SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Story image
Surfshark rolls out WireGuard open source VPN protocol
Wed, 21st Oct 2020
FYI, this story is more than a year old

Surfshark has introduced support for the open source VPN protocol WireGuard in a move that will reward users with faster VPN speeds, according to the company.

The WireGuard protocol uses cryptography and lightweight code to protect user privacy - and reportedly uses less code than other VPN protocols such as OpenVPN and IPsec. When there is less code in a VPN, it is less susceptible to security vulnerabilities due to easier configuration and management, according to Surfshark.

WireGuard also uses cryptography including ChaCha20, Curve25519, BLAKE2s, SipHash24, and HKDF.

“As per popular request, we've rolled out WireGuard for all our users. It stands out in the overly engineered landscape of VPN protocols by offering faster speeds and lower ping times,” says Surfshark communications manager Gabrielle Racai.

“The protocol is also easier to audit code-wise, which amounts to its security. WireGuard is furtherly improving the overall performance of Surfshark VPN.

Surfshark's Wireguard solution also comes with a double network address translation (NAT) system to ensure users' privacy.
Further, Surfshark also uses the acknowledged OpenVPN UDP / TCP, IKEv2/IPsec, and Shadowsocks protocols.

Those who wish to switch to the WireGuard protocol should update their apps to the latest version. Users can then select the WireGuard protocol from the app settings.

Surfshark has also conducted other infrastructure upgrades this year, including the conversion to RAM-only operations of its 1810 servers across 66 countries.

The company says that the diskless server network improves infrastructure security, and enables the network to be managed centrally.

Further, it is mostly operational data that is stored on servers that run on hard drives, meaning it is only required to initiate a successful VPN function.

“Running all servers on volatile (RAM) memory means that any information, even the configuration files, is wiped off automatically whenever a server is turned off.

“Configuration files stored on hard drive servers can still be accessed in case they are seized or taken over by a third party. A RAM-only server solution eliminates this security threat by ensuring that no information can be physically taken from the servers.

A centrally-managed network of diskless servers also allows software updates to be rolled out across the network.

“The diskless server network effectively minimises security risks of hard-drive-based server infrastructure,” Racai says.

In February, the company also rolled out two-factor authentication (2FA) offerings to users. The measure was introduced protect user accounts and to fight cyber threats such as brute force and credential stuffing.