BARNABAS S MUNATSI

2128500

1. What is VPN? [20 marks]

A virtual private network, or VPN, service establishes a secure, encrypted connection online.
Internet users can use a VPN to increase their online privacy and anonymity or get around
restrictions and blocking that is dependent on their location. A user should be able to send and
receive data securely over the internet thanks to VPNs, which essentially extend a private
network across a public network (Anon., n.d.).
A VPN is typically used over a less secure network, such the open internet. Internet service
providers (ISPs) frequently have extensive knowledge of a customer's behavior. However, some
unprotected Wi-Fi access points (APs) may provide an easy way for attackers to obtain a user's
private information. A VPN could be used by an internet user to prevent these invasions of
privacy. VPNs can be used to conceal a user's web activity, devices being used, Internet Protocol
(IP) address, and location. A VPN user's activity won't be visible to other users on the same
network. As a result, VPNs are a preferred tool for online privacy.
Data is encrypted at the sending end and decrypted at the receiving end of a VPN through the use
of tunneling technologies. To improve online activity security, the sending and receiving
network addresses are also encrypted .On mobile devices, VPN apps are frequently used to
secure data transactions. Moreover, they can be used to access websites that are geoblocked. But,
private surfing should not be mistaken with secure access using a mobile VPN. Encryption is not
used during private surfing; it is merely a browser setting that inhibits the collection of
personally identifying user information.
When it comes to setting up a VPN, network administrators have a number of options, which
include the following.
VPN for remote access: Clients for remote access connect to a VPN gateway server on the
company's network. Before allowing the device access to internal network resources, the
gateway requests that it confirm its identity. This kind typically uses SSL or IPsec to safeguard
the connection.
VPN for site-to-site: In contrast, a site-to-site VPN connects a whole network in one location to
a network in another location using a gateway device. Because the gateway manages the
connection, end-node devices in the distant site do not require VPN clients. The majority of site-
to-site VPN connections made online employ IPsec. Moreover, they frequently use carrier
Multiprotocol Label Switching (MPLS) connections for site-to-site VPNs rather than the open
internet. Layer 3 connection (MPLS IP VPN) or Layer 2 connectivity (virtual private local area
network service) can both be used for base transport lines.
Cellular VPN: In a mobile VPN, the server continues to be located at the network's perimeter,
allowing authenticated, authorized clients to access the network through a secure tunnel. But,
mobile VPN tunnels are not bound to real IP addresses. Instead, a logical IP address is associated
with each tunnel. The mobile device retains that logical IP address. An efficient mobile VPN
may move between access methods, various public and private networks, and offers users
continuous service.
VPN hardware: When compared to software-based VPNs, hardware VPNs have a number of
benefits. Hardware VPNs not only offer improved security but also load balancing for heavy
client loads. An interface in a web browser is used to administer administration. The cost of a
hardware VPN is higher than that of a software-based one. Hardware VPNs are more financially
feasible for larger businesses due to their cost. Devices that can serve as hardware VPNs are
available from a number of companies.
Multipoint dynamic virtual private network (DMVPN): A DMVPN allows data to be sent
between locations without going via a VPN server or router at the corporate headquarters. On
VPN routers and firewall concentrators, a DMVPN creates a mesh VPN service. Each remote
location has a router set up to link to the hub at the corporate office, giving it access to the
resources. A dynamic IPsec VPN tunnel will be established between two spokes when they need
to exchange data, such as during a voice over IP (VoIP) connection. The spoke will get in touch
with the hub to get the information it needs about the other end (GILLIS A , 2021).
2. How does VPN work? [20 marks]
In its most basic form, VPN tunneling establishes a point-to-point connection that is secured
from outside access. A tunneling protocol is applied over current networks to build the tunnel.
Various tunneling protocols, such as Open VPN or Secure Socket Tunneling Protocol, are used
by various VPNs (SSTP). The tunneling protocol utilized, such as SSTP on Windows OS, may
change depending on the platform the VPN is being used on and will provide variable levels of
data encryption. A VPN client (software program) must be running on the endpoint device, either
locally or remotely. The client will operate silently. Unless it causes performance problems, the
VPN client is not visible to the end user (Anon., n.d.).
VPNs link a user's search history to the IP address of the VPN server. Because VPN services
have servers spread throughout many regions, it will appear as though the user is from any one of
those places. Performance can be impacted by VPNs in a variety of ways, including user internet
connection speed, available protocol types for VPN providers, and the kind of encryption
employed. Poor quality of service (QoS) outside the control of an organization's information
technology (IT) department can also have an impact on performance in the enterprise.Several
VPN packages have a kill switch as a last-resort security measure. The kill switch will
immediately unplug the device from the internet if the VPN connection is lost, preventing the
possibility of IP address disclosure.

VPNs are utilized for virtual privacy by both corporations and regular internet users. Businesses
can employ VPNs to ensure that only approved, encrypted channels are being used by external
users to access their data center. VPNs can also be utilized to connect to a database maintained
by the same company but in a different location. VPNs can also be used to provide distant
employees, independent contractors in the gig economy, and business travelers access to
software located on proprietary networks. The user must be authorized to use the virtual private
network and submit one or more authentication factors in order to access a restricted resource
using a VPN. They could be biometric information, security tokens, or passwords.An attacker
may access an internet user's browsing history or IP address while they are browsing the web.
Users can feel secure using a VPN if privacy is a concern. Most consumers value a VPN's
encryption, anonymity, and ability to circumvent geographically restricted material (Anon., n.d.).
3. Explain the following VPN protocol's purpose:
1. PPTP [10 marks]
2. L2TP [10 marks]
3. IPSec [10 marks]
4. SSL VPN [10 marks]

PPTP (Point-to-Point Tunneling Protocol)

Virtual private networks (VPNs), which give companies a way to extend their own private
networks over the open Internet via "tunnels," are governed by a set of communication rules
called the Point-to-Point Tunneling Protocol (PPTP).
The infrastructure of a wide area network (WAN), such as the network of a public Internet
service provider (ISP) or telecom, can be used to build a large local area network (LAN), which
is effectively a VPN, by employing PPTP. Compared to setting up a network infrastructure over
such long distances, this is more cost-effective. With the establishment of a VPN over TCP/IP-
based networks, such as the Internet, PPTP makes it possible to create a secure path for data
transfer from a remote client to a server in a private company network. As though the client were
physically present on the business network, it enables remote users to safely access corporate
networks through the Internet.
An expansion of the point-to-point protocol currently in use on the Internet, PPTP was suggested
as a standard by Microsoft and its partners. These suggestions, along with Cisco's Layer 2
Tunneling Protocol proposal, might serve as the foundation for the upcoming Internet
Engineering Task Force (IETF) standard.
The following benefits of PPTP:
Reduced transmission costs: The Internet is the only service used. Reduced hardware expenses:
By separating ISDN cards and modems from RAS servers, there are fewer devices to buy and
maintain, lowering hardware costs. Reduced administrative burden: Rather than managing
several hardware configurations, administrators simply need to handle the remote access server
(RAS) and user accounts. Improved security: PPTP connections work with other networking
protocols like IP, Internetwork Packet Exchange (IPX), and NetBIOS Extended User Interface
and are encrypted and secured across the Internet (NetBEUI) (Anon., n.d.).
L2TP ( Layer Two Tunneling Protocol)
Internet service providers (ISPs) employ layer two tunneling protocol (L2TP), an extension of
point-to-point tunneling protocol (PPTP), to enable virtual private networks (VPNs). L2TP has to
use an encryption protocol to communicate within the tunnel in order to maintain security and
privacy. Over Layer 3 networks, L2TP transports OSI Layer 2 traffic. It accomplishes this in
three steps. The LAC and LNS must first be connected for L2TP to function. Before any data is
transmitted, the LNS and LAC, which act as the point-to-point tunnel's ends, must negotiate their
relationship. An IP address will be assigned to each device in the chain.
The transfer is negotiated during the second phase. Data transmission requires the PPP link layer
to be enabled via L2TP. Afterwards, data frames are readied for transport by being
encapsulated.L2TP constructs the tunnel last. Typically, a direct connection exists between the
distant workstation and a LAC at their local ISP (ISP). The LAC grants a network slot and
accepts the tunnel. Frames are sent between the endpoints via a virtual PPP interface that the
LNS establishes. The local network server (LNS) receives each individual IP packet as a
standard frame after the LNS removes the encapsulation information.
L2TP was initially designed to take the place of dial-up connections for distant networks.
Businesses needed a mechanism to connect employees, corporate headquarters, and branches
without paying exorbitant dial-up costs. By facilitating connections across the open internet and
lowering communication costs, layer 2 tunneling. Furthermore, it improved on earlier tunneling
protocols by including new security measures (ZOLA A , n.d.).

IPsec (Internet Protocol Security)

A group of protocols and methods known as IPsec (Internet Protocol Security) are used to
secure data sent across public networks, including the internet. Authentication Header (AH) and
Encapsulating Security Payload were the first two IPsec-defined techniques for safeguarding IP
packets (ESP). Whereas the latter encrypts and authenticates data, the former offers data integrity
and anti-replay features.
IPsec is used to secure sensitive data transmissions across networks, including those involving
financial transactions, medical records, and business interactions. Moreover, IPsec tunneling is
used to protect virtual private networks (VPNs), which encrypt all data exchanged between two
endpoints. In addition to providing security for routers relaying routing data across the open
internet, IPsec may encrypt data at the application layer. IPsec can be used to verify data without
encrypting it, such as to confirm that the data came from a known sender.
Without employing IPsec, data can be transmitted securely by encrypting it at the application or
transport levels of the Open Systems Interconnection (OSI) paradigm. Hypertext Transfer
Protocol Secure (HTTPS) handles encryption at the application layer. The Transport Layer
Security (TLS) protocol offers encryption at the transport layer. The risk of data disclosure and
attackers intercepting protocol information, however, increases when encryption and
authentication are performed at these higher tiers.
Both IPv4 and IPv6 networks use IPsec to authenticate and encrypt data packets. A packet's IP
header contains IPsec protocol headers, which specify how a packet's contents are handled,
including how it is delivered across a network and routed. The IPsec protocols create the
specifications for the network security standards using a method known as Request for
Comments (RFC). The internet uses RFC standards to deliver crucial information that helps
users and developers to build, administer, and maintain the network (Anon., 2021).

SSL VPN (Secure Sockets Layer virtual private network)

In order to provide secure, remote access VPN functionality, an SSL VPN makes use of the
Secure Sockets Layer (SSL) protocol or, more frequently, its successor, the Transport Layer
Security (TLS) protocol, in common web browsers.
Devices having an internet connection can create a secure remote access VPN connection using a
web browser thanks to SSL VPNs. When a client connects securely to the internet via an SSL
VPN connection, data exchanged between the client software on the endpoint device and the
SSL VPN server is protected using end-to-end encryption (E2EE).Devices having an internet
connection can create a secure remote access VPN connection using a web browser thanks to
SSL VPNs. When a client connects securely to the internet via an SSL VPN connection, data
exchanged between the client software on the endpoint device and the SSL VPN server is
protected using end-to-end encryption (E2EE).

Businesses use SSL VPNs to protect the internet sessions of users connecting to the internet from
outside the company as well as to give remote users secure access to organizational resources.
SSL VPNs encrypt all network traffic and give the appearance that a user is on the local network
regardless of location, allowing users to access restricted network resources remotely via a
secure and authenticated gateway. To stop unauthorized parties from listening in on network
connections and stealing or changing sensitive data, using an SSL VPN product is the main
justification. For remote connections to private enterprise networks, telecommuters, contractors,
and enterprise employees have secure and adaptable solutions with SSL VPN systems
(ROSANCRANCE L, 2021)
5. What are advantages and disadvantages of VPN [20 marks]
Advantages of VPN.
 Provide Safety through Anonymity
The two main benefits of using a VPN are anonymity and privacy. VPN services use encryption
to protect connections to the public internet. Also, they conceal online activities from nefarious
parties like hackers and other cybercriminals. By gathering personal information, websites and
apps aim to follow users and keep track of their online activity. By restricting access to the user's
connection, VPNs can stop that from happening. The user is automatically rendered anonymous
when all internet traffic leaving and entering the user's device is encrypted. The majority of
reliable VPN providers offer their users AES 256-bit encryption, which is regarded as the highest
level of military-grade protection available.

Secure Connection for Remote Work

These individuals can securely connect to their business network from a distance using a VPN to
access the files and other resources they need to do their jobs. The majority of office workers
could connect to the internet using an Ethernet connection before the COVID-19 outbreak.
Currently, remote work is being used by an increasing number of people. There is no way for
hackers to intercept the data because it is encrypted as it passes over the VPN connection (Anon.,
2023).
 Bypass Geo-Locked Content
Using a VPN also makes it possible to unblock a variety of websites and streaming services,
which is a significant benefit. Any web filter can be successfully bypassed with a good VPN
every time a user needs to access content that is blocked in their area. Any website or service that
wishes to track users must track their IP address in order to verify their location before showing
them material that is specific to their location. VPNs can prevent that by getting around geo-
location restrictions. When consumers try to view movies and TV shows on streaming platforms,
this feature is helpful (Anon., 2023).
Cost-Effective Security
VPNs offer incredibly cost-effective ways for customers to remain anonymous, protected, and
private online. Depending on how long a user's subscription is for, the majority of the best VPNs
in the globe range in price from $2 to $11 a month. Users receive top-notch encryption, extensive
server networks, cutting-edge security features, and the capacity to change their IP address
location in return. The majority of contemporary VPN providers now include free trials and
money-back guarantees, making them even more affordable and enabling users to test the service
before subscribing to it. Moreover, VPNs frequently provide lifetime subscription plans and
seasonal discounts to further reduce the price.
 A VPN Can Prevent Bandwidth Throttling
VPNs are particularly successful at preventing bandwidth throttling, which can cause users to lag
or wait a long time to load some websites, especially near the end of the month. In order to keep
specific users within their download restrictions, internet service providers and network
managers typically throttle bandwidth. As a result, they restrict how much data customers may
transfer in a given time frame. VPNs can prevent bandwidth limiting by ISPs and administrators
by encrypting the traffic that a user's device generates. The traffic filters in place cannot limit
user traffic because ISPs and administrators cannot view the content of the user's traffic.
Streamers and torrenters who consume a lot of bandwidth each month will benefit from this
circumstance.
VPNS Can Bypass Firewalls
When dealing with firewalls, VPNs are quite proficient, choosing to travel through them rather
than around them. A tunneling protocol is used by all consumer-grade VPNs to protect users'
online identities and provide anonymity while they browse. VPNs accomplish this by encrypting
the tunnel while disguising the user's traffic. ISPs and governmental organizations believe a user
is from a different country when they connect to a VPN server to alter their IP address.
Furthermore, because the content of the incoming encrypted traffic cannot be viewed, the
firewall is unable to determine whether it needs to be stopped. In countries like China where such
streaming services are blocked, VPNs are able to unblock services like Netflix and Amazon
Prime Video thanks to these techniques. Simply select a server in the appropriate nation (for
Netflix, the U.S.), connect to the server, and then stream Netflix video as usual.
VPNs Make Online Gaming Better
By securing users' IP addresses and encrypting their gaming traffic, VPNs can improve online
gaming. This protects the user against possible swatting and doxxing attacks, in which a different
player uses the user's IP address to discover their home address. The user can then receive
emergency services, pizza deliveries, or anything else from angry players at their residence.
Because to the fact that the user's real IP address cannot be seen, VPNs can help defend against
DDoS attacks. A VPN can conceal the user's behavior so the ISP won't know to throttle the
connection if the user's ISP throttles gaming traffic. If a person does not reside in a region where
certain online games are available, they cannot access those games. By shifting the user's
location to the location where the game is accessible, VPNs can be useful. The same is true for
DLC and add-ons that are region-specific. Online games occasionally prohibit players for
misbehavior. Administrators occasionally have the power to arbitrarily prohibit users, either on
purpose or by error. The player can avoid IP bans by utilizing a VPN because these services
allow users to alter their IP addresses (Anon., n.d.).
VPNs Might Help You Avoid Online Price Discrimination
Users of VPNs can benefit from price reductions on a variety of online goods. Discounts of up to
$4,000 can be obtained by using VPNs to buy the proper products. For the same services and
goods, several businesses establish various pricing in various places. Users can change their
locations to the area with the best deals and make their purchases using a VPN. Subscription
plans to various sports streaming services like the NBA League Pass and NFL Game Pass are
among the most well-known examples of region-specific pricing. Customers can also save
money by purchasing software, games, and apps. There are times when customers can get
significant savings on things like vehicle rentals, plane tickets, hotel reservations, and much
more. Several websites now demand that visitors enter credit card information from a local bank.
So, the provider might not take a credit or debit card from a foreign bank, even if the user uses a
VPN server to change locations in order to view the lowest pricing. In addition, one must take
into consideration bank fees, exchange rates, and a variety of other fees associated with foreign
transactions. Users should therefore confirm the actual savings before buying a product from a
place with lower prices.

Disadvantages of a VPN
A VPN May Decrease Your Speed
Data sent to a VPN server, which can be almost anywhere in the world, must first be encrypted
by the VPN before being sent by the user. The data must first go from the server to its final
destination before being sent back to the user along the same path. Although the best VPNs can
reduce it, the user's internet speed will be slower due to the greater distance that the data must
travel.
 Dropped Connections
VPN services may lose secure connections because of the internet's innate chaos. Dropped
connections have the potential to cause data leaks, which jeopardize user security, privacy, and
anonymity. The majority of top-tier VPNs contain a kill switch functionality to alleviate this
issue, but if it is absent or malfunctions improperly, the user's actual IP address may be made
public.
A VPN Isn’t Legal in All Countries
Depending on the user's location, using a VPN may or may not be permitted. Some countries
don't want their people accessing materials that they deem inappropriate for consumption. Such
governments either outright ban or penalize using a VPN depending on the circumstance. The
legality of a VPN service is a problem that all VPN customers must deal with because laws are
constantly changing. Users should always confirm that using a VPN is permitted in their area.
 Using the Wrong VPN Can Put Your Privacy in Danger
For the user's privacy and anonymity, picking the wrong VPN might be disastrous. A VPN
service is probably not good for privacy or online security if it does not have a strong reputation
on various forums and review websites. Also, customers have access to a variety of VPNs for a
variety of uses. A user who merely wants to access Netflix or Amazon Prime Video may be able
to get by using a VPN that places more of an emphasis on unblocking capabilities than on
privacy or security. But, it's terrible news if a user decides to subscribe to a VPN for streaming
because they are worried about their privacy, security, or anonymity. The user must be willing to
trust the VPN with their personal information in order to sign up for a VPN service (GAILLE L,
2020).

Quality VPNs Will Cost Money

Online privacy and data security are provided by high-quality VPNs, but they are not cheap.
Although though the cost is usually not excessive—at the high end, it's frequently around $10
per month—it could not be affordable for all customers. VPNs provide significant savings on
their two- and three-year plans, but these call for full payment up front with the understanding
that the VPN would still be operational at the conclusion of the prepaid time.There is no
assurance that the VPN service in question will continue to perform well, which is another issue
with signing up for one. Before a user commits to a long-term relationship with a high-quality
service, it is important to consider the possibility that it will deteriorate in quality over time.
Before a consumer commits to a service for the long term, they should be aware that a high-
quality service today may become less so over time.
Not All Devices Natively Support VPNs
Not all platforms are supported by some lesser-known VPNs. For people who don't use a
common device or operating system, it can become a problem. Lack of compatibility won't be an
issue for the great majority of users, but configuring most VPNs will be challenging for people
using older operating systems or even older hardware. In more detail, modern operating systems
like macOS, Windows, Android, and iOS work just well, while earlier releases of Linux,
Windows, Android, and iOS might not.
The VPN Service Might Monitor Your Activity and Use Your Data
If a VPN provider does not have a good reputation, it may monitor the user's activity and use
their data. Several VPN firms, despite charging for their service, make an effort to supplement
their income by selling user data. As was previously noted, while a user registers for a VPN, they
are putting their trust in the VPN service rather than the ISP to handle their data and guarantee
the privacy of their online behavior .Some VPNs, nevertheless, break their word and log user
activity. VPNs occasionally don't keep track of user activities because they wish to sell such
data. Several VPNs monitor user activity and data in order to improve their service. Some do it to
create new things that they might later want to market. Some people do it so they can defend
themselves if law enforcement officials show up at their home. To ensure that no illicit behavior
is occurring through their servers, VPNs also keep an eye on its customers.
It Might Be Difficult To Set Up for Business Users
Due to the size of the operation, corporate users could find it challenging to set up a VPN. For
privacy and anonymity, personal users only need to install a VPN software and buy a package;
business users must ensure the security of the entire office network. This is a challenging task
that many VPNs are unable to complete. Workplace networks are already complicated, and
adding a VPN makes them even more so. Businesses cannot use VPNs in a way that safeguards
their network and secures their data without a team of network specialists. Another issue that
corporate users encounter is scalability. Ten VPN users needing safety is one thing; thousands
needing the same protection is quite another. Moreover, VPN services struggle to provide
granular management. The entire network is often accessible after a user connects to the VPN
service. Even those places where non-admins are not supposed to be. This may unnecessarily
jeopardize vital company infrastructure.
 Using a VPN Cannot Guarantee 100% Anonymity
While SCVPNs make every effort to secure user information and online identity, no service in
the world can ensure that a user's connection to a server will always be anonymous. The internet
is a volatile environment, and this volatility always brings along new issues that may jeopardize
data security and privacy. In addition, businesses, web services, streaming services, websites,
and applications have additional methods of user tracking. If they are aware of a user's browsing
habits, they can use methods like fingerprinting and neighbor activity analysis to discover more
about them. VPNs are unable to address these issues. Additionally, VPNs are unable to stop the
ways that corporations like Facebook and Google collect data and track user behavior on their
platforms if the user has subscribed to their services. Websites and applications employ cookies
and other trackers in addition to fingerprinting to collect user data. VPNs are powerless to stop
these services from collecting user data via cookies and other trackers. (A, Zohair, n.d.)
References
A, Zohair, n.d. https://securitygladiators.com. [Online]
Available at: https://securitygladiators.com/vpn/advantages-disadvantages/
[Accessed 07 MARCH 20223].

Anon., 2021. https://www.techtarget.com. [Online]

Available at: https://www.techtarget.com/searchsecurity/definition/IPsec-Internet-Protocol-Security
[Accessed 09 MARCH 2023].

Anon., 2023. https://www.techamerica.org. [Online]

Available at: https://www.techamerica.org/vpn-advantages-and-disadvantages/
[Accessed 09 MARCH 2023].

Anon., 2023. https://www.techamerica.org. [Online]

Available at: https://www.techamerica.org/vpn-advantages-and-disadvantages/
[Accessed 07 MARCH 2023].

Anon., n.d. https://www.fortinet.com. [Online]

Available at: https://www.fortinet.com/resources/cyberglossary/how-does-vpn-work
[Accessed 07 MARCH 2023].

Anon., n.d. https://www.hitechwhizz.com/. [Online]

Available at: https://www.hitechwhizz.com/2020/02/7-advantages-and-disadvantages-risks-benefits-of-
vpn.html
[Accessed 07 MARCH 2023].

Anon., n.d. https://www.kaspersky.com. [Online]

Available at: https://www.kaspersky.com/resource-center/definitions/what-is-a-vpn
[Accessed 07 MARCH 2023].

Anon., n.d. https://www.oreilly.com. [Online]

Available at: https://www.oreilly.com/library/view/virtual-private-networks/1565925297/ch04s02.html
[Accessed 08 MARCH 2023].

Anon., n.d. https://www.proofpoint.com. [Online]

Available at: https://www.proofpoint.com/us/threat-reference/vpn
[Accessed 06 MARCH 2023].

GAILLE L, 2020. https://vittana.org/. [Online]

Available at: https://vittana.org/16-major-advantages-and-disadvantages-of-a-vpn
[Accessed 10 MARCH 2023].

GILLIS A , 2021. https://www.techtarget.com. [Online]

Available at: https://www.techtarget.com/searchnetworking/definition/virtual-private-network
[Accessed 07 MARCH 2023].

ROSANCRANCE L, 2021. https://www.techtarget.com. [Online]

Available at: https://www.techtarget.com/searchsecurity/definition/SSL-VPN
[Accessed 09 MARCH 2023 ].
ZOLA A , n.d. https://www.techtarget.com. [Online]
Available at: https://www.techtarget.com/searchnetworking/definition/Layer-Two-Tunneling-Protocol-
L2TP
[Accessed 09 MARCH 2023].