SSTP or Secure Socket Tunneling Protocol is a crucial part of a wide range of online security solutions. Since SSTP uses secure encryption, it is considered by many as some kind of VPN (Virtual Private Network), which is, as you may know, a technology that offers the chance to browse the web without putting your privacy and anonymity at risk, because it hides your location and identity.
What is SSTP and how does it work
SSTP is an updated version of Point to Point Tunneling Protocol, which was originally developed by Microsoft in the 1980s. SSTP was introduced in Windows Server 2008 as a new form of PPTP. SSTP works like a socket that establishes a connection between two computers or other digital devices. SSTP connects the devices using a technique known as tunneling. These two terms have important implications when it comes to understanding the weaknesses and strengths of networking solutions based on SSTP.
The main aim of SSTP was to enable remote users to connect to servers located around the world, in a secure way. Since networking has become essential for companies and their workforce is usually distributed in different locations, SSTP and similar solutions are the best options to support the needs of modern businesses. SSTP works in a similar way as as PPTP. With SSTP, packets of data are wrapped in a protective sheath and users have to connect via a standard Transmission Control Port (TCP).
This gives the target server the chance to start authentication tasks, which involved sending some encryption keys to the user’s system. This creates the basis for the SSTP tunnel. Once that is done, it is possible to send the packets with relatively high levels of security directly to the server. Thanks to the way in which secure socket tunneling protocol works makes it an ideal solution for VPN providers. VPNs offer the software and a network of servers and SSTP applies certain level of encryption that gives users the chance to send and receive data with better security. With that being said, not all VPNs rely on SSTP and we will find out why over the next sections.
What port is used by SSTP?
We will take a closer look at the security of SSTP later on, but first, it is worth taking a look at the technical aspects of the protocol. The main thing to keep in mind is the TCP port that is used by SSTP. In every case, SSTP establishes communication using TCP port 443. You have probably seen this number when you visit HTTPS websites since these websites are secured by SSL, a technology that is related to SSTP. The security that is provided by this encryption, makes HTTPS website less likely to be targeted by phishing attacks. VPN connections work with exactly the same port.
When it comes to encryption, it should be noted that an SSTP client uses 2048 bit encryption techniques. This uses something known as asymmetric cryptography and it is the security solution that is preferred by online security organizations. Although the secure socket tunneling protocol was originally developed by Microsoft, it has been adapted for use in many other platforms, including Linux. That being said, there is no direct SSTP support for Mac or iOS. At the moment, users of these operating systems who want to get SSTP on their devices, need to get alternative SSTP clients such as iSSTP.
What is an SSTP VPN?
When we talk about an SSTP VPN, we are talking about a VPN that has been configured with the SSTP system as the main way to encrypt and transfer data. The main thing to consider about SSTP is that it works with SSL encryption, rather than IPSec. This sets an important difference in the way the technology works. Both SSL and IPSec offer advanced encryption, but IPSec is affected by network address translation errors and known issues when it comes to firewalls negotiation. In addition, IPSec-based VPNs need to be installed on every machine, while SSL/SSTP is part of Windows by default.
Another important difference to mention is the fact that VPNs based on SSL/SSTP run through web browsers in most cases, as per the original designed created by Microsoft. IPSec usually works through separate clients, offering better protection for apps like torrenting clients and online games. This has its advantages and disadvantages. The downside is that it may not be the best choice for playing games or downloading torrents, but the good thing is that it provides an affordable VPN service, that is built into the system and that is suitable for businesses and for users who want to secure their web browsing. In addition, it offers an effective solution to get around NAT firewalls.
Using a Secure Socket Tunneling Protocol client lets you enjoy a more versatile experience. It is possible to find versions for Mac, Linux, smartphones and Windows. They offer comprehensive protection for all online apps and give access to Microsoft’s protocol to those who don’t use the Windows platform. In the end, secure socket tunneling protocol is an alternative to IPSec-based VPNs and it is growing in popularity. Although it has its flaws, you can expect high encryption and if you are a business user, it is an ideal solution. However, it is important to keep in mind some issues when it comes to security, as we are about to see.
For many VPN users, the fact that SSTP was created by Microsoft raises concerns. The reliability and security of the protocol is questioned since it is still a proprietary technology of Microsoft, a company that is likely to cooperate with government requests to gather users’ data. Many fear that Microsoft implements backdoors or that it weakens the protocol on purpose. In spite of the concerns, SSTP is still considered as one of the most secure VPN protocols available.
It provides an effective way to get around firewalls and get access to streaming sites. Plus, its SSL-based encryption is pretty much impossible to block since it can’t be differentiated from standard web traffic. Not all providers support SSTP, but if you are interested in taking advantage of the benefits of an SSTP client and you are not worried about Microsoft’s involvement with the protocol, you can try VPN providers like Ivacy and Hide.me.