|
|
|
Strengths ( Pros ) Vs Weakness ( Cons )[br][br][img src="/storage/emulated/0/Download/VPN-port-fail.jpg"][br][br]Pulling back the curtain, a VPN runs on various VPN protocols that govern the way a VPN client communicates with a VPN server. Different protocols create different ways that connect your device and the internet through encrypted tunnels.[br][br]The history of VPN protocols dates back to 1996 when a Microsoft employee came up with Peer-to-Peer Tunneling Protocol (PPTP). The protocol, though not perfect, allowed people to work from home through a secure internet connection.[br][br]Since then, VPN protocol technology has evolved and, at the moment, there are five widely used VPN protocols. A breakdown of these five VPN protocols complete with their pros and cons is key to understanding VPN protocols in depth.[br][br]PPTP[br][br]As noted above, Peer-to-Peer Tunneling Protocol was the first to be developed, and it is over 20 years old. The protocol relies on encryption, authentication and peer-to-peer protocol (PPP) negotiation. In essence, that means it only needs a username, password, and server address to create a connection.[br][br]Most devices support PPTP and because of how easy it is to set-up and is rather popular among VPN companies. PPTP is incredibly fast, and as a result, people who want to circumvent geo-restricted content prefer the protocol.[br][br]However, the speed comes at the cost of encryption. Of all the protocols, PPTP has the lowest level of encryption. Even Microsoft recommends that people stay away from PPTP because, from a security standpoint where encryption is key, PPTP is extremely unsafe.[br][br]That said, if your only concern is speed, then PPTP is the protocol for you.[br][br]Pros[br][br]Super-fast[br][br][ul][li]Easy to set up and use[br][/li][/ul][ul][li]Nearly all platforms support the protocol[br][/li][/ul]Cons[br][br]Does not support Perfect Forward Secrecy[br][br][ul][li]One of the least secure protocols[br][/li][/ul][ul][li]Firewalls can block PPTP[br][/li][/ul]OpenVPN[br][br]First released in 2001, the OpenVPN protocol has become one of the most popular and widely used protocols. It is an open-source protocol which means coders can add to or edit the protocol, scrutinize the source code for vulnerabilities, and solve identified issues immediately.[br][br]OpenVPN uses SSL technology, and it is available on nearly all platforms, including Windows, Linux, iOS, Android, macOS, Blackberry, and routers. It operates on both Layer 2 and 3, and it contains extra features that facilitate the transport of IPX packets and Ethernet frames. Moreover, it has NetBIOS functionality and depending on the setup; it can share port 443 with HTTPS.[br][br]OpenVPN is incredibly secure thanks to the fact that it uses a 160-bit SHA1 hash algorithm, AES 256-bit key encryption (in addition to others), and 2048-bit RSA authentication.[br][br]That said, OpenVPN has a significant weakness—the amount of latency or rather the considerable delay during operation. With the use of more powerful computers and the use of SSL certificates, one can get around this weakness.[br][br]Pros[br][br]Secure[br][br][ul][li]Easily bypasses firewalls[br][/li][/ul][ul][li]Supports a variety of cryptographic algorithms[br][/li][/ul][ul][li]It is open-source which means it’s easy to vet[br][/li][/ul][ul][li]Supports Perfect Forward Secrecy[br][/li][/ul]Cons[br][br]Needs a third-party software for set-up[br][br][ul][li]It can be difficult to configure[br][/li][/ul][ul][li]Potentially higher latency periods[br][/li][/ul]L2TP/IPsec[br][br]To fully understand Layer 2 Tunneling Protocol (L2TP), it is essential first to mention Layer 2 Forwarding (L2F). Cisco developed L2F soon after the release of PPTP to try and improve on the flaws of PPTP. Unfortunately, L2F wasn’t perfect either.[br][br]Therefore, in 1999, they concerned released L2TP as an improvement on both PPTP and L2F. L2TP combines the best of both L2F and PPTP to provide a more secure and reliable tunneling protocol.[br][br]However, note that L2TP is simply a tunneling protocol and provides neither encryption nor privacy. Due to the lack of encryption, L2TP cannot function as a secure protocol alone and must be paired with IPsec which is a security protocol that carries with it the required encryption. The bundling of L2TP and IPsec protocols leads to the use of something known as double encapsulation.[br][br]In double encapsulation, the first encapsulation will create a PPP connection to a remote host and the second encapsulation will contain IPsec.[br][br]L2TP supports AES 256 encryption algorithms—some of the most secure—and it prevents man-in-the-middle attacks because data cannot be altered when in transit between the sender and receiver.[br][br]Bear in mind that due to the double encapsulation, the protocol has reduced speed. Moreover, the L2TP protocol can only communicate via User Datagram Protocol (UDP). The restriction to UDP means it is easy to block.[br][br]Pros[br][br]Secure according to most[br][br][ul][li]Works in almost all platforms[br][/li][/ul][ul][li]Easy to set up[br][/li][/ul][ul][li]Supports multithreading which increases performance[br][/li][/ul]Cons[br][br]Both Edward Snowden and John Gilmore noted that NSA might have deliberately weakened IPSec which means it can be Compromised.[br][br][ul][li]Firewalls can easily block it because it only communicates over UDP.[br][/li][/ul][ul][li]Slower than OpenVPN due to double encapsulation[br][/li][/ul]SSTP[br][br]Secure Socket Tunneling Protocol (SSTP) is very similar to OpenVPN with the only difference being that it is proprietary software that Microsoft developed and introduced in Windows Vista.[br][br]Just like OpenVPN, SSTP supports AES 256-bit key encryption, and it uses 2048-bit SSL/TSL certificates for authentication. The protocol has native support for Linux, Windows, and BSD systems. The rest, e.g., Android and iOS only have support via third-party clients.[br][br]Pros[br][br]Provides support for a wide range of cryptographic algorithms[br][br][ul][li]Supports Perfect Forward Secrecy[br][/li][/ul][ul][li]Easy to use especially because the protocol is already integrated into Windows[br][/li][/ul]Cons[br][br]Does not do as well on other systems as it does on Windows[br][br][ul][li]It is impossible to audit underlying code because the protocol is proprietary[br][/li][/ul]Summary[br][ul][li][br][/li][/ul]rom the discussion above; the one clear thing is that no one VPN protocol can satisfy all the user requirements. [br]Some VPN protocols prioritize speed while other prioritize security.[br][br]Consequently, it is not a surprise to find a VPN provider that has found a way to incorporate all five in a bid to provide the best possible service. |
|
发表于 2019-04-26 22:46:21
收藏
Like
Stick Card
Jack
