Latest posts by Alvin Bryan (see all)
- Millionaire Tyupkin Malware ATM Hackers May Come to US, India After Hitting Europe - October 23, 2014
- BitLicense Will Allow Bitcoin Spying in New York - October 22, 2014
- Australians are Fighting Data Retention Laws - October 22, 2014
Keeping information private was the whole idea behind the VPN when it was first conceived. Now that individuals are using personal VPNs as an added security measure, the question now is, do they really keep you safe? Not all VPNs are alike, so what needs to be evaluated are the tunneling protocols used and the authentication and data encryption that go along with them.
Point-to-Point Tunneling Protocol (PPTP) is the oldest, and has the most limited security. Data Encryption Standard (DES) and 3DES (Triple DES) with their 56-bit key have improved to 128-bit RC4 encryption, but can still be broken without using a brute force attack. It uses the Extensible Authentication Protocol, which has many weaknesses, and only the PPP payload is encrypted.
Layer 2 Tunneling Protocol (L2TP) has weak encryption, so it has been combined with Internet Protocol security (IPSec). L2TP/IPSec has 256-bit data encryption, which is big enough so that the key can stand up against brute force attacks, but slows down the processes. It uses Advanced Encryption Standard (AES), only breakable through brute force attack. L2TP authentication is weak, but IPSec used key certificates to identify the computer on the other end. The two layers wrap the PPP frame in an L2TP header and a UDP header, and again in IPsec ESP and Authentication.
Secured Socket Tunneling Protocol (SSTP) uses HTTPS. HTTPS, which is HTTP over SSL, ensures that the data can get through firewalls and proxies without a hitch. SSTP uses 2048-bit data encryption and encapsulates the PPP frame with IP datagrams only. There is no known computer with the processing speed required to crack 2048 bits, but the processing time is very slow, making it impractical for most common file transfers like bank transactions.
SSL is an additional layer for authentication, creating an encrypted channel that does not allow any data to be sent unless it has been authenticated. It gives the highest level of key negotiation and transfer security, but a low encryption overhead. This means that the key used to decode the cypher is well-protected, and there is very little chance that any data can leak through the tunnel during the transfer, but the encryption is vulnerable to a brute force attack. SSL authentication certificates so far give the best guarantee of correct identification, and the connection is secured from before the tunnel is opened to the point the transfer is complete.
Since each of these protocols has its weakness, a combination is the logical choice for the best security. An SSL based SSTP provides the benefits of the highest data encryption and authentication levels without the problem of slow processing. OpenVPN is an SSL based protocol designed to work faster but maintain the highest security. OpenSSL encryption provides the benefits of SSL authentication, key negotiation and transfer security, with 160-bit data encryption for speed, which works well against brute force attack in combination with the other features.
ExpressVPN offers OpenVPN by default, remaining secure and reliable even over great distances, and on unsecure, open public Wi-Fi hotspots. Visit the ExpressVPN website to know more about how OpenVPN is the safe personal VPN.