VPNs rise to the mainstream: Read or miss out

main

Credit Photo: wakingtimes.com

 

A few years ago, adopting a VPN was not the simplest of tasks for IT managers for a number of reasons which included: deployment, compatibility or interoperability issues and the expense of these systems. Things have changed. VPNs are now entering the mainstream, and many companies view them as a telecommunications necessity from both security and cost perspectives.

 

Originally designed to reduce the costs of connecting branch offices to the main office of a business, VPNs addressed the concern of high costs of leased lines and dedicated connections. The next matter-of-course step was to adapt VPNs to individual remote use, for internal network access and secure operations across the internet.

 

Widely used by companies to protect corporate data, Virtual Private Network took over the personal data arena, as well, to such a degree that the use of a VPN has become an almost inalienable, “basic right”, for virtually any kind of private data exposed to the internet.

 

SSL VPNs pushed by Microsoft or the desktop VPN released just late last month by Opera, help the use of a VPN reach the mainstream.

 

To sum, a VPN enables a computer that is located outside the corporate network to connect to that network as if it were inside the building, allowing access to internal resources such as file shares, applications, and printers. Beyond connectivity a VPN implicitly means that a secure bridge has been created between any given device using that connection and your business server, which can be on your premises or in the cloud.

 

Geographically dispersed workforce, no longer a thing of particularity, but rather the norm as highly data oriented companies outsource or expand internationally, increase the need for data protection, as defense for these intangible assets. In this new paradigm, data loss or data leakage  is just like throwing money out the window, since it may lead to competitors picking up sensitive information about your business and use it against you in the economic arena.

 

The need to access corporate or commercial information is a core component of connectivity inside the enterprise and managing these intangible assets over a plain internet connection is simply not for business use.
At the same time, on individual approach, data leakage will make your online footprint larger and more visible, while some embedded, sometimes default, features  of your favorite social networks like facebook’s location, Twitter’s places, share your data with third-party companies.

 

CLIENT vs. CLIENTLESS:

 

Clientless VPN  solutions enabled the technology to go a bit further towards mainstream and so have appliances and servers or cloud-based, hosted VPN services, in their growing plurality.

When challenged to go with one technology or the other, one may be faced with several conundrums: “client vs. clientless” or “hosted or on premise”.
Naturally, each one of these options has pros and cons according to specifics. Still, the question lingers: “which remote user communities can they best serve? What does it really take to install and each or any of these VPN solutions?

Let’s just start with SSL VPNs, since they debuted over a decade ago and are generally held to be a user-friendly, cost-effective, secure remote access method.

SSL

The Secure Sockets Layer (SSL) VPN was developed to simplify access to internal company network resources for remote end users. An SSL VPN is a VPN based on the Secure Sockets Layer protocol developed by Netscape Communications during the 1990s. Netscape Communications developed this protocol to transmit private documents via the Internet by initiating a connection from a client to a server using data encryption and other options such as server authentication, message integrity, and client authentication. SSL is now a standard built into every major web browser and web server. In addition to being used in web browsers, SSL has been adapted to secure other protocols (e.g., POP3, IMAP, and SMTP).

SSL PROs & CONs:

-access to specific applications, rather than entire subnets.

Getting access to exact applications can be helpful for hospitals and health care facilities, as they enable remote access to medical applications and patient information directly to the application. However IPSec(client based) connects hosts to entire private networks, while SSL VPNs connect users to services and applications inside those networks.

–Most SSL VPNs provide secure access to Microsoft Outlook Webmail, network file shares and other common business applications. However, they often require custom development to support nonbrowser-based apps.

–SSL VPNs are not designed for an environment where the VPN connection needs to be always on and shared by multiple users; since it requires a web browser to function. This makes SSL VPN connections only suitable for a single user to connect, other VPN implementations, such as IPSEC, where the client can be a single computer or a hardware device can tunnel multiple users’traffic back to the office VPN server.

–web browser pop-up blockers could prevent them from running. The pop-up blocker may see pop-ups coming from the SSL VPN as nuisances and block the helper applications from performing their security and proxy functions.

–on Windows XP and Linux users may encounter issues due to the different levels of access that these operating systems have for users, both put the standard user account at a level that does not allow the kind of changes on the local computer that are needed for the helper applications to run.

–Security concerns: the host checking application may only check the remote computer once when the user logs into the SSL VPN. If the host checking application does not run continuously while the user is logged in, the user could potentially breach the company’s security requirements and policies without censor.

HOSTED VPNS

Appliances or servers will give you great control, but cloud-based, hosted or outsourced VPN services are the real deal breaker, with an unrivaled cost-to-features and security ratio, spearing you of the typical technical hurdles of on premise deployment and use.

A hosted business VPN solution will overcome the following thorny issues:

  • on premise deployment:
    having a dedicated VPN in place will reduce the complexity of deployment and use to a minimum of only having to run a single interface software;
  • data security:
    internal data, sites, git repositories and all information will be coated in multiple layers of encryption;
  • remote connectivity:
    you will enable access across a geographically disperse workforce;

 

My IP.io, the platform of choice for many agile businesses, trusted brand by thousands of happy business owners.

 

MyIP.io is a self-managed VPN network platform, delivering fast, secure and reliable VPN service , designed with the professional focus in mind. Our platform caters to a wide demographic through three channeled directions:Personal,Dedicated and Business, so it makes for a wonderful choice for corporate or personal use at the same time.

Engineered as a global platform,MyIP.io is a VPN service provider committed to developing applications and services that preserve an open and secure Internet experience while respecting user privacy.

 

 

 

Sources:

www.giac.org

[1] www.giac.org

Everything you wanted to know about VPN encryption but were too overwhelmed by the techie jargon to ask

Photo Credit: pop art tumblr

They say that a VPN is only as good as its encryption capabilities, but encryption in itself is not the simplest of topics. The terminology used to determine how secure a VPN connection is, can get very confusing, very quickly. Slapdash to the point of being misleading, many VPN providers describe the encryption they use in a telegraphic manner or worst, they don’t describe it at all.

Eavesdroppers are kept away, when using a VPN app. that encrypts your data and cloaks your IP address and it’s important to know how secure your VPN really is by simply becoming acquainted with jargon.

OPEN VPN CYPHERS

Before getting familiar with security standards and encryption protocols, let’s just focus on this pretty impressive feature for a VPN to have, the Open VPN Cipher: AES (Advanced Encryption Standard) with 256-bit keys — also known as the AES-256. This security standard is basically the same encryption standard adopted by the U.S. government and used by security experts worldwide to protect classified information.

Right below we have AES- 128, the Open VPN Cipher used by My IP.io, which remains secure as far as the AES in general is regarded. The mathematics of the 128 bit AES goes to show that a billion billion years are required and a supercomputer for a brute force attack to crack it.

Pretty impressive, huh?

For the sake of the argument, it is worth mentioning that given sufficient time, a brute force attack is capable of cracking any known algorithm.

With this in mind, here’s the actual math of the number of years it would take to crack 128- bit AES (notice the exponential increase depending on the key size!)

No. of Years to crack AES with 128-bit Key = (3.4 x 1038) / [(10.51 x 1012) x 31536000]
= (0.323 x 1026)/31536000
= 1.02 x 1018
= 1 billion billion years

Of course AES is not perfect, but hey! math doesn’t lie and the fact that governments and businesses place a great deal of faith in the belief that AES is so secure that its security key can never be broken, despite some of its inherent flaws and that it has been a standard coined by the U.S. National Institute of Technology (NIST) since 2001, it’s no insignificant detail.

A VPN is only as good as its encryption capabilities.

Wikipedia defines encryption as being the process of encoding data in such a way that only authorized parties can read it. Encryption does not of itself prevent interception, but denies the message content to the interceptor. In an encryption scheme, the intended communication information or message, referred to as plaintext, is encrypted using an encryption algorithm, generating ciphertext that can only be read if decrypted.

For technical reasons, an encryption scheme usually uses a pseudo-random encryption key generated by an algorithm. It is in principle possible to decrypt the message without possessing the key, but, for a well-designed encryption scheme, large computational resources and skill are required. An authorized recipient can easily decrypt the message with the key provided by the originator to recipients, but not to unauthorized interceptors.

Simply put the above statement can be summarized in the idea that encrypted data can be decoded only with the right decoder.

An encryption key tells the computer what computations to perform on data in order to encrypt or decrypt the data.

There are two main encryption models:

· symmetric-key encryption, based on the same key used to both encrypt and decrypt a message shared among all users.

  • public-key encryption, each computer (or user) has a public-private key pair. The private key from one computer (or user) encrypts the message, while the other computer uses the corresponding public key to decrypt that message.

The Tunnel, a Matrioshka of files:

Photo Credit: www.red5.co.uk

Essentially, when using a VPN app., data is encrypted at each end of the tunnel and decrypted at the other end.

The tunnel itself is simply the path connecting two locations (flashback to a tunnel going under a mountain, where the mountain is the internet and the tunnel is the safe path through the other side).

When it reaches the internet, each data file is broken into a series of packets to be sent and received by devices connected to the internet, as the de factomanner in which data travels online. In this context, tunneling is the process of placing an entire packet within another packet (yeah! Just like a Russian nesting doll, a Matryoshka of files) before being sent on the internet. That outer packet protects the inner packets and ensures that the “cargo” moves within the virtual tunnel.

ENCRYPTION PROTOCOLS

While the tunnel itself is not encrypted, but encoding can be added, a VPNneeds more than just a pair of keys in order to apply encryption. This is where protocols come in.

IPSec or Internet Protocol Security is a widely used protocol for securing traffic on IP networks, including the Internet. IPSec can encrypt data between various devices, including router to router, firewall to router, desktop to router, and desktop to server.

In a nutshell, IPsec provides mechanism, not policy: rather than define such-and-such encryption algorithm or a certain authentication function, it provides a framework that allows an implementation to provide nearly anything that both ends agree upon (source: Friedl).

IPSec consists of two sub-protocols which provide the instructions a VPN needs to secure its packets:

  • Encapsulated Security Payload (ESP) encrypts the packet’s payload (the data it’s transporting) with a symmetric key.
  • Authentication Header (AH) uses a hashing operation on the packet header to help hide certain packet information (like the sender’s identity) until it reaches destination.

VPNs use IPSec in tunnel mode with IPSec ESP and IPSec AH working together.

In a remote- access VPN, tunneling typically relies on Point-to-point Protocol (PPP)

However, when trying to determine the VPN app. of choice for you, you might meet one of these three protocols based on PPP:

  • L2F (Layer 2 Forwarding) — Developed by Cisco; uses any authentication scheme supported by PPP;
  • PPTP (Point-to-point Tunneling Protocol) — Supports 40-bit and 128-bit encryption and any authentication scheme supported by PPP;
  • L2TP (Layer 2 Tunneling Protocol) — Combines features of PPTP and L2F and fully supports IPSec; also applicable in site-to-site VPNs

Secure Shell — SSH

SSH, also known as Secure Socket Shell, is a network protocol that provides administrators with a secure way to access a remote computer. SSH also refers to the suite of three utilities that implement the protocol: — slogin, ssh, and scp — that are secure versions of the earlier UNIX utilities, rlogin, rsh, and rcp.

Secure Shell provides strong authentication and secure encrypted data communications between two computers connecting over an insecure network such as the Internet. SSH is widely used by network administrators for managing systems and applications remotely, allowing them to log in to another computer over a network, execute commands and move files from one computer to another.

At its core, Secure Shell (SSH) is a UNIX-based command interface and protocol for securely getting access to remote computers. SSH allows you to connect to your server securely and perform Linux command-line operations.

SSH commands are encrypted and secure in several ways. Both ends of the client/server connection are authenticated using a digital certificate, and passwords are protected by being encrypted.

My IP.io comes bundled with a variety of VPN encryption protocols, supporting all the latest security protocols including SSTP, PPTP, IPSec, L2TP, SSTP and 128bit –AES, OpenVPN cipher.

When you use the MY IP.io app, you can easily switch between protocols,although it’s recommended that you stick with defaults.

Sources:

Howstuffworks.com

Unixwiz.net

Using a VPN when in China: The Samurai Way

Photo Credit: tarantinogenre.wordpress.com

 

 Behind the Great Firewall

 

The Chinese internet goes by very strict policy imposed by a variety of laws and administrative regulations, controlled by an authoritarian government that tries to

neutralize critical online opinion.

 

It’s an unprecedented censorship system in all rights, that turned the Chinese internet into the largest digital boundary the world has ever seen.

 

However solid, The Great Chinese Firewall, is just a component in a much stronger censorship and surveillance project called The Golden Shield or perhaps what may be better called as “the golden curtain”.

 

The great divide or the cold war over internet

 

china censorship

Photo Credit: craftymcclever.com

 

Beyond the gated community of the Chinese Great Firewall, the “Chinese wall” abbreviation is today a business term, spreading its meaning to international affairs, imposing heavy entry barriers to outsiders.

 

Just early last month, Uber the ride-hailing giant, succumbed to its Chinese competitor Didi, announcing the selling of its Chinese operations to Didi Chuxing, the homegrown favorite.

 

Call it the great divide or the “cold war of internet”, whichever the epithet, it’s easy to recognize the Asian monopoly inside the region, a situation that has become more real than pollution.

 

VPNS and Workarounds

 

vpn china

Credit Photo: yanidel.net

But behind the great firewall, people are becoming more and more knowledgeable of ways to go around government’s censorship by using VPNs and other workaround tools. Even though circumvention tools are little used by ordinary Chinese, for the vast majority of westerners based in China, a VPN download is a common habit, just as drinking “still water” or keeping your air conditioning at minimum temperature.

 

Setting yourself up with a VPN connection, when in China is the first thing to consider, whether you’re looking to stay away from the control apparatus or simply connect to Netflix streaming. The connection, however, goes  at a global low speed pace, so you’ll need to have your expectations straight when entering the arena a VPN app. is able too unlock for you.

 

 

And Chinese online censorship doesn’t seam to back down, especially after a series of large, anti-pollution, anti-corruption protests, and ethnic riots, many of which were organized or publicized using instant messaging services, chat rooms, and text messages,.

 

China and not Silicon Valley is cutting edge innovation

 

In this photo taken Aug. 11, 2010, a Chinese worker labors at a production line at the factory of Lenovo Electronic Technology Co., Ltd. in Shanghai. Japan lost its place as the world's No. 2 economy to China in the second quarter as receding global growth sapped momentum and stunted a shaky recovery. (AP Photo/Eugene Hoshiko)

In this photo taken Aug. 11, 2010, a Chinese worker labors at a production line at the factory of Lenovo Electronic Technology Co., Ltd. in Shanghai. Japan lost its place as the world’s No. 2 economy to China in the second quarter as receding global growth sapped momentum and stunted a shaky recovery. (AP Photo/Eugene Hoshiko)

 

On the flipside, China’s local technology companies are flourishing protected behind the “internet gates that keep over 700 million users loyal to local brands. Beijing walls its homeground internet from the rest of the digital world for two decades, preventing technology companies like Facebook to tap the Chinese market. Still, there is a growing anticipation that Chinese companies could prove even more competitive in emerging sectors like virtual reality, artificial intelligence or robotics, if let to a more liberated own device – market.

 

But the digital censorship has proven to be very lucrative for local technology companies like Tencent, the giant that owns WeChat, a 700 million user app that combines e-commerce and real-world services in ways that has the western companies in awe.

 

We Chat, the super-app that’s lumping together social media, e-commerce and traditional retail, is often compared with Facebook. Truth of the matter is, WeChat has long outperformed its American counterpart in terms of features and functionality. As Jonah M. Kessel and Paul Mozur puts it in  New York Times, WeChat is “your What’s up, Facebook, Skype and Uber; it’s your Amazon, Instagram, Venmo and Tinder, but it’s other things we don’t even have apps for. There are hospitals that have built up whole appointment booking systems, there are investment services, there are even heat maps that show how crowded a place is at your favorite shopping mall or at a popular tourist site, the list of services goes on basically forever..”

 

It’s no news that the Chinese market is home to a copycat cultural habit, but at the same time China and not Silicon Valley is cutting edge innovation if we were to quote New York Times. While still lagging in some important areas, China managed to protrude Baidu instead of Google, Weibo for Twitter, WeChat for Faceebok or Alibaba instead of Amazon. Letting users hail a taxi or order a pizza without switching to another app., the rich, resourceful Chinese digital world is proving itself to be worthy of causing a real great split between China and the rest of the world.

 

Concurrently the authoritarian Chinese way of conducting business has their own local tech firms forced to chose market: it’s either home or anywhere else; cuz for China considering how large the market really is, the grass isn’t always greener. 

 

China, the World’s Biggest Digital Empire

 

Shenyang

Photo Credit: nasa.gov

However functional, internet censorship in China is not to be taken lightly, as at the helm of the world’s biggest digital empire stands the communist party, with a long record of human right violation.

 

On this “other internet planet” one should pay attention to personal data in a more “in depth’ understanding of the notion. There’s basically no safety net preventing the government to monitor closely corporate or personal data.

 

The Internet in China. FACTS:

china great firewall

Photo Credit: cnn.com

In China, individuals and companies rent their broadband access from the Chinese state or a state-controlled company. There are four national networks, CTNET, Chinanet, Cernet and CHINAGBN as backbone of the Internet in China. 2008 restructure, lead to the emergence of three major national service providers, China Telecom, China Unicom and China Mobile, in all of which the state has a majority control.

 

 

  • Population: 1.38 billion (according to worlometers.com)
  • Number of Internet users: over 700 million
  • Internet penetration rate: 52.2 %
  • Number of journalists in prison: 199
  • Number of netizens imprisoned: 84 (reported in September 2015)

 

 

Surveillance – A government affair

snowden sureillance

Photo Credit: nytimes.com

The mass surveillance program that goes on China is operated through many government departments, involved in censoring and monitoring the Web:

 

Not only social networks, but popular internet telephone platforms are affected by the control regulations of this apparatus. Skype is a good example in the matter. A local partner, closely monitors Skype services in China, known as TOM-Skype, a slightly different version than the one available in other countries. Equipped with automatic filters to comply to the status quo restrictions imposed by the government, Skype’s software has suffered a mutation of its own. Reports by OpenNet Initiative Asia show that certain keywords can trigger monitoring and interception once typed in text chats. The message is then stored on an online server of TOM-Skype.

 

If workaround tools like My IP.io, or any other reliable VPN connection ar not used, the official Skype site redirects users to TOM-Skype. Often times, users are not aware that they are using a surveilance tuned version of Skype and that their data security could potentially be at risk.

Breaking the Wall   

 

VPN connection when in China

 

Photo Credit: businessinsider.com

There are many ways of circumventing the totalitarian Chinese surveillance system, such as proxy servers or VPNs.

 

Any company selling VPN services in China must comply with regulations, hence register with the Ministry of Industry and Information Technology. Plus they’re constantly targeted by the local authorities and are often slow and unstable.

 

As monitoring and surveillance is not confined to the Great Firewall, but built into social networks, chat services and VoIP, the best solution falls in the court of companies outside China.

 

MyIP.io is a self-managed VPN network platform, delivering fast, secure and reliable VPN service ,with servers located in France, Romania and Canada, hence is not subjected to DMCA compliance.

 

 The platform was designed with the professional focus in mind and caters to a wide demographic through three channeled directions:Personal,Dedicated and Business, so it makes for a wonderful choice for corporate or personal use at the same time. Engineered as a global platform,MyIP.io is a VPN service provider committed to developing applications and services that preserve an open and secure Internet experience while respecting user privacy.