There are many different VPN service providers that offer different levels of security, speed, and capabilities. See our blog on how to choose a VPN when working from home for further information. VPNs are utilized by consumers and organizations to enable remote access that is secured by changing your IP address and encrypting your internet traffic.
Data to and from your device travels through an encrypted VPN tunnel to the VPN server that acts as a gateway to the public internet. Encryption and ciphers are key to the security of a VPN. A VPN encryption protocol is defined as the process used to generate a secured encrypted path between two computers. VPN encryption protocols vary between different VPN service providers that may impact security, speed, capabilities, and vulnerabilities.
Common VPN encryption protocols are noted below. Encryption protects data from being read or compromised if it is lost or stolen. It is, however, not included in any operating system releases and therefore requires manual installation. Installation only takes a few minutes. The default software has improved over the years and is quite user friendly. OpenVPN is still under active development and some very exciting changes are around the corner in their next major release.
It is versatile, secure, and open source. This means use of strong encryption with Perfect Forward Secrecy. Internet Key Exchange version 2 IKEv2 is a security association protocol that sets the foundation for a VPN connection by establishing an authenticated and encrypted connection between two parties. This includes the Mobility and Multihoming protocol, which ensures the VPN stays connected as the client moves from one connection to another.
This makes IKEv2 a very dependable and stable protocol for mobile devices. As part of the IPsec suite, IKEv2 works with most leading encryption algorithms, which is testament to its security. That being said, the protocol is less efficient when trying to connect out of a highly censored country.
During the Snowden leaks, slides in an NSA presentation revealed they may have found a way to break this procedure. Ultimately, IKEv2 is a reasonably secure and fast protocol. Mobile users in particular may prefer it to OpenVPN due to its stability throughout interrupted internet connections. This protocol has a few convenient features, but various issues prevent it from outperforming its competitors.
Surveillance-minded system administrators use firewalls to block VPNs to prevent users from hiding their traffic. People using L2TP here are an easy target as the protocol uses a relatively small number of fixed ports. L2TP encapsulates data twice; while this can be useful for some applications, it makes it slower compared to other protocols that encapsulate data only once.
Some VPN providers have been known to administer this combination poorly, often using pre-shared keys that are available to download online. While these are solely used for authentication and not decryption, a malicious actor could use this key to imitate a VPN server. This is especially true for legacy devices that do not support OpenVPN. Likewise, you may be able to receive support from Microsoft if you have problems in implementing the protocol. That being said, SSTP is not open-source.
It is therefore not possible to analyse or refute suggestions of backdoors and vulnerabilities, or for security researchers to test for potential weaknesses. Microsoft has been known to cooperate with institutions like the NSA in the past, so some suspect the system may include backdoors that allow these agencies to track targeted users. For this reason, the risks of its close integration with Windows largely outweigh any benefits. WireGuard is a relatively new tunnelling protocol that seeks to offer better performance and faster speeds than OpenVPN.
The protocol is designed to resolve some of the negative issues commonly associated with IPsec and OpenVPN: frequent disconnections, complex setup for users looking to manually configure, extended reconnection times, and heavy codebases which can make it difficult for researchers to spot bugs.
WireGuard aims to surpass traditional protocols by using more modern ciphers. The biggest issue is with security. PPTP is proven to be insecure and very easy to break. Avoid using PPTP unless it is totally necessary for non-critical use. SSTP is a reasonable option for Windows users that trust proprietary tech from Microsoft, while IKEv2 is a fast alternative for the few devices — particularly mobile — that support it. PPTP should only be used as a very last resort. The strength of a cipher is dependent on both the key length and the strength of these formulas.
This affects how fast data can be encrypted and decrypted.
0コメント