VPN Flashcards
(17 cards)
Define VPNs?
VPNs establish a secure encrypted tunnel between the user’s device and the organization’s network. This ensures that confidential data transmitted over the Internet remains protected from prying eyes. VPNs allow remote employees to access company resources, such as file servers, intranets, and internal applications in a secure manner as if they were physically connected to the office network. This not only enhances productivity, but also, maintains the integrity and confidentiality of sensitive data even when accessed from remote locations.
What is a common use of VPN?
web browing and streaming
What is a key benefit of VPN?
One key benefit of using a VPN is the ability to maintain online anonymity. When you connect to a VPN server, your Internet traffic is routed through an encrypted tunnel, concealing your real IP address and location from third parties. VPNs mask your IP address, making it difficult for websites, advertisers, or potential hackers to link your online activities with your real identity or physical location.
What factors to consider when choosing a VPN?
Security features and encryption protocols
Server locations and network coverage
Connection speeds and performance
User interface and compatibility
Data retention and privacy policies
User reviews and ratings
Pricing and subscription models
Customer support and documentation
What is encryption protocol?
A set of rules and algorithms for encrypting and decrypting data to ensure secure communication over a network.
The encryption process typically involves two main components, the encryption algorithm and the encryption key.
Common encryption algorithms used by VPNs include Advanced Encryption Standard, or AES, Blowfish, and ChaCha20. These algorithms scramble your data using complex mathematical formulas.
VPNs generally employ symmetric key encryption, where both the client, your device, and the server share
the same key for encrypting and decrypting data. This shared key is established during the initial handshake between your device and the VPN server using a process called key exchange.
What is tunneling?
The process of encapsulating and transmitting data through a secure, encrypted tunnel, effectively creating a private network within a public network.
Some of the most commonly used tunneling protocols
in VPNs include point-to-point tunneling protocol or one of the earliest VPN protocols.
PPTP is relatively easy to set up, but has non-security vulnerabilities, making it less desirable for modern VPN implementations.
There is also the Layer 2 tunneling protocol or L2TP. L2TP is often combined with Internet protocol security, or IPSec, to provide a secure and reliable tunneling solution.
This combination, known as L2TP IPSec, is widely used by various VPN providers.
Another tunneling protocol is OpenVPN.
What is split tunneling?
This feature allows users to selectively route some network traffic through the VPN tunnel while keeping other traffic on the regular internet connection.
What is a kill switch?
A security feature that automatically terminates the internet connection when the VPN connection disconnects, preventing potential data leaks.
What is an DNS leak protection?
A feature that ensures that DNS queries are transferred through the VPN tunnel, preventing potential exposure of browsing activities and online destinations.
VPN clients often include built-in DNS leak protection mechanisms to prevent DNS leaks.
What is a no-log policy?
A policy adopted by some VPN providers that ensures they do not log or store any user activity, connection logs, or browsing data, maintaining users’ privacy.
What are other factors to consider when choosing a VPN?
-Assessing organziational
needs
-Evaluating security features
-Server locations and
network coverage
-Speed & performance
-User interface &
compatibility
-Data retention and privacy
policies
-User reviews & ratings
-Pricing and subscription
model
-Customer support & doc
What is OpenVPN?
OpenVPN is an open-source protocol that offers high security and flexibility. It can operate over a wide range of ports, making it more difficult for network administrators to block or detect.
Furthermore, there is the Internet Key Exchange Version 2 or IKEv2. This modern tunneling protocol provides fast and secure connections.
It is particularly well-suited for mobile devices due to its ability to reconnect seamlessly after network disruptions.
It supports a variety of encryption algorithms, including AES with key lengths of 128, 192, or 256 bits, as well as Blowfish and Camellia. OpenVPN also supports various authentication methods, such as pre-shared keys, certificates, or a combination of both.
One OpenVPN’s key advantages is its ability to operate over a wide range of ports, including UDP and TCP, making it more difficult for network administrators or firewalls to detect and block it. Additionally, OpenVPN is known for its strong cryptographic capabilities and ability to work with various network configurations, including NAT and firewalls.
What is Point-to-Point Tunneling Protocol (PPTP)?
PPTP utilizes the Microsoft Point-to-Point Encryption (MPPE) protocol for data encryption, supporting algorithms such as RC4 (128-bit), DES (56-bit), and Triple DES (168-bit). However, modern standards consider these encryption algorithms weak, making PPTP susceptible to various attacks, including brute-force and man-in-the-middle attacks.
Despite its shortcomings, PPTP remains in use due to its compatibility with older systems and networks. However, organizations should avoid using it for sensitive communications or in high-risk environments requiring stronger security measures.
What is Layer 2 Tunneling Protocol (L2TP/IPsec)?
L2TP is a combination of the Microsoft Point-to-Point Tunneling Protocol (PPTP) and the Layer 2 Forwarding (L2F) protocol developed by Cisco. It is a widely used VPN solution, particularly in corporate environments. Unlike PPTP, L2TP does not provide encryption on its own; instead, it relies on an additional security protocol, such as IPsec (Internet Protocol security), for data encryption and authentication.
L2TP/IPsec supports various encryption algorithms, including AES with key lengths of 128, 192, or 256 bits, and older algorithms like 3DES (Triple Data Encryption Standard). It also offers robust authentication methods, such as pre-shared keys or digital certificates, making it more secure than PPTP.
One advantage of L2TP/IPsec is its compatibility with a wide range of operating systems and devices. However, it can be more complex to set up and configure than other VPN protocols, especially in multi-vendor environments. Additionally, L2TP/IPsec is known to have issues with certain network configurations, such as those involving Network Address Translation (NAT) or firewalls.
What is IKEv2 (Internet Key Exchange version 2)?
IKEv2 is a modern VPN protocol specifically designed for secure key exchange and establishing IPsec tunnels. It is an improved version of the IKE protocol and offers several advantages over its predecessor, including faster reconnection times, better mobility support, and improved reliability.
IKEv2 supports various encryption algorithms, including AES with key lengths of 128, 192, or 256 bits, and older algorithms like 3DES and Camellia. It also supports various authentication methods, such as pre-shared keys, certificates, or a combination of both.
One of IKEv2’s main advantages is its ability to quickly re-establish VPN connections after network disruptions. This makes it well-suited for mobile devices and environments with frequent network changes. IKEv2 is generally considered more secure and efficient than older protocols like PPTP or L2TP/IPsec.
What is WireGuard?
WireGuard is a relatively new and increasingly popular VPN protocol that aims to provide a simple yet fast and modern cryptographic implementation. It is designed to be easy to configure and deploy, offering strong security features and high performance.
WireGuard uses the latest cryptographic algorithms, including ChaCha20 for symmetric encryption, Curve25519 for key exchange, and Poly1305 for message authentication. It supports a modern and lightweight cryptographic design, making it an efficient choice for various devices and systems.
One of WireGuard’s key advantages is its lean codebase. Thismakes it easier to audit and maintain and reduces the risk of vulnerabilities. Additionally, WireGuard is known for its excellent performance, making it a suitable choice for high-bandwidth applications or scenarios where speed is crucial.
What are (3) VPN encryption standards?
-Advanced Encryption
Standard (AES)
-Blowfish
-ChaCha20
-3DES (Triple Data Encryption
Standard)
