vendredi 11 août 2017

How Does a VPN Work?


How a VPN's encrypted tunnel keeps you safer online.

This article was last updated and expanded on August 11, 2017. Note that if you click on one of these links to buy the product, IGN may get a share of the sale. For more, read our Terms of Use.

Virtual Private Networks (VPNs) may have a somewhat seedy reputation, but there are plenty of legitimate reasons to consider using one. And besides, no one needs an excuse to keep their internet browsing history secret. We all have a right to privacy online.

But how does a VPN protect you anyway? And how specifically does a VPN work? It's not magic, it's cryptography. Let's go over the basics of how a VPN works before diving deeper.

How it Works

A VPN protects your privacy by creating a secure "tunnel" across the Internet between you and your Internet destination. This tunnel is created by first authenticating your client--a PC, tablet, or smartphone--with a VPN server. The server, which you can run yourself with programs such as OpenVPN, then uses one of several encryption protocols to make sure that everything sent between the you and websites and Internet services can't be monitored. It does this by creating an encrypted tunnel, which is like putting a package into a box and then sending it to someone. Nobody can see what it's inside the box until it's opened/decrypted.

An encrypted VPN tunnel - image credit: Check Point Software.

An encrypted VPN tunnel - image credit: Check Point Software.

These VPN protocols run as a lightweight server program. VPN providers run multiple VPN servers on virtual machines (VMs) or containers. This enables them to serve tens of thousands of clients from their data centers without spending a fortune on servers. You normally can't choose which protocol to use within the VPN software itself, but you can certainly choose a VPN that offers one of the more secure protocols.

The main VPN protocols are:

  • Point-to-Point Tunneling Protocol (PPTP ):  While popular, I can't recommend this Microsoft-created protocol. It's fast, but that's because it has no built-in security to speak of. Typically, PPTP is paired with Microsoft Point-to-Point Encryption (MPPE) protocol to create a "secure" VPN. I say "secure," because most PPTP/MPPE implementations have been crackable since 2012. It may be easy to deploy and fast, but without real security neither of its virtues make it worth using.
  • Layer 2 Tunneling Protocol (L2TP): Microsoft, working in concert with Cisco, did better the second time around. L2TP, itself has no security.  It simply creates a virtual tunnel which prevents trivial hacking on public Wi-Fi and the like, but it's mindlessly simple to pop open if someone really wants to see what you're up to. That's good, but not good enough. Typically it's combined with IPSec to make a relatively secure connection.
  • Internet Protocol Security (IPsec):  This Internet Engineering Task Force (IETF) standard encrypts network traffic at a low level. IPSec is used by many vendors, such as Cisco, Juniper, and Microsoft and open-source projects, like Openswan, as the foundation for VPNs. It's secure and works well enough.
  • Secure Socket Layer VPN (SSL VPN) aka Secure Socket Tunneling Protocol (SSTP): This method uses the same protocols that web sites use to secure themselves, with the same SSL and its successor Transport Layer Security (TLS). This is also an acceptable solution.
  • Secure Shell (SSH): SSH, as all the sysadmins out there know, is typically used to secure remote terminal sessions. You can use it as a VPN when you combine it with a SOCKS proxy. It's difficult to do though. For example, you must configure every application you use—web browser, email client, Skype, etc.,--to use your SOCKS proxy. It works well.
  • OpenVPN: This popular open-source encryption program combines an SSL VPN for session authentication and IPSec Encapsulating Security Payload (ESP) over User Datagram Protocol (UDP) for a secure data transfer.
  • Chameleon: This is a proprietary add-on to the open-source OpenVPN VPN program. It's available as part of Golden Frog's VyprVPN. The company claims, by scrambling OpenVPN packet metadata your communications can't be recognized by deep packet inspection (DPI). This should make it harder for Internet censoring countries, such as China, to block its traffic. Chameleon relies on OpenVPN's 256-bit IPSec ESP protocol for its underlying data encryption.

One question you might have is, "Can't your ISP tell what you're up to even if you are using a VPN?" The answer is not really. Your ISP can tell that you're using a VPN, but they can't see where you're going or what you're doing within it since all your traffic is encrypted.

Finally, if you want to make life harder for any snoopy, bored ISP staffers, stop using your ISP’s Domain Name Servers (DNS).  I recommend switching your DNS to Google Public DNS or Cisco's OpenDNS. Also, the better VPN services provide their own DNS and make it easy for you to switch.

Technical details aside, if you value your privacy, you need to use a VPN. Just be aware, as I said at the beginning, that they're not magic. Encryption protocols can be broken, a cut-rate VPN may not properly protect your traffic, and some VPNs are over-subscribed so your connection speed could be significantly impaired.

Still, given the alternative, in a world where ISPs are allowed to not only spy on what you do over the Internet, but sell your information to the highest bidder, finding and using a VPN makes more sense than ever.

Good luck and safe browsing my friend.

Best VPN Services

All year long IGN has been running full, in-depth reviews of some of the best VPNs for gaming and general web browsing. We put each through a rigorous battery of tests, examining upload and download speed, connectivity options, privacy options, in-game performance, and more. Below are the services we currently highly recommend - we encourage you to click through to the full reviews to see why these services shine and what specific testing we completed:

Best VPNs

Read IGN's Full IPVanish Review

Read IGN's Full Private Internet Access Review

Read IGN's Full Keep Solid VPN Review

Read IGN's Full VyperVPN Review

Read IGN's Full PureVPN Review

Read IGN's Full NordVPN Review 

Let's block ads! (Why?)

Aucun commentaire:

Enregistrer un commentaire