Security controls are a set of measures that aim to reduce the risk of information theft on various media and in various forms. Security controls are necessary to overcome cyberthreats, which usually consist of theft of personal information or confidential protocols. Cybersecurity consists of creating tracking systems and preventive actions that are designed to increase the security of data storage or transmission. For example, secure communication protocols allow users to reduce the information load and noise that is potentially stolen. Protocols such as WAP or HTTP are ways to transfer information through the use of cryptographic protocols SSL and TLS. Specifically SSL and TLS are virtual or digital signature tools that authenticate sites or news pages. These certificates guarantee to the user that the connection is secure and allow the data to be transmitted (Dastres & Soori, 2020). In case of an insecure connection according to the protocols, the user receives a notification and personally decides whether to send the information to the site without security guarantees.
Cryptographic means of information protection allow more than others the elimination of threats in the process of data transmission. During encryption each character of the document, transmitted through a communication channel, is subject to coding, and the information itself, which needs to be protected, is divided into separate blocks, each of which is replaced by a code: alphabetic, numeric or combined. Such encryption methods as permutation, replacement, analytical transformation and gamming are also widely used.
Regarding information security, attention should be paid to the problems with VPNs. VPN refers to technologies implemented through one or more network connections over other networks. The use of technology is often associated with the need to access those sites or applications whose servers are blocked by someone else. For example, in Vietnam, Facebook is blocked at the state level and can only be accessed through a VPN. In this case, a VPN helps create a connection supposedly from another country, allowing the user from Vietnam to use the messenger.
Among the apparent pluses of using a VPN are the possibilities of personal traffic encryption and secure transmission of information over the Internet. In addition, the VPN brings the user closer to almost anonymous work because the transmission is encrypted, and there is an opportunity to connect to remote servers. Nevertheless, VPNs have disadvantages, which are repeatedly criticized and brought up for discussion. First, as VPNs evolve, so do hacker technologies and unique remote download codes that undermine previously secure additional protocols. Second, VPNs are an accessible and broad format for overcoming insecure connections. Attackers are highly likely to steal information because they are connected to the same service. Thirdly, there is the notion of a passive hijacking attack, which allows one to identify visited sites and consequently have data about the IP addresses of VPN users.
I found the content of Bansode and Girdhar’s (2021) article valuable and interesting because they link the increase in threats from VPN use to the effects of the pandemic. According to them, the pandemic has led to a significant increase in people using VPNs, so ways to circumvent this technology have also evolved. They point out that COVID-19 has led to more businesses using shared corporate VPN networks with more clients. Consequently, the risk of corporate data leakage has increased, so Bansode and Girdhar (2021) recommend updating VPN hardware with the latest Firmware and blocking unused services (6). The article provides insight into the relationship between security controls, secure protocols used, and threats from VPN technologies, thereby improving the overall perception of cybersecurity.
References
Bansode, R., & Girdhar, A. (2021). Common vulnerabilities exposed in VPN – A survey. Journal of Physics: Conference Series, 1714. Web.
Dastres, R., & Soori, M. (2020). Secure socket layer (SSL) in the network and web security. International Journal of Computer and Information Engineering, WASET, In press, 14 (10), 330-333. Web.