INSUBCONTINENT EXCLUSIVE:
VPN use has increased considerably over the past five years
While users in the west are less likely to go online through a VPN client, those in Asia and BRICS nations are the top subscribers
This affords online privacy, encryption, and even the avoidance of region blocking, useful for watching overseas TV or Netflix.But what are
you getting for your $10 a month? To find out what goes on behind the scenes in a VPN server, we spoke to NordVPN.In what is believed to be
an industry first, TheIndianSubcontinent Pro and NordVPN have teamed up for a guided tour of a VPN server
NordVPN technicians helpfully set up an SSH session to demonstrate the key aspects of a random selection of VPN servers.Mark Halstead is the
CTO of NordVPN and he guided us through the company's policy on logging and how this is implemented
His colleague Tom Okman also joined us for some further explanations.Anatomy of a VPN serverWe started by looking at a VPN server.Using a
VPN is simple as a subscriber
You sign into the server via the VPN client, which by default encrypts and routes all activity from your PC to the chosen VPN server
From this point, the VPN server authenticates access and provides a gateway to the internet beyond
The server is protected by a NAT/Firewall, while recursive DNS helps to guarantee a successful connection to the intended website or service
(perhaps streaming a YouTube channel)
A database of live sessions might also be running, alongside some statistical monitoring.A VPN is supposed to enhance your privacy and help
One of the key advantages of using a paid VPN subscription is that the company providing access to its VPN servers keeps as little
information about you and your activity as possible.Operating systems create logs by default, which means that any conscientious VPN
provider would take steps to disable this
So, how meticulous has NordVPN been?The session revealed that NordVPN's Linux servers are configured with various tools that enhance
security, privacy, and authentication
FreeRADIUS is used for authentication, while the squid proxy software is also used
SaltStack is used for correct server configuration, controlling the infrastructure.A running VPN server (in this case a box based in Ireland
with 149 days of uptime) is configured with OpenVPN as well as IPsec for encrypting data
Four threads on TCP and four on UDP are routed through OpenVPN, with both transport protocols given equal status.(Image credit:
Shutterstock)How DNS leaks are preventedOne important privacy aspect of VPNs is protecting against DNS leakage
This is when requests to a DNS server (basically an index of IP addresses and corresponding website URLs) are visible to anyone monitoring
the connection, despite using a VPN.Observation of your online activity in this regard could leak information that could prove inconvenient
DNS leaks can be checked at IPleak.com, but what are VPN services doing to prevent DNS leakage?NordVPN's servers, as expected, use their
But operating systems offer challenges
For example, on Android the operating system must disable IPv6 to avoid DNS leak possibility
transpired in recent months is the arrival of VPN servers that claim to be in country X but are in fact situated in country Y
This is not something that NordVPN practices
policyVPN users expect their activity to be private
As the data is being encrypted between the client device and VPN server, it is reasonable to assume that logs won't be kept of activity
Zealand, the so called Five Eyes) would be compelled by law to provide logs of its subscribers' activity on one or more servers.NordVPN's
approach to no logging is to simply disable logs on their servers
By basing the company in Panama, it is under the jurisdiction of an authority that has no mandatory data retention laws
In addition, Panama is not involved in the Five Eyes or Fourteen Eyes alliances
NordVPN operate a "warrant canary" page on their site so subscribers can check if the VPN service has received warrants, gag orders, or
"National Security letters."We've already seen that a VPN server is complicated; with 5629 servers in 58 countries, how do NordVPN ensure
All generated data about connections, destinations, and activity are simply discarded into the ether using the dev/null path.To demonstrate,
Mark showed us servers in Italy, Hong Kong, and Ireland
Hong Kong and Ireland were TheIndianSubcontinent Pro's choices, whereas Italy was NordVPN's
that logs were discarded to the non-existent virtual path of dev/null
The result is logless VPN servers - exactly what a security and privacy-conscious VPN user is looking for.NordVPN is so confident of its
no-logging policy that it has contracted auditing giant PricewaterhouseCoopers to assess its VPN servers
should be straightforward
However, with the potential for so much activity to be exposed, VPNs are regularly targeted by DDoS attacks
Distributed denial of service attacks strike at a server's ability to process data effectively, resulting in the server's owner taking
It was more than 500Gb per second," Mark told us
"We never work in one country with one provider," continues Tom
"We have a mechanism that monitors the health of the systems, and automatically takes the service out of the quick connect and the
Cloudflare and Amazon in some cases, so that's more mitigated."While NordVPN has a strategy for dealing with DDoS attacks when targeted,
they're also building faster servers
Relying purely on RAM, their diskless servers and new TCP technology are likely to have an impact on making the entire VPN industry
One way to do this is to offer improved performance for VPN customers
NordVPN is developing several technologies to enhance speed and security and took the time to share details of two of them.Diskless servers
are pretty much what you would expect, servers with no moving parts
Designed to boot remotely and rely on RAM rather than a physical spinning HDD, diskless servers have been introduced with a triple benefit:
diskless server can be taken offline instantly, mitigating the impact of the attack considerably
"With these servers in RAM, I don't think hacking into the system would make much sense," Tom tells us
"Once it's rebooted, once the credentials are changed, it's automatically reinstalled, fresh from the start."Imagine going online via a
VPN and finding that your internet connection speed has increased
It sounds back-to-front, but NordVPN's TCP splitting technology, upon which there is a patent pending, overcomes ISP throttling (also
known as traffic shaping or data prioritisation, although the terms are not precisely interchangeable).NordVPN's tests have revealed that
connections to sites based outside Europe using TCP splitting are faster than those made without the technology in place
Performance like this can enhance streaming and online gaming, not to mention online collaboration on creative projects
It might just be the next big thing in VPN marketing: "Get faster internet with a VPN!"(Image credit: Shutterstock)Improving the VPN
industryA few bad business decisions can ruin an online reputation
Security software applications have been found selling customer data, for example
VPN companies have fallen by the wayside, but there is a maturity to the industry.Part of the Internet Infrastructure Coalition
(i2Coalition), the VPN Trust Initiative (VTI) is a consortium of VPN companies driven to improve digital safety for customers
NordVPN joined several well-known and influential VPN companies that have signed up to the VTI as founding members.With the launch of a bug
bounty program in December of 2019, NordVPN is making itself as open and honest as an encryption service can possibly be
If the rest of the industry follows this lead, everyone will benefit.We've also highlighted the best VPN
servicesb2mC5W3RrnteRWpJXcGMx5.jpg?#
