Which Is a Limitation of VPN?
A virtual private network, or VPN, is a type of network architecture that allows for private, secure connections between two or more devices or endpoints over a public network, such as the Internet. Essentially, a VPN creates a private, secure connection in an otherwise public area, such as the Internet, by providing a middleman, also known as a VPN server, between the endpoints. This architecture offers many benefits. For example, because the connection is secured using strong cryptography, it is much more difficult, and thus, more secure for the data to be intercepted. In addition, by using a VPN, users can remain anonymous when performing online transactions (because there is no direct connection between the endpoint and the VPN server), which can further enhance their security.
Encryption Is Key
Encryption is a form of data scrambling that makes it more difficult to read. In order to properly decrypt the data, a matching decryption key is required. Because of this, when data is transferred over a VPN, it is important to ensure that the endpoints are using the same encryption key. This is critical for keeping the data secure and preventing anyone else from accessing it (i.e. someone trying to hack into your network). If the keys are not the same, then the data will be gibberish and completely unusable when decrypted. Different encryption schemes are used for different applications (i.e. AES-256 for secure web transactions vs. triple DES for VPNs), but in general, the stronger the encryption, the more secure it is).
There are several different types of VPNs, all with their benefits and drawbacks. For example, IPsec-based VPNs are more secure than PPTP-based or L2TP-based ones (these are just examples, as there are various different types of IPsec-based VPNs). However, they are less efficient (i.e. because more processing is required to set up and maintain the VPN connection). A more efficient type of VPN, which uses a hybrid protocol, is the IKEv2-based VPN. This type of VPN is very secure but also very efficient. Therefore, if you are looking for a secure and private connection, an IKEv2-based VPN is the way to go.
PPTP
Point-to-Point Tunneling Protocol, or PPTP, is a network protocol that was designed for VPN applications. It was developed by the Microsoft Network team (in 1999) as an upgrade from the older and less secure Point-to-Point Tunneling Protocol, or PPP, which was first developed by the DARPA network research group in 1995. Although PPTP was designed for VPNs, it can be used for many other types of network connections as well (e.g. point-to-point dial-up connections, remote access VPNs, etc.).
PPTP is a classic example of a “split tunnel” VPN architecture, which has two separate connections, one in each direction. This type of VPN requires double the resources to set up and maintain a connection as compared to a standard, one-way VPN. However, the two-way connection makes it twice as secure as the unidirectional connection, because data traveling in either direction must be secured. (In most cases, data traveling in one direction is considered less sensitive than data traveling in the other direction.) This makes a two-way VPN very useful for securing communications within a company or larger network (i.e. for facilitating communications among different teams or individuals that are otherwise separated by network architecture).
L2TP/IPSec
Line-to-line Tunneling Protocol, or L2TP, is another protocol, like PPTP, that was designed for VPNs. It is actually the successor to the Point-to-Point Tunneling Protocol, or PPP, discussed above. The L2TP was created by the IETF in 1994. It is a simpler and more efficient protocol than its predecessor (PPTP), which was, in turn, built upon the SCTP protocol, developed by the IETF in 1993. Like other VPN protocols, L2TP can be used for many types of applications beyond just VPNs.
Line-to-line Tunneling Protocol with IP Security, or IPSec, is yet another protocol, like L2TP, that was developed for VPNs. It is the combination of L2TP with the Internet Protocol Security (IPsec) suite of protocols. IPsec was also created by the IETF in 1994 and is composed of several different sub-protocols, such as IP authentication (IPA), IP encryption (IPSec), and IP-level gateways (ILGs).
IPsec is considered to be the “gold standard” of encryption protocols because of its strong security and efficient design. Like other protocols, IPSec can be used for many different applications, including VPNs, remote access VPNs, etc. (Although, because it is based on the IP layer, it is easier to deploy than some of the previous protocols discussed).
In general, when comparing the various types of VPNs, it is extremely important to consider the security and privacy aspects. In addition, performance should be taken into account, as well. Many different factors are considered when comparing different types of VPNs, such as:
- Ease of Use
- Installation
- Protocol
- Bandwidth
- Server Hardware
- Server Software
- Protocol Version
- Encryption Type
- Key Exchange Protocol
- Connection Sharing
- Anonymity
- Availability
- Costs
Differences Between PPTP and IPSec
There are several important differences between the Point-to-Point Tunneling Protocol (PPTP) and the Internet Protocol Security (IPSec) suite of protocols. First, because IPSec is the combination of L2TP and another security protocol, it is more secure than PPTP, which is built upon the earlier and less secure PPP protocol. Second, it is easier to set up and maintain an IPSec connection than a PPTP connection. Third, because L2TP and IPSec operate at the IP layer, they can be easily and uniformly deployed (in other words, they do not require specialized hardware or specific server software to work).
In a nutshell, if you are looking for a robust, secure, and private network connection, an IPSec-based VPN is your best option. However, if you need a simpler, more convenient setup or if you just want to use the VPN for certain applications, then consider using a PPTP-based VPN.
Secure Sockets Layer (SSL)
A VPN Client will often times require that you specify which security protocol you would like to use for encrypting your data before setting up the connection. Typically, if you are using a web browser to connect to a VPN Server, then you will be prompted to enter a username and password to authenticate your connection request. These credentials will then be used for subsequent SSL connections (i.e. when transmitting data over the secure connection). SSL is a security protocol that was originally designed for use over the Web but has since been adopted for use with other protocols, such as IPSec and PPTP.
SSL has several different versions, SSL 3.0, TLS 1.0, and TLS 1.1. The most recent and, at the same time, most secure version is SSL 3.2.
Many web browsers (such as Google Chrome and Mozilla Firefox) support the use of SSL, and most often, this protocol is used in tandem with SSH, a different protocol discussed below, for more robust and anonymous web browsing, especially if you are using a VPN to access a restricted area, such as the Internet via a corporate firewall.
STUN
A Session Trailing Unicast Identifier, or STUN, is used to discover the IP addresses of publicly accessible servers (i.e. those that are not secured with TLS encryption). When a device (e.g. computer, mobile phone, or other) connects to a VPN Server to obtain a private IP address, it will often times do so behind a firewall that is acting as a router. In this case, the firewall will have to relay the data packets to the outside world. When this happens, the firewall needs a way to find the new, external IP address of the device in order to properly route the data packets to their destinations. This is where the STUN server comes in.