logo

VPN Security Issues - CSC332 - Case Study

   

Added on  2020-03-04

8 Pages3117 Words62 Views
IEEE TRANSACTIONS ON VPN SECURITY INSUFFICIENCY1VPN Security insufficiencyAbstract Virtual Private Networks have of late been trusted to provide the best internet security.Apparently, VPNs might still not keep you in guarantee of security. Cases such as IPv6 leakage aresome of the vulnerabilities that can expose user information to prying eyes. Passive monitoring andDNS hijacking are some methods which have been used to attack and collect unencrypted informationor redirecting a user on internet to a fake popular site and viewed by the undesignated user withoutmuch difficulty. This is sad for all the users who adopt VPNs plainly for improving their internetsecurity. Much that the VPNs do is to obfuscate user’s internet traffic. It is therefore important to reviewthe VPN services and the choice of whether to use them or not.————————————————————INTRODUCTIONHistory and background of the topicA virtual Private Network (VPN) is a privatenetwork that spans a public network allowingusers to share data across the shared network justlike they are connected to the private network.This is accomplished by creation of a secure andencrypted connection which behaves like a tunnelbetween the connected computer and the server.The apparent tunnel is controlled by the VirtualPrivate Network service. The VPN will thereforeallow users to access an intranet even when theyare located outside the office.it therefore turns outto be possible to connect securely togeographically disconnected offices of a givenorganization. VPNs transmit data by tunneling whichencapsulates with a header, every packet before itis transmitted. The header will provide routinginformation to enable the data packet transverse ashared network or a public network. After the datapacket reaches the destination, it is decapsulatedand taken to its final destination. The only thingthat is considered is the power to support thetunneling protocol used for both the end points.The tunneling protocols are operated at the DataLink Layer of the Open System Interconnection orthe network later of the Transmission ControlProtocol (TCP/IP) model.They are mainly popular for securing sensitivedata when connecting remote data centers. This isbecause after generation of P2P connections, auser may be able to illegally acquire access to databut be unable to access it on account ofencryption. The same has made virtual privatenetworks more common even to individuals inpursuit of confidentiality and hope that data sent is
VPN Security Issues - CSC332 - Case Study_1
2IEEE TRANSACTIONS ON XXXXXXXXXXXXXXXXXXXX, VOL. #, NO. #, MMMMMMMM 1996only accessed by the destined receiver.Purpose of the studyThe purpose of the study was to examine theimportance of VPNs in providing internet andinformation security. As the demand for securityin many organizations increase, it is important toreview the internet security provided by virtualprivate networks and their sufficiency in their use.Most users adopt VPNs at a desperate level ofneed for the security of information theyencapsulate using the VPNs. It is therefore needfulthat we examine the sufficiency of VPNs inproviding the designated services.Scope of the studyThe study focuses on security protocols developedas Virtual Private Networks and the levels ofsecurity features they offer. Their most and bestinstances of use. Their weaknesses and hitchesexpected upon using them. Their most commonleakages and vulnerabilities.Our study also focuses on the creation of VPNsand the needs for a local machine that need to bemet in order for it to support virtual privatenetwork, the security issues related to ourdiscussed security protocols and how they can bemade better and possible alternatives to them. Thestudy also evaluates each security protocol andreviews its best instances of use and bestrecommendations on each based on theirvulnerabilities. Some of the discussed securityprotocols discussed include Internet ProtocolSecurity (IP Sec), Layer 2 Tunneling protocol(L2TP) and P2P tunneling protocol.Literature reviewThe register records ninety percent of the VirtualPrivate Networks as hopelessly insecure. After alarge scale research done by High-Tech Bridge onmost live and publicly accessible SSL VirtualPrivate Network servers, a lot of problems werefound to be associated with them. Three quarter ofthe tested SSL VPNs were found to be still in theuse of obsolete SSLv3 protocol which was comeup with in 1996. Another bunch were found tohave SSLv2 which is even older than the SSLv3.This increases the vulnerability levels of the SSLsand security provided by them is thereforecompromised.The same tested VPNs were found to be usinguntrusted SSL certificates and this creates a holefor man in the middle attacks. Lack of the SSLcertificate makes it possible for a hacker to standin the middle and set up a counterfeit server to beused for impersonation and then they can be ableto harvest data sent over the Virtual PrivateNetwork. According to High Tech Bridge, mostusers have a tendency of using corporates ofdefault preinstalled certificates from vendorswhich is the main reason why untrustedcertificates have found way easily.Another three quarter was found to have insecureSHA-1 signatures and using old MD5 technology.As technology keeps growing, many browsershave plans underway to stop accepting SHA-1signed certificates while some have alreadystopped. This is because old technology is with
VPN Security Issues - CSC332 - Case Study_2
AUTHOR: TITLE3time getting weaker and not capable ofwithstanding potential attacks. When this SSLcertificates are signed using these oldtechnologies, it is evident that as transition occursin our browsers, most Virtual Private Networkswill remain unsigned and thus hackers will have avery easy way getting through.Forty percent of the examined Virtual PrivateNetwork servers were found to be using theinsecure 1024 bit keys for RSA certificates. RSAkey lengths should be more than 2048 since theyare responsible for authentication and encryptionkey exchange. The less the key size, the easier itbecomes for a hacker to do code breaking andcrypto analysis which will definitely make ourVirtual Private Network insecure.A tenth of the SSL Virtual Private Network serverswere also found to rely on Open SSL such asFortinet which are vulnerable to Heartbleed. Afterthe discovery of Heartbleed vulnerability, allproducts using open SSL were found to becreating a straightforward way for third partieswhose intention may be to extract sensitiveinformation such as encryption keys and moresince the systems get unmatched.Another study by Vasile C. Perta, Marco V.Barbera and Hammed Hadadi of Queen MaryUniversity saw most vendors’ privacy and securitypromises as fake and putting users at risk.Majority of Virtual Private Networks were foundto suffer from IPv6 traffic leakage on mildlyadversarial environments. Their research revealedthat most Virtual Private Network tunnelingtechnologies rely on old technologies like thePPTP with MS-CHAPv2 which can be easilybroken into using methods such as brute-forceattacks. Many Virtual Private Networks were alsofound to leak data exposing significant amounts ofuser information which can be easy to access bythe hackers contrary to vendor claims.It was also evident that all the DNS configurationsmost Virtual Private Networks use are easilyovercome by DNS hijacking attackers.Users’satisfactionAlthough many users have heard the need forVPNs, a review shows that only few manage toget their required VPN service. The table belowrepresents our reviewVPN vendorUsersreviewedUserssatisfiedUsersnot sureExpress VPN1343HotSpot Shield831Pure VPN641Safer VPN1274The review was conducted on the four VPNs andthe results show that only few users get satisfiedon a given VPN they choose.Working of a VPNA Virtual Private Network is similar to a home orwork private network. It is supposed to work in away that nobody outside the network can share orread data from inside. The difference between a
VPN Security Issues - CSC332 - Case Study_3

End of preview

Want to access all the pages? Upload your documents or become a member.

Related Documents
VPN Applications and Significance
|8
|1128
|307

Computer and Network Security | CN6107
|14
|4340
|48

Virtual Private Network Implementation for Avita's Corporate Network
|11
|617
|156

Types of VPN and Encryption Techniques
|13
|2690
|49

Assignment on Virtual Private Network
|9
|2285
|38

Cloud Computing Security with VPN
|5
|1900
|39