VPN Encryption: What is it? How does it work?
Let’s start at the beginning with breaking down what a VPN is and what it does. Firstly, a VPN is a Virtual Private Network, which allows you the user or client to ensure that your network activity is known only to you and the provider. This works similarly to a home private network. Just like a home network the information and files shared through a VPN are secure and kept separate from the rest of the Internet.
A Virtual Private Network is handled as the name implies, virtually, whereas a home network does this same process through a local router that is able to guarantee that your information will remain secure and protected.
How do VPNs work?
So now we know that a VPN is able to secure your information in a way similarly to the security that a home router provides. The only difference is that a local network shared over a common router is not dependent on the Internet to function. While a VPN is done exclusively over the Internet, with this lies inherent risks that need to be mitigated with additional security protocols.
To get started with a VPN the client and the provider will need to install software that allows the machines to communicate with each other while simultaneously ensuring encryption. The provider is usually controlled through a Remote Access Server, or RAS, and allows the transmitted information to be verified through various types of protocols and a tunneling process.
VPN encryption in a nutshell
A VPN Tunnel is an encrypted connection between you, the client, and the host or server. This tunneling process ensures that your information will be encapsulated so that no one will be able to intercept, alter, or even monitor your activity. Tunneling does more than just hide and tunnel your data from the rest of the Internet. Tunneling also ensures that your location will remain only known to you and the server that you are connected to. This is done by sending out the IP address of the host server that the VPN is running through rather then your own IP address, thus ensuring complete anonymity.
These protocols may include:
- Point-to-Point Tunneling Protocol (PPTP): PPTP is one of the oldest protocols around. Due to its simplicity this protocol able to be set up quickly. The lack of complexity allows for big amounts of data to be computed and transmitted at a relatively fast rate. However, due to the fact that it is based off of the authentication protocol of MS-CHAP-v1/v2, that since its introduction has been proven faulty in security analysis testing, may not be recommended if security is of paramount importance.
- Layer 2 Tunnel Protocol (L2TP): L2TP was rolled out as an improvement upon PPTP. L2TP uses an upgraded version of Layer 2 Forwarding Protocol while simultaneously utilizing IPSec’s ability to encrypt and authenticate individual IP packets. Although this offers additional security, the compute time may be slower due to the additional layers that the packets are transmitted through. Another issue that may come up is the communication being blocked by some firewalls that do not allow activity on User Datagram Protocol 500 (UDP 500) Port.
- OpenVPN: OpenVPN is an open source software application that utilizes point-to-point or site-to-site connections that use both SSL and TLS for key exchange. The packets are sent out from the user and are able to be authenticated after a username/password, pre-shared key, or certificate is confirmed. This is one of the most secure and failsafe protocols around. Unlike L2TP, OpenVPN is able to run through UDP or TCP ports allowing it to bypass any firewall. As with any open source software OpenVPN is highly customizable and every-changing.
- Secure Socket Tunneling Protocol (SSTP): Even though SSTP is only able on Windows machines it is considered on of the most impenetrable protocols out there. SSTP runs through Transmission Control Protocol 443 and is thought to not run into the same firewall issues as L2TP. Even though it is more accessible to the average windows user then L2TP it still lacks some of the advantages that the open source software that OpenVPN provides.
Internet Key Exchange (IKEv2): IKEv2 may just be called IKE for Internet key exchange depending on the version in use. IKEv2 is one of the newest protocols around therefore it is able to be run on some of the newer platforms that we are seeing from day-to-day such as; Android, iOS, Windows, and MAC. As with any new and emerging technology the software has to be tried before it can be proven to be true and that is still the case with IKEv2. It is still thought of to have some vulnerabilities and faults such as not being able to be operated on Linux.
VPN Protocols: Pros and Cons
So now that we have gone over some of the most common security protocols out there for your VPN, here are some pros and cons that may help you in choosing the right one to use:
- Pros: Easy to set up, widely available, and able to compute quickly.
- Cons: Not very secure.
- Pros: Easy to set up, widely available, proven to be more secure than PPTP.
- Cons: Blocked by some firewalls.
- Pros: Proven to be the most secure, able to bypass firewalls, and is highly configurable due to the open source nature of the software.
- Cons: Complicated setup process due to the required third party software.
- Pros: Able to bypass firewalls, proven to be very secure.
- Cons: Only supported on Windows.
- Pros: Highly secure, increased stability, speedy.
- Cons: Not openly available to all platforms, limited configurations available, the untrustworthy nature of non-open source implementations.
This tunneling process is a great start to ensuring that you and your data are protected on the Internet, but it is not all that a VPN does to ensure complete security. The next layer of security implemented by your VPN is encryption.
Packets are the bits of your information that are sent through the tunneling process. Although the VPN tunnel is able to secure your information more than without it, the VPN does not stop there. The information that is sent through the VPN tunnel is encrypted to guarantee that it remains even more secure. Encryption ensures additional security by encoding the data packets in a way that can only be read by you, the client, and the server that you are connected to.
Although there are a number of different security protocols that the encryption process may follow to encrypt your data the most common are the Internet Security Protocols, and OpenVPN. Both of these protocols work in two ways. Firstly, by encrypting the data packet with an encryption key that is known only to the VPN client and the server. Secondly, by using a sub-protocol called Encapsulation Header that omits certain information from transmission, such as the user’s IP address.
Many of us lock our valuables on a day-to-day basis. This may be done by locking your front door once you leave, by putting a password on your cell phone, or even by double checking that your car is locked when you park.
What using a VPN allows the average user is the chance to secure other things of importance to them such as their personal data and virtual identity from those of ill-will. There are several types of VPNs to choose from and ultimately the decision is up to the user to choose which one will best suit their own individual needs.