Types of VPN Encryption Protocols

Encryption Protocols

A VPN provides a way for data transmission over internet through a public or shared network in such a way that the computing device seems to be actually connected to a private network. This is achieved by creating virtual tunneling protocols, dedicated connections, or encrypting the traffic. As a user you can enjoy many benefits of VPN such as managing network, providing security and hiding your identity on any network.

A VPN relies on encryption of data for safely and securely achieving the wireless transactions performed by a user. This can be done by encrypting the transmitted data at one end of the tunnel and then decrypting it at other end of the tunnel. This is where encryption protocols comes handy as only pair of keys can’t be used for a completely secured encryption.

If a user is outside office and he wants to access office intranet then the employee can securely access it using virtual private network. Even if an organization faces issues of having offices in various countries, then the distance can be reduced giving rise to a cohesive and coordinated network. This solves many issues faced due to remote locations. Any individual making wireless transactions can safely and securely achieve it through VPNs. Users can circumvent censorship, prohibited accesses to particular sites and many geographically restricted sites. In case of identity protection and location hideout connection using proxy servers can really help.

PTTP

The Point-to-Point Tunneling Protocol (PPTP) is one of the encryption protocols used for implementing virtual private networks. Point-to-Point Tunneling Protocol was founded by Microsoft using the idea of VPN over dialup networks. It has been a standard protocol for internal business since a long time. PPTP uses TCP and GRE tunnels to allow PPP packets to pass through them.

The PPTP encryption protocol specification does not include encryption or authentication features and security functionality is achieved by tunneling Point-to-Point Protocol. It is mainly used to provide remote access levels and security levels suited to VPN products. Though it is a VPN protocol it uses various authentication methods for security with MS-CHAP v2 being the most common.

Pros

    • It is easy to set up, requires no additional software for installation and works on every single VPN platform and device. This makes it popular among all the businesses and VPN providers.
    • It has a very quick turnaround time as it uses low computational overheads for implementation.
    • It can be used to run applications remotely which are dependent on selected network protocols. All the validations and security checks will be performed by the tunnel server, therefore the information is much safe and secure to be sent over networks which are not completely secure.

Cons

    • Security still remains the key issue here as it uses MS CHAP v2 which is not very secure and vulnerability exists for dictionary attacks as tools are available for capturing the transmitted information.
    • RC4 (Rivest Cipher 4) is being used by MPPE for encryption. Since no method exists for authenticating the RC4 ciphertext stream, thus vulnerability exists for a bit-flip attack. It is very easy for an attacker to modify a single bit in the stream in order to change the expected output without even getting detected.

L2TP/IPSec

L2TP (Layer 2 Tunneling Protocol) is a tunneling protocol which is used to support the VPN services. VPNs doesn’t provide any confidentiality or encryption to the traffic that passes through it themselves and rely on encryption protocol for providing privacy to the user. Therefore, it depends on an encryption protocol such as IPSec encryption suite for privacy and security issues.

A single packet of L2TP consists of a payload and the L2TP header which is transmitted through a UDP (User Datagram Protocol). It is a very common thing to carry PPP sessions in an L2TP tunnel. L2TP is not able to provide confidentiality or strong authentication by itself and IPSec is being used to make sure that L2TP packets remains secure by providing authentication and confidentiality.

It can be installed on all modern operating systems and devices which support VPN. This makes it easy and simple to set up. It is reliable only for control packets. Either for an entire session or a part of it, L2TP tunnel can work on both. It faces a serious issue as it uses UDP port 500 which gets blocked by firewalls. Hence, it requires advanced configuration (port forwarding) when it has to be used behind a firewall.

Pros

    • It caters to security and privacy issues by using IPSec encryption protocol. Hence, it is considered a very secure option.
    • It is easy to set up and can be configured on all modern platforms and devices.
    • L2TP/IPSec offers multi-threading. The process of encryption/decryption takes place in the kernel so it makes it faster than OpenVPN.
    • It is the ultimate option if a quick VPN setup is needed and non-criticality is of utmost importance.
    • For mobile devices it is observed that OpenVPN has only satisfactory performance whereas L2TP/IPSec proves out to be more useful.

Cons

    • It is weakened by NSA and compromises the performance.
    • It has the biggest drawback of struggling against restricted firewalls as it uses UDP 500 port which is blocked by firewalls. So, to overcome this issue advance porting has to be configured.

OpenVPN

OpenVPN has been designed as an open source technology application providing a secure and reliable VPN technique. It is an amalgamation of OpenSSL library and a custom security SSLv3/TLSv1 protocol for key exchange. It has the capability to maintain secured point-to-point or site-to-site connections in routed configurations and facilities providing remote access.

It can traverse NAT (Network Address Translators) as well as restrictive firewalls.  OpenVPN offers authentication with the help of a pre-shared secret key, username/password and certificates. In a configuration having multi-client server, it lets the server to have an authentication certificate being released for each and every client using the certificate authority and signature.

Extensive usage of OpenSSL encryption library enhances its security features to a great extent. It offers encryption for both data as well as control channels. It uses both TCP and UDP protocols so it is far better where particular VPN protocols may be blocked. Hence, user can avoid high priced IPSec in those cases.

Its greatest strength is it can run on any port (TCP Port 443) though runs best on UDP port. This makes it highly configurable. It has been ported to many systems like DD-WRT and Soft Ether VPN.

Pros

    • OpenVPN uses OpenSSL library and it provides 256-bit encryption which improves security and authentication.
    • It is far better than L2TP and PPTP as it uses a security protocol having a combination of both TCP and UDP.
    • The use of PKCS#11 based cryptographic tokens makes it compatible to smart cards.
    • To prohibit theft of sensitive data to disk it has got a mlockall feature. OpenVPN also has the ability to drop root privileges.
    • It has enhanced authentication by using keys, passwords, certificates and encryption algorithms.
    • It is highly configurable and offers dynamic updates from firewalls. So, a firewall can’t block it easily.
    • Most importantly, it is reliable, secured even against NSA, is very fast and ultimately Open Sourced.

Cons

    • OpenVPN has TCP meltdown problem i.e. it offers good performance only when there is sufficient bandwidth till tunneled TCP timers don’t expire.
    • It can be difficult to set up and requires additional software for installation.
    • It is best suited for desktop and still lags behind in mobile support such as Palm OS.
    • Moreover, it is not compatible with VPN clients which use the IPSec over L2TP or PPTP protocols.

SSTP

SSTP (Secure Socket Tunneling Protocol) uses SSL/TLS channel to transmit L2TP or PPP data through a VPN tunnel. By using SSL/TLS channel transport-level security is enhanced. It also keeps a check on data authentication through encryption, maintains traffic integrity and provides key negotiation features. SSTP is configured for Windows, Linux, and BSD.

Pros

    • SSTP is faster than its counterparts PPTP and L2TP eliminating overheads of PPP.
    • It transmits through all proxies and firewalls as it uses SSL/TLS over TCP port 443. Being compatible with windows and use of SSL v3 makes it easier to use and more stable avoiding firewall issues.
    • While switching a network or reconnecting to a site it offers stable performance.
    • As it supports AES 128, AES 192, AES 256 and 3DES encryption keys it is highly secure.
    • It is easy to set up at user end and compatible with blackberry devices.
    • It is used for remote client access, smart card authentication, and the L2TP VPN client for Windows.

Cons

    • SSTP also suffers from TCP meltdown problem i.e.it will perform satisfactorily only in presence of excess bandwidth on the un-tunneled network link.
    • It needs additional software for installation as it lacks native in built VPN client.
    • Though available for Linux, SEIL and RouterOS it is best configured for Windows platform.
    • However, SSTP is not an open source VPN like OpenVPN instead it is a proprietary standard owned by Microsoft.

IKE

IKE or IKEv2 (Internet Key Exchange) combines both Oakley protocol as well as ISAKMP. It derives cryptographic keys from a shared session by Diffie–Hellman key exchange. X.509 certificates are being used for authentication which are distributed with the help of DNS. This protocol sets up a security association (SA) in the IPSec suite. In addition to this, a security policy has to be maintained manually for every connected peer. In Windows 2000, Windows XP, Windows Server 2003, Windows Vista and Windows Server 2008 IKE is available as part of the IPSec.

Pros

    • Use of fewer RFCs: IKEv2 advanced version of IKE uses only one RFC to cover its specifications and improvements for NAT traversal & firewall traversal which are more in case of original version.
    • Standard Mobility support: It uses a standard extension so that mobile users can utilize IKEv2 and IPSec protocols.
    • SCTP support: It allows usage of SCTP in VoIP.
    • It provides UDP port configuration to allow transmission through restrictive firewalls.
    • It has Simple message exchange system where there are a total of 8 completely distinct initial exchange mechanisms. It also uses a few cryptographic mechanisms for data authentication.
    • It uses sequence numbers and acknowledgments for enhancing reliability, lack of which may lead to dead state.
    • It only performs cryptographic processing if actual requester exists otherwise service is denied in case of spoofing.
    • It is a secure, fast, open source protocol for mobile users due to its improved ability to reconnect. It is the only option for blackberry users.

Cons

    • It needs little trick to implement IKEv at the server side which led to certain problems.
    • IKE doesn’t provide a general configuration facility for a default case which results in mutual agreement on both sides for security failure which leads to no connection.
    • If a debug output was present it was difficult to comprehend it which resulted in non conformation to a common security association.

Chameleon

Nowadays, many governments, corporations and ISPs worldwide are inspecting, diverting and blocking the VPN traffic. Mainly, countries like China and Iran tops the list as they prohibit freedom of internet and connection to the world. To overcome these issues, Golden Frog’s engineers have created a remarkable VPN technology named Chameleon. It is not open sourced. It is present in VyprVPN apps which is available for Windows, Android and Mac.

Chameleon scrambles OpenVPN packets via deep packet inspection (DPI) making it unrecognizable yet being lightweight without compromising on speed. For the data encryption, Chameleon technology uses the unmodified OpenVPN 256-bit protocol. This helps the users to bypass blocked networks and thus VyprVPN users are able to bypass restrictive networks put in place by governments, corporations and ISPs.

Pros

    • Chameleon VPN provides an open, fast and uncensored internet worldwide.
    • It helps in resolving speed concerns occurring due to bandwidth throttling.
    • It can bypass censorship and helps you in accessing restrictive sites.
    • It offers deep packet inspection (DPI) to make it unnoticeable while bypassing blocked networks.

Cons

    • Chameleon is not present for VyprVPN facing restrictions by iOS.
    • It is blocked in China, Russia, Iran, Thailand and Syria due to speed concerns.

Review of Hide My Ass VPN

hide my ass vpnA VPN provides a secured network connection on the internet for connecting to a private network through a public network for transmitting and receiving data. The private network could be any network like an organization’s internal network, Bank websites and Government agency portals. A VPN protects your online browsing activities and keeps your identity anonymous as it encrypts the transmitted data and then re-routes it from its own remote servers. Thus, it helps you to access restricted websites from any location without the information getting intercepted and keeping your network location completely hidden.

VPN is designed in such a way that it acts as a secure and encrypted tunnel for transmitting data. The information gets transmitted through encrypted tunnel and nobody else can intercept or read the information in between. Also, the encryption mechanism makes sure that only the authorized user is able to access the transmitted information over the network. A VPN comes handy when you are accessing internet through public Wi-Fi hotspots as the wireless connection is not secure enough and can lead to information being compromised over the internet. Also, VPN would help you to access blocked websites over public Wi-Fi connection and prevent data theft.

HideMyAss VPN is a go to ready tool for anyone who wants to surf the web freely, privately, securely and with no restrictions. It brings you an important privacy tool which has high grade encryption as that of banks, business and government organizations. It has a wide global network coverage having 935 VPN servers which are located in 352 locations across 221 countries. It gives access to more than 120000 IP addresses.

Features

  • HideMyAssVPN supports all major encryption protocols which can be used for connecting to their accounts namely PPTP, L2TP/IPSec and OpenVPN. All of them have got different features.

    1. PPTP is the most common VPN protocol for Windows which provides a 128 bit basic encryption and is supported by large number of devices. It provides high speed connection and the setup/configuration is pretty easy. Due to low level encryption, it is less secure and sometimes have unstable connections.
    2. L2TP/IPSec provides a secure connection having 256 bit key encryption and provides a stable connection on every device, operating system and networks. It can easily bypass restrictions imposed by ISPs or networks. It provides a gradually lower connection speed than other protocols due to high level encryption.
    3. OpenVPN provides cross platform portability and has a highly secure 256 bit key encryption with OpenSSL authentication. It provides most stable connection across all kinds of network such as wired, mobile or WLAN. It provides very high speed and secure connection having ability to bypass almost all firewalls, ISPs and networks.
  • It allows you to connect to your VPN account with 2 simultaneous connections using different devices such as laptop, PC, smartphones, internet enabled TVs and gaming consoles. But while having 2 simultaneous connections, both the devices should be connected to two different servers. You can’t connect both the devices to the same VPN server simultaneously.
  • It provides a wide global network coverage having servers in 221 countries covering 352 locations and having a total of 935 servers.
  • It lets you to connect to 120000 different IPs using your VPN account.
  • It allows unlimited switching of servers for its users. So, you are allowed to switch the server from one to another when you wish to connect to a different server from your account instantly without any restrictions.
  • HideMyAss VPN desktop application is available for Windows, Linux and Mac. In addition to desktop application, it also provides mobile app for Android and iOS devices.
  • It provides a Customer support service through various methods such as Live Chat, Support Form page and Direct Call facility. By using the live chat option on their website, you can contact to the Customer service representative and get your query resolved within minutes. You just need to provide your Name and email address, choose the relevant topic for your query and type your query in the Message box and submit. You can also use their Customer support page to get your query resolved. Most of the tickets get answered within a response time of 24 hours. You can also call them from 9am-5pm UK time and get your query resolved by talking directly to an expert.
  • It doesn’t offer any trial period for using its services. But it does provide a 30 days Money back guarantee which is adequate amount of time to test their services. But, in order to get a full refund of your money, you should not have used more than 10GB of bandwidth and should not have connected to more than 100 sessions.
  • It provides a Load balancing feature. If there is more than one server in a particular location it suggests you the one with the least load to have faster response time.
  • The Company comes under the jurisdiction of the laws of United Kingdom.

Prices and Plans

HideMyAss VPN offers 3 different plans for its customers as per their needs and requirements.

If you want to use services of HideMyAss on a monthly basis, then there is a fixed plan of $9.99 per month.

The second plan is for six months which is available at $6.66 per month. This will avail you a discount of 42% over the monthly plan.

The third plan is for $4.99 per month for those who wish to use the services of HideMyAss for 1 year. You can save a total of 57% if you chose this long term plan instead of the monthly plan.

We would suggest you to opt for the plan offering 1 Year subscription at $4.99 per month because the services offered in all the 3 plans are exactly the same and there is no such difference in them. Thus, if you would go for the long term plan you don’t have to renew your plan every month and would save your time.

Also, you will get a 30 days money back guarantee during which you can test the services offered by HideMyAss VPN. If you feel that you are not satisfied with the services, you are free to opt out of the subscription within 30 days from the date of purchase of the product by contacting the Customer Support and you would get a 100% refund of your money. Please note that in order to get a full refund of your money, you should not have used more than 10GB of bandwidth and should not have connected to more than 100 sessions during the 30 days money back guarantee period.  

Pros

High speed and unlimited bandwidth: It has a fairly high speed to access any website in remote locations and has only a 2% difference in the speed between your normal internet connection and connection through HideMyAss. It provides unlimited bandwidth usage to its customers so that they can watch all the videos they want and browse unlimited websites without worrying about going over the limit. If you are new customer, then the connection wizard helps you in installing it and running it in just a few clicks.

Reliable connection and easily bypass censorship: It supports all major encryption protocols including PPTP, L2TP/IPSec and OpenVPN, which makes it highly secure and reliable when it comes to unblocking the restricted websites and keeping the identity of the user anonymous. If you are facing any government/legal restrictions in accessing any site, say, many countries don’t allow access to all users such as USA and UK, then by using its services you can easily avoid this censorship and access these websites from anywhere in the world.

Load Balancing: If there is more than one server available for accessing a site in a particular location then HideMyAss will automatically suggest you the one having minimum number of users connected to the server which results in faster response time.

Securing your Wi-Fi network and easy access to favorite sites: It secures your Wi-Fi network by encrypting your connection with its highly secure protocols at any location. It helps in avoiding any government/workplace restrictions to access websites from your Wi-Fi network. It also lets you access your favorite websites by changing your IP address to the required locations instantly. Moreover, you can maintain a favorite tab list of locations for easy access and connecting pretty quickly to the network.

Covers 221 countries with 935 servers including China: It offers faster and reliable network connection for accessing restricted and prohibited sites in most parts of the world including China than any other VPN service provider. It is one of the very few VPN providers having reliable worldwide coverage and having servers located in mainland China. So, if you are living outside China and need to access to a Chinese specific services then HideMyAss would be the your choice.

Cons

No free trial and high price: Since there is no free trial offered by HideMyAss for its customers, one needs to spend a minimum of $9.99 for using its services. Also, the price for monthly plan is a little expensive.

Blocked in China: HideMyAss has got great connectivity across the globe but its main website has been blocked in China and most of its servers are also not accessible there which results in preventing access to blocked sites in China.

Logs stored for legal requirements: HideMyAss stores the logs and information in order to keep a track of the browsing activities of its users, which includes downloads and visited sites. If needed, the logs can be handed over to the authorities if they demand them and therefore, there is no 100% anonymity possible.

Terms and Conditions on money back guarantee: During the money back guarantee period of 30 days, 100% money would be refunded only if you have not used more than 10GB bandwidth and not connected to more than 100 sessions during that period.

Recommended Uses

HideMyAss has been rated as a reliable and secure VPN all over the world. It has a huge network of 935 servers in 221 countries covering 352 locations and allows connection through 3 different encryption protocols. Its strong encryption lets you bypass the geographical restrictions and censorship being imposed in several countries of the world excluding China. Since the official website of HideMyAss is blocked in China, therefore it’s difficult to sign up for its services over there. So, HideMyAss should not be your first preference as a VPN in China. However if you want to access to the Chinese area restricted services, Hyde My Ass is one of the few VPN that have servers in Mainland China.

It supports all major devices and has got a dedicated iOS and Android app available for its customers. The customer support is outstanding as they have a well maintained customer support and a FAQ section. You can contact them via live chat, support forum, email and phone call. Although they do not work 24*7, you can expect a comprehensive response within 24 hours.

What is a proxy? All you need to know about using a Proxy

What is a Proxy?

Proxy is basically a purposeful computer which serves as an intermediary hub between the endpoint device, like a computer or laptop, and the server which is being used to request a service from the user. All the internet requests gets processed through proxy servers. By letting the user to connect via one of these servers, the host computer can send the user requests to proxy server which in turn processes the request and finally returns the required result to the user which he wanted. So, in this manner proxy is actually serving as an intermediate between the user machine and all the remaining computers over the internet. These servers are generally located at user’s own system, or between destination servers on the internet and user’s system.

Proxy server remains invisible to the user. All requests sent over internet and their returned responses to the user appears to be associated with addressed Internet server. A proxy can exist as a firewall server on the same machine or it can be configured on an entirely different server, which in turn can forward the requests via firewall.

Read more

What is Ransomware and how to avoid it

What is Ransomware

Ransomware is a type of malware used for blocking a specific user from accessing data on his own computer and also disabling the functionalities which can unblock the restricted access to data. Then, the author of the malware will demand a ransom amount which the user needs to pay in order to restore the access to blocked data. For any normal user having only some basic understanding of Computer and Internet, Ransomware can be considered as one of the most vulnerable and dangerous type of malware. If a user gets infected with it, he has no other choice than paying the ransom amount which can be up to few hundred dollars.

The Ransomware malware program is designed in such a way that it will frequently lock down a computer, followed by display of several images related to law enforcement in order to frighten the user and extort some money from the targeted victim. Some ransomware will not only lock your computer, but also encrypt your files, after which you won’t have any access to those files.
Read more

Review of StrongVPN

strongvpn review

A VPN provides a way for transmitting and receiving data over internet through a public network in such a way that it seems you are actually connected on a private network. It keeps your browsing activity, current location and identity completely private by encrypting your data and then routing it over its own remote servers. In simple words, a VPN would hide your network location from which you are connecting and let you access internet without imposing any restrictions.

Since many countries have blocked several websites such as YouTube, Facebook and Google, one would need an excellent VPN in order to connect to internet without bothering about those restrictions and browsing the internet securely. For example, in order to use internet in China, which has put restrictions on most of the websites, using a VPN is a must.

One of the most effective and popular VPN used worldwide is StrongVPN. It is a US based company which was set up in 1994 and it provides VPN servers in 21 countries and 45 cities supporting most of the VPN protocols. Its high speed servers provide excellent encryption of data, IP address switching and secure browsing.
Read more

Private Internet Access: What is a VPN?

What is a VPN?

A Virtual Private Network – or VPN – allows you to send and receive data via the internet using a public network as if you were connected to a private network. In other words, it is a system that allow you to connect to a public network (a hotspot, for example) but acts as if you were connected to your company’s host computer. This makes it difficult to be located and greatly improves the security of your connection. But let’s not get too technical. Below you’ll find the principal uses of a VPN:

  • Access to services that are only available in some countries, principally audiovisual content (such as television shows, series or podcasts). For example, if you want to watch your favorite programs on Netflix or Hulu, but you are not in the United States, you can’t. Unless you use a VPN to access those website from a US server!
  • To send sensitive data (such as banking information) via an encrypted connection. Many people use these systems to protect their banking and personal information from being robbed by third parties when connected to public networks, and/or to maintain anonymity.
  • To create your own VPN and allow your employees to access your company’s private network, including if they are not physically connected to it.

Read more

Emoji Keyboard on Windows and Mac

emojikeyboard

It is currently very common to use an emoji keyboard in conversations or emails using Android and iOS mobile devices (like the iPad and the iPhone), but in the case of laptops it is not common to use them, and more so, many people don’t know that these emoticons are even available.

Mac Emoji Keyboard

Accessing the Emoji keyboard from a Mac is really simple and its appearance to iOS is very similar as you can see in the picture above, with the difference being that it is shown on a small screen and not the keyboard itself as in the aforementioned devices. To access it, we have to use the following keystroke shortcut:

Control + Command + Space Bar

Read more

Xiaomi, the most popular Chinese technology brand

What is Xiaomi?

Xiaomi is a company that was founded in June 2010 by 7 very powerful partners that have strong connections with the governments of China and Singapore. Between them are Qiming Venture Partners, IDG Capital and particularly Temasek, an investment group owned by the government of Singapore.

Three years after the creation of Xiaomi, they were already selling more phones within China than Apple, with a market share of 2.5% and a value of 10 billion dollars. That same year, Xiaomi appeared in the global news for having contracted Hugo Barra, one of the principle figures responsible in the development of Android within Google.

A year later, in the fourth quarter of 2014, Xiaomi was already leading their market above popular brands like Apple, Samsung, or Huawei with a market share of 12.5%, becoming the most valuable emergent business in the world only four years after being founded, reaching a total value of 45,000 million dollars, surpassing the 40,000 million dollar value of the Uber taxi app.

Read more

LaptopHQ New Owenership

Hi there,

LaptopHQ changes ownership. After 3 years of inactivity, the website will start again to publish regularly. Beside laptos, we’ll also talk about software, mobile phones and other technological gadgetes.

Best,

The Management of LaptopHQ

The New 13 and 15 inch Retina Display MacBook Pros

MacBook Pro with a retina displayThe Macbook Pro is Apple’s top-of-the-line product. First introduced in 2006 and now in its third-generation, unibody aluminium guise, the Macbook is one of Apple’s most sought-after and hyped products. Now the Macbook is available with Apple’s new innovation: the retina screen. Essentially, a retina screen contains the maximum amount of pixels visible to the human eye, meaning that anything viewed on a retina screen should be indistinguishable from viewing an object in the real world with the naked eye.

Apple’s newest 13 and 15 inch offering come with 2,560×1,600 and 2,880×1,800 pixels respectively. Both laptops have dropped the optical drive, which makes them comparatively lightweight when considered against the older models.

As is to be expected with Apple products, you are absolutely forbidden from upgrading these laptops. The RAM chips are soldered in place and fixed at 8GB. The 13 inch version of the new Macbook retina series comes with an SSD card that you can’t remove either. Read more