on region, geographical area ... as the Wide Area Network (WAN) standard. Besides, VPNs use to "diffuse,” expanding Intranet models to transmit information and data better. For example, schools still have to use VPNs to connect between campuses (or between branches and headquarters) together.
If you want to connect to a VPN system, each account must be authentic (Username and Password required). This account authentication information used to grant access through 1 data - Personal Identification Number (PIN), which usually only works for a certain period (the 30s or 1 minute).
When connecting a computer or another device such as a phone or tablet to a VPN, the computer works like it is on the same in-network as the VPN. All traffic on the network sends over a secure connection to the VPN. It helps you securely access in-house network resources even when you're far away.
You can also use the Internet just like you're in the location of a VPN, which offers some benefits of using public WiFi or accessing a blocked, geographically limited website.
When browsing with a VPN, the computer contacts the website through an encrypted VPN connection. All requests, information, data exchange between you and It will transmit to the website in a secure connection. If you use a VPN in the UNITED States to access Netflix, Netflix will see your relationship coming from the United States.
While it sounds pretty simple, a VPN use to do a lot of things:
- Access your business network while away: VPNs are often used by business people to access their business networks, including all resources on the local web, while on the road, traveling, Aids in the in-network does not need to be in direct contact with the Internet, thereby increasing security.
- Access your home network, even if you're not at home: You can set up your VPN to access when you're not at home. This will allow remote access to Windows through the Internet, using files shared in the in-network, playing computer games over the Internet, just like being in the same LAN.
- Browse anonymously: If you are using public WiFi, browsing on non-HTTPS websites, the safety of data exchanged in the network will be vulnerable. If you want to hide your browsing activity so that the data is more secure, then you should connect to a VPN. All information transmitted over the network will now be encrypted.
- Access to websites that block from geography bypass Internet censorship, bypass firewalls,
- Download file: Downloading BitTorrent on a VPN will help speed up file downloads. Itt also helps with traffic that your ISP can get in the way of.
2. Commonly Used Protocols in VPNs
VPN products often have a variety of convenience, efficiency, and security. If security is a top concern, an organization needs to pay attention to VPN supports. Some widely used protocols have problems, while others offer the most advanced security. The best protocols today are OpenVPN and IKEv2.
Learn about VPN protocols
The essence of a VPN protocol is a set of protocols. There are several functions that every VPN must solve:
- Tunnelling (the technique of transmitting data over multiple networks with different protocols) - The primary function of a VPN is to distribute packets from one point to another without exposing them to anyone on the line. To do this, the VPN packages all the data in a format that both the client and the server understand. The data sender puts it in tunneling format, and the recipient extracts it to get the information.
- Encryption: Tunnelling does not provide protection. Anyone can extract the data. Data also needs to be encrypted on the line. The recipient will know how to decrypt data from a particular sender.
- Authentication. For security, a VPN must confirm the identity of any client trying to "communicate" with it. The client needs to verify that it has reached the correct intended server.
- Session Management: Once the user is authentic, the VPN needs to maintain the session so that the client can continue to "communicate" with it for some time.
Generally, VPN protocols treat tunneling, authentication, and session management as a package. Weaknesses in any function are potential security flaws in the protocol. Encryption is a specialization; it’s also challenging, so instead of trying to create a new one, VPNs often use a combination of multiple reliable encryption protocols. Here are the popular VPN protocols and their weak strength.
Weak protocols
Point-To-Point Tunneling Protocol (PPTP)
The oldest protocol still in use is the PPTP (Point-to-Point Tunneling Protocol). It first used PPTP in 1995. PPTP does not specify an encryption protocol but may use some protocols, such as the powerful MPPE-128. The lack of solid protocol standardization is a risk, as it can only use the most vital encryption standard that both sides support. If one side only supports weaker standards, the connection must use weaker encryption than the user expected.
However, the real problem with PPTP is the authentication process. PPTP uses the MS-CHAP protocol, which can easily be cracks in the current period. An attacker can log on and impersonate an authorized user.
IP security (IPSec)
It uses to secure communication, data streams in Internet environments (VPN external environments).
The differences between these modes are:
- Transport mode is only responsible for encrypting data inside packages (data packages - or even know below from payload). At the same time, the Tunnels encrypt all of those data packages.
Therefore, IPSec is often considered Security Overlay because IPSec uses layers of security compared to other Protocols.
L2TP
The L2TP protocol usually works with IPSec encryption algorithms. It is significantly stronger than PPTP but still worries users. The main vulnerability in L2TP/IPSec is the public critical exchange method. The Diffie-Hellman public key exchange is a way for the two parties to agree on the following encryption key, and no one knows about it. A method can "jailbreak" this process, which requires quite an enormous computing power, but then it allows access to all communication on a given VPN.
Secure Sockets Layer (SSL) and Transport Layer Security (TLS)
There is a similar section to IPSec; the two protocols above also use passwords to ensure safety between connections in the Internet environment.
SSL VPN Model
In addition, the two protocols also use Handshake mode - which is related to the particular weakness that likely persists account authentication process between the client and the server. For a connection to be considered successful, this authentication process will use certificates - the account authentication keys store on both the server and the client.
Protocols with better security
IKEv2 (Internet Key Exchange)
IKEv2 (Internet Key Exchange) is rated high security among current protocols. IKEv2 uses IPSec tunneling and has a wide selection of encryption protocols. IKEv2 uses
AES-256 encryption, so it is difficult to crack. IKEv2 uses robust certificate-based authentication and can use the HMAC algorithm to verify the integrity of the data transmitted. IKEv2 supports fast and compelling communication in maintaining sessions, even when the Internet connection is interrupted. Windows, macOS, iOS, and Android all support IKEv2. Some open-source implementations are also available.
Version 1 of the protocol introduces in 1998 and version 2 in 2005. IKEv2 is not one of the latest protocols but is very well maintained.
SSTP (Secure Socket Tunneling Protocol)
SSTP (Secure Socket Tunneling Protocol) is a Microsoft product, supported mainly on Windows. When used with AES and SSL encryption, SSTP offers good security, theoretically. No SSTP vulnerabilities have been found at the moment, but it is likely that a particular weakness persists.
A practical problem with SSTP is limited support on non-Windows systems.
OpenVPN
OpenVPN is an open set of protocols that offer robust security features and have become very popular. OpenVPN first releases in 2001 under the GPL license. OpenVPN is open source, so vulnerability testing is guaranteed. OpenVPN's encryption usually uses the OpenSSL library. OpenSSL supports many encryption algorithms, including AES.
There isn't any support for OpenVPN at the operating system level, but many plans include their OpenVPN clients.
I have the most secure protocol that requires administrators to handle it correctly. The OpenVPN community offers recommendations to enhance the security of OpenVPN.
SoftEther (Software Ethernet)
SoftEther (Software Ethernet) is a new name, first launched in 2014. Like OpenVPN, SoftEther also has an open-source. SoftEther supports the most powerful encryption protocols, including AES-256 and RSA 4096-bit. SoftEther offers more incredible communication speeds than most protocols, including OpenVPN, at a specific data rate. It does not support its operating system but installable on many operating systems, including Windows, Mac, Android, iOS, Linux, and Unix.
As a new protocol, SoftEther is not as supportive as some other protocols. SoftEther doesn't last long enough like OpenVPN, so users don't have much time to test the weaknesses that may appear on this protocol. However, SoftEther is a heavyweight candidate for anyone who needs top-noted security quality.
So which protocol to choose?
The question "Which protocol is the safest?" is challenging to come up with an answer. IKEv2, OpenVPN, and SoftEther are all strong contenders. OpenVPN and SoftEther have the advantage of being open source. IKEv2 has open-source implementations but also exclusive performances. The main security advantage of IKEv2 is its ease of installation, reducing the risk of configuration errors. SoftEther offers perfect security, but users do not have as much time to experience SoftEther as with the other two protocols, so it is very likely that SoftEther still has problems that users have not discovered.
OpenVPN's code has been in place for years for security experts to test. OpenVPN is widely used and supports the most robust encryption protocols. Final decision-making also needs to consider other factors, such as convenience and speed, or whether security is of most significant concern.
3. Advantages and Disadvantages of VPNs
The theory is that, when applied to reality, how VPN will have pros and cons. You invite to continue discussions with Network Administrators.
To build a private network, a virtual personal network, using a VPN is an inexpensive solution. We can imagine this; the Internet environment is the main bridge and communication to transmit data; it is entirely reasonable compared to paying to establish a separate connection with high prices in terms of cost. Besides, it is not cheap to use software and hardware systems to support the account authentication process. Comparing the convenience that a VPN offers along with the cost of setting up your system, it's clear that a VPN is dominant.
But besides that, there are very noticeable disadvantages such as:
VPNs are not capable of managing Quality of Service (QoS) over the Internet, so data packages are still at risk of being lost, risky