Introduction
A virtual private network (VPN) is a technological platform that allows users to send and receive information across private and public networks. The functionality, security protocols, and management policies of the network facilitate the safe and secure dissemination of information among users.
Technological advancement has introduced numerous flaws to VPNs that have increased the risk of security breach. VPN users deal with numerous security flaws that compromise the safe dissemination of sensitive information. These flaws emerge from exploitable vulnerabilities in the design of VPNs and ineffective implementation of best practices by users.
Common security threats include hackers, man-in-the-middle attacks, denial of service (DoS), and lack of firewalls. These threats are mitigated through the sue firewall, antivirus, and antispam software, data encryption, and implementation of strong password policies.
Common types of VPN
Virtual private networks have different capabilities and security features that create secure connections between networks and computer systems. Three of the most common types of VPNs include Point-to-Point Tunneling Protocol (PPTP), Layer Two Tunneling Protocol, and Secure Socket Layer VPN (SSL) (Malik, 2003).
Point-to-Point Tunneling Protocol
This is the most common type of VPN protocol because it is easy to use. The protocol allows users to access networks using their internet connection and individualized passwords. Passwords enable users to log on to the network securely and confirm their identity. This protocol is preferred by many network users because it does not require the use of additional hardware.
Instead, users install specific add-on software applications in order to establish connections with service providers or other users. Despite its simplicity and functionality, PPTP has two main weaknesses. First, it does not provide data encryption. Second, it relies on the Point-to-Point Protocol to provide security to users.
The advantages of PPTP include compatibility with Microsoft’s Windows, ease of use, and cost-effectiveness (Stewart, 2013). PPTP is a default application, and therefore users of Windows do not face the challenges of installing and using it.
Moreover, it is cheaper than other VPN protocols because it requires fewer certificates to access. Users do spend money on buying computer certificates. Its disadvantages include low-security standards and poor performance when used with unstable connections. It is difficult to determine the authenticity of information using PPTP due to a lack of features to verify data origin. This weakness makes the protocol ineffective for the dissemination of sensitive information (Stewart, 2013).
Layer Two Tunneling Protocol (L2TP)
This type of VPN connects users using shared infrastructure and combines the features of two other tunneling protocols, namely PPTP and Layer Two Forwarding protocol (L2F) (Malik, 2003). It facilitates the creation of a virtual dialup private network that connects users to other networks. L2TP comprises four main tunneling models, namely voluntary tunnel, compulsory tunnel for incoming call, compulsory tunnel for the remote dial, and L2TP multihop connection (Malik, 2003).
On the other hand, it is comprised of two components that include the L2TP Access Concentrator (LAC) and the L2TP Network Server (LNS). The main disadvantage of this protocol is that it does not provide data encryption (Stewart, 2013).
Therefore, it has several security flaws that compromise the confidentiality of users who only rely on a security protocol that is passed by the network within the tunnel. The application of packet-switched connections allows users to have access to concentrators, thus making it is possible to terminate connections at local circuit points (Malik, 2003). It offers high security because public-key encryption confirms the identification of servers relaying information to users.
Secure Socket Layer VPN (SSL)
An SSL is a virtual private network that is accessible through the World Wide Web using secure connections called https (Malik, 2003). The network manages the authentication of users, servers, and data. Its security protocol includes a combination of two features, namely public-key and symmetric-key encryption (What is SSL, n.d).
Security Socket Layer VPN is very secure because its security protocol determines the encryption variables for both the connection and information relayed between a user and a server. A website that has been secured using the SSL protocol has a lock icon or a web address that begins with https (What is SSL, n.d).
The use and administration of the network are simple and effective because clients are not required to have special software to access web-enabled applications within the network (Kilpatrick, 2007).
The exchange of information between vendors and users is enhanced because the protocol used in the network is de-facto (Kilpatrick, 2007). Moreover, it is incorporated in the default features of many web browsers. Users do not incur additional costs that are associated with purchasing the software.
SSL VPNs have several disadvantages that include poor security protocols, limited compatibility with operating systems, and complex requirements for accessing non-web enabled applications (Kilpatrick, 2007). The network has an optional user authentication that exposes clients to security threats (Kilpatrick, 2007). In addition, it is incompatible with non-Windows operating systems, thus decreasing its range of application (Malik, 2003).
VPN threats
VPN is secure, reliable, and cost-effective ways of transferring information, communicating and accessing virtual environments. Allowing foreign devices to access a private network has many challenges and inconveniences that expose users to security threats.
The most common VPN threats include hackers, firewalls, man-in-the-middle attacks, and denial of service (DoS) (Stewart, 2013).
Hackers
Hackers target VPNs because their mode of functioning compromises the security protocols applied to minimize risks (Geere, 2010). VPNs open up tunnels (VPN tunnels) into a client’s network in order to facilitate communication with other users or servers. Hackers use these tunnels to access people’s networks and steal information or take control of their systems.
Computer software and systems have several weaknesses that hackers exploit. Attackers target vulnerable networks that have security holes and unsecured open ports. They enter the network by accessing the user’s IP address on the port number of the service they are interested in attacking (Geere, 2010).
If the service has a security hole and its port is open, then the hacker will have an opportunity to attack. Running numerous services simultaneously increases the risk of attack because each service is connected to a specific port. Many VPN administrators use susceptible default settings and weak network designs that increase the risk of cyber attacks (Stewart, 2013).
Lack of firewalls
A firewall is a program that creates a barrier between a computer/network and the internet. It filters unwanted data and drops connections that are suspected to be malicious or unnecessary (Stewart, 2013). The functionality of firewalls is based on a network’s specific configuration. It blocks specific programs and data connections that a network administrator orders it to reject (Frahim & Huang, 2008).
Filters can be set using aspects such as domain name, IP address, and the ports/protocols being used. Lack of firewalls is a major threat to VPNs because they are effective in blocking intrusions and data theft by unauthorized users (Whitman, Mattord, & Green, 2011).
Data theft occurs through hacking, phishing, and eavesdropping (Whitman et al., 2011). Phishing involves the malicious acquisition of sensitive information such as credit card numbers and passwords. Fraudsters pretend to be a trustworthy and legitimate entity by impersonating business or online vendors.
During data theft, fraudsters begin by monitoring data streams between the users through a process called eavesdropping or traffic sniffing (Whitman et al., 2011). Fraudsters use tools referred to as packet sniffers to alter or hijack data streams, especially for networks that lack firewall protection. Intrusion occurs when an external entity takes partial control of a network for malicious reasons (Whitman et al., 2011).
For example, an attacker can take control of servers and PCs. Intrusions are deadly because they can originate from other VPNs or the internet service provider. They usually come from locations that have access to the due to its poor security protocols. A firewall filters unwanted traffic from suspicious or malicious sources and as a result, keeps off fraudsters (Whitman et al., 2011). In addition, it separates a network from other VPNs that could be potential sources of attacks and unwanted traffic.
Man-in-the-middle attacks
A man-in-the-middle attack takes place when an attacker listens to or modifies a network’s traffic for malicious reasons such as data theft and the introduction of viruses and malware elements (Frahim & Huang, 2008).
These attacks usually used to introduce elements such as worms, viruses, and trojans in order to gain access to the network or computer. The internet’s mode of operation exposes all connections to these types of attacks. Fraudsters launch these attacks by tricking the routing protocol used by service providers to relay information to users (Frahim & Huang, 2008).
Attackers use a technique referred to as ARP spoofing to trick the routing protocol within a network. This technique diverts the traffic flow within the network to the attackers system without the knowledge of users within the network. As a result, the attacker monitors all the information transferred among users.
These attacks are common in open networking environments that offer unencrypted connections that are very difficult to manage using the default security tools found in personal computers (Deerman, n.d).
Denial of service (DoS)
A DoS attack is similar to a man-in-the-middle attack in that it can originate from another VPN, service provider, or the internet. However, the main objective of the attacker is to halt the transmission of data between the service provider and the users or between users within a network (Denial of Service and DDoS Attacks, n.d).
These attacks bar individuals from accessing the services offered by their internet service providers or VPNs. A DoS attack prevents all users from accessing any information or service within the network. It is more lethal than a man-in-the-middle attack because it blocks all access to the network and keeps all users offline.
In order to launch an attack, a fraudster sends packets into a VPNs trusted zone and gains control of the system, thus blocking users from accessing the network (Denial of Service and DDoS Attacks, n.d). DoS attacks have adverse effects on the infrastructure of VPNs. Therefore, they are very difficult to prevent.
VPN security
The security of VPNs is critical because of their numerous vulnerabilities that expose clients and service providers to the risk of attacks by fraudsters. Improving the security of VPNs is the responsibility of network administrators and users.
Application of strong data encryption and the use of firewalls is one of the most effective ways of ensuring that VPNs are safe and secure for users (Deerman, n.d).
Use of strong encryption techniques
Internet Protocol Security (IPsec) is a framework for network security that facilitates the secure transmission of data over unprotected networks by protecting and authenticating IP packets relayed between users within a network (Heller, 2006).
This framework is highly effective because it incorporates data encryption, data origin authentication, and access control. In addition, it provides limited traffic flow confidentiality and protects users against replays. IPSec is a complex and effective security protocol because of its mode of operation.
It enables systems to apply specific security protocols and algorithms, and use cryptographic keys required for the access of a specific network or service. This security method is versatile because it can be used to protect connections between security gateways, hosts, or host and security gateways. Services provided by IPSec include data integrity, anti-replay, data confidentiality, and data origin authentication.
Antivirus, antispam, and firewall protection
Infections that compromise the safety of networks might come from the personal computers of users within the network. Therefore, it is important for administrators to implement policies that require all network users to install protection software in their systems (Stewart, 2013).
A new user should not be allowed access to a network without full compliance with network policies (Frahim & Huang, 2008). For instance, a client should have up-to-date antivirus and antispam software and an operating system that has an active protection against attacks.
Firewalls keep networks safe from external attacks by filtering data and blocking unwanted or suspicious traffic. There are two types of firewalls, namely hardware firewall, and software firewall, that are used to protect VPNs (Heller, 2006).
Complex password authentication protocols
Implementation of complex password authentication is an effective method of securing VPNs. Implementation of strong password policies prevents external network access from attackers. An advantage of a strong password is the opportunity to disable account lockout (Security Recommendations for a VPN, n.d).
Network administrators should ensure that they use strong authentication methods for allowing users to access their networks. Many attackers intrude networks by triggering account lockout using advanced software applications (Security Recommendations for a VPN, n.d).
The type of authentication implemented depends on the operating system sued and the network design. For instance, Microsoft Challenge Handshake Authentication Protocol Version 2 (MS-CHAP v2) and Extensible Authentication Protocol (EAP) are examples of authentication protocols that are very safe and secure (Heller, 2006).
The security of a network is determined by the strength of the users’ passwords. Therefore, all users should have strong passwords that are confidential and hard to guess.
Conclusion
A Virtual Private Network (VPN) allows people to transmit information over public networks safely. They exist in different types based on their design, security protocol, and compatibility with operating systems. Each of these types uses different security protocols that determine their level of safety and effectiveness.
Even though VPNs use complex security protocols, they are susceptible to threats such as hackers, lack of firewalls, denial of service (DoS), and man-in-the-middle attacks. These attacks occur due to a lack of effective preventive measures and poor implementation of security policies.
Security enhancement strategies to protect VPNs include the implementation of complex encryption protocols, the use of a firewall, antispam, and antivirus software, application of complex password authentication standards. Securing private networks requires the concerted efforts of system administrators and users.
References
Deerman, J. (n.d). Securing A VPN against Advanced Malware Threats. Web.
Denial of Service (DoS) and DDoS Attacks. (n.d). Web.
Frahim, J., & Huang, Q. (2008). SSL VPN Design Considerations. Web.
Geere, D. (2010). Huge Privacy Flaw Found in VPN Systems. Web.
Heller, M. (2006). 10 Tips to Secure Client VPNs. Web.
Kilpatrick, I. (2007). Benefits and Disadvantages of SSL VPNs. Web.
Malik, S. (2003). Network Security Principles and Practices. New York, NY: Cisco Press.
Security Recommendations for a VPN. (n.d). Web.
Stewart, M. J. (2013). Network Security, Firewalls, and VPNs. New York, NY: Jones & Bartlett Publishers.
What is SSL (Secure Socket Layer) (n.d). Web.
Whitman, M., Mattord, H., & Green, A. (2011). Guide to Firewalls and VPNs. New York, NY: Cengage Learning.