A Comparative Study: Alternative Technologies to Replace VPN Solutions
VerifiedAdded on 2020/02/24
|11
|4211
|151
Report
AI Summary
This report delves into the realm of Virtual Private Networks (VPNs), addressing the critical need for secure data transmission in today's internet-driven environment. It begins by outlining the core functionality of VPNs, emphasizing their role in enhancing online privacy and security through encryption. However, the report doesn't shy away from the common issues associated with traditional VPN solutions, such as congestion, latency, and authentication complexities. The paper then pivots to explore alternative technologies designed to overcome these limitations. It highlights Microsoft Direct Access, a technology that offers automatic connectivity and user-friendly operation, and SoftEther VPN, recognized for its multi-protocol support and superior performance. A comprehensive literature review supports the analysis, examining the benefits, issues, and proposed solutions for VPN technology, including VPN fingerprinting and man-in-the-middle attacks. Ultimately, the report aims to provide a comparative analysis of VPN technologies, offering insights into how modern solutions can improve network security and data protection.
Running head: ALTERNATIVE TECHNOLOGIES TO REPLACE VPN
Alternative Technologies to
Replace VPN
Author name
Alternative Technologies to
Replace VPN
Author name
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
1ALTERNATIVE TECHNOLOGIES TO REPLACE VPN
Abstract
The security of the transited data in
the internet have a pivotal part in present
times; generally business is executed over the
internet and even to remote devices, which is
considerably more vulnerable than when
running on an internal network of a
organization or user. The data can be
intercepted by the unauthorized individuals;
this clarifies why extensive exertion is being
dedicated at the current time to information
encryption and secure transmission. This
paper concentrates basically on finding out
the alternative technologies while discussing
the issues of the traditional and legacy VPN
solutions.
Introduction
In the era of the internet,
security and privacy are the greatest
concerns. A Virtual Private Network or VPN is
one such network, which enhances one’s
online privacy and security. The VPN service
providers provide an encrypted connection to
scramble the data that is transferred over that
network. This prohibits outsiders from reading
the data by breaking into the network as an
intermediary (Man in the Middle Attack). VPN
extends the access of a private or restricted
network across a public network. This enables
the internet users to receive and send data
across multiple public or shared networks.
This network system creates a make believe
environment as if the users are directly
connected to the secured or private network.
The VPN also hides all browsing records from
the Internet Service Provider (ISP) as well.
However, the VPN Service Provider is now
aware of the data usage and transaction.
Therefore, it is best recommended to view
VPN as a model for security and not for
anonymity.
However, over the time users
of VPN has encountered certain issues with
the system. Congestion, latency,
fragmentation, and packet loss have been a
major issue with the VPN system. Other
bottlenecks include difficulties with
compliance and troubleshooting VPN errors
[8]. Several users have complained about their
VPN connections being rejected and at times
the authentication process getting too
complex to manage. Drop in the traffic due to
encryption failure is another noticeable
problem. When the security gateway at the
receiver’s end is expecting an encrypted
packet, but it receives an unencrypted one or
the vice versa, the traffic system crashes.
Other problems include the lack of repeating
patterns, the requirement of high availability
for VPN connections and it being more
bandwidth-intensive than any normal clear-
text transmission [5]. There is also an added
difficulty with regards to the aspect of
platform friendliness. In infrastructures, which
are incompatible and obsolete to install or run
Abstract
The security of the transited data in
the internet have a pivotal part in present
times; generally business is executed over the
internet and even to remote devices, which is
considerably more vulnerable than when
running on an internal network of a
organization or user. The data can be
intercepted by the unauthorized individuals;
this clarifies why extensive exertion is being
dedicated at the current time to information
encryption and secure transmission. This
paper concentrates basically on finding out
the alternative technologies while discussing
the issues of the traditional and legacy VPN
solutions.
Introduction
In the era of the internet,
security and privacy are the greatest
concerns. A Virtual Private Network or VPN is
one such network, which enhances one’s
online privacy and security. The VPN service
providers provide an encrypted connection to
scramble the data that is transferred over that
network. This prohibits outsiders from reading
the data by breaking into the network as an
intermediary (Man in the Middle Attack). VPN
extends the access of a private or restricted
network across a public network. This enables
the internet users to receive and send data
across multiple public or shared networks.
This network system creates a make believe
environment as if the users are directly
connected to the secured or private network.
The VPN also hides all browsing records from
the Internet Service Provider (ISP) as well.
However, the VPN Service Provider is now
aware of the data usage and transaction.
Therefore, it is best recommended to view
VPN as a model for security and not for
anonymity.
However, over the time users
of VPN has encountered certain issues with
the system. Congestion, latency,
fragmentation, and packet loss have been a
major issue with the VPN system. Other
bottlenecks include difficulties with
compliance and troubleshooting VPN errors
[8]. Several users have complained about their
VPN connections being rejected and at times
the authentication process getting too
complex to manage. Drop in the traffic due to
encryption failure is another noticeable
problem. When the security gateway at the
receiver’s end is expecting an encrypted
packet, but it receives an unencrypted one or
the vice versa, the traffic system crashes.
Other problems include the lack of repeating
patterns, the requirement of high availability
for VPN connections and it being more
bandwidth-intensive than any normal clear-
text transmission [5]. There is also an added
difficulty with regards to the aspect of
platform friendliness. In infrastructures, which
are incompatible and obsolete to install or run
2ALTERNATIVE TECHNOLOGIES TO REPLACE VPN
legacy VPN systems, the cost can rise
dramatically. It has high requirements of
additional software and hardware
components. Other expenses include high-
cost licensing and other additional
investments.
With the increase in
difficulties faced in the traditional or legacy
VPN technology, several attempts have been
made to replace it with some modern
approach. Microsoft Direct Access is one of
the newly invented technologies that aim to
replace the classic VPN solutions. It was first
launched in 2008 but was discarded by the
tech society due to its enormously complex
functionality. Later in 2012, after the release
of the Windows Server 2012, the
requirements were not much complicated any
more. This made the technology rise up to its
fame. Unlike the legacy VPN connections that
are bound to be initiated and terminated only
by explicit user action, the Microsoft’s
solution through their Direct Access
connections proved to be fruitful. No sooner
does the user connect to the internet, Direct
Access is automatically connected. It also
provides a more user-friendly way of
operation in comparison to the legacy VPNs.
Another commonly used replacement
technology is the SoftEther or Software
Ethernet VPN. It is considered as the world’s
strongest multi-protocol VPN. It is easy-to-use
and can be run on any Operating System
platform. It has more ability and better
performing credibility than any Open or
Legacy VPN technologies, and hence it is
preferred more in the recent times [1].
Network analysts predict that products, which
are based on the SSL VPN technology, will
replace traditional IP Security Protocol VPN as
a permanent remote-access solution.
This report aims at surveying
all the above mentioned aspects of the Virtual
Private Network technology, covering every
minute details about the troubles faced in
using the legacy VPN technologies and sorting
out the feasible technologies that can replace
the same. A literature review is to be
conducted in order to throw light on the
works of various diligent in this field. The
literature review would help in the better
understanding of the topic and help in
enriching the report. Further, the difficulties
that are being faced on using the legacy VPN
technologies are to be discussed with detailed
explanation for each. Then, the replacement
technologies shall be highlighted alongside
explaining their advantage over the legacy
VPN technology systems. Lastly, the scope of
improvement in the field of VPN technologies
will be elaborated for further study
opportunities on the topic.
Literature Review
The main objective of the VPN
technology is to provide the capabilities of a
private leased secure lines that in the public
legacy VPN systems, the cost can rise
dramatically. It has high requirements of
additional software and hardware
components. Other expenses include high-
cost licensing and other additional
investments.
With the increase in
difficulties faced in the traditional or legacy
VPN technology, several attempts have been
made to replace it with some modern
approach. Microsoft Direct Access is one of
the newly invented technologies that aim to
replace the classic VPN solutions. It was first
launched in 2008 but was discarded by the
tech society due to its enormously complex
functionality. Later in 2012, after the release
of the Windows Server 2012, the
requirements were not much complicated any
more. This made the technology rise up to its
fame. Unlike the legacy VPN connections that
are bound to be initiated and terminated only
by explicit user action, the Microsoft’s
solution through their Direct Access
connections proved to be fruitful. No sooner
does the user connect to the internet, Direct
Access is automatically connected. It also
provides a more user-friendly way of
operation in comparison to the legacy VPNs.
Another commonly used replacement
technology is the SoftEther or Software
Ethernet VPN. It is considered as the world’s
strongest multi-protocol VPN. It is easy-to-use
and can be run on any Operating System
platform. It has more ability and better
performing credibility than any Open or
Legacy VPN technologies, and hence it is
preferred more in the recent times [1].
Network analysts predict that products, which
are based on the SSL VPN technology, will
replace traditional IP Security Protocol VPN as
a permanent remote-access solution.
This report aims at surveying
all the above mentioned aspects of the Virtual
Private Network technology, covering every
minute details about the troubles faced in
using the legacy VPN technologies and sorting
out the feasible technologies that can replace
the same. A literature review is to be
conducted in order to throw light on the
works of various diligent in this field. The
literature review would help in the better
understanding of the topic and help in
enriching the report. Further, the difficulties
that are being faced on using the legacy VPN
technologies are to be discussed with detailed
explanation for each. Then, the replacement
technologies shall be highlighted alongside
explaining their advantage over the legacy
VPN technology systems. Lastly, the scope of
improvement in the field of VPN technologies
will be elaborated for further study
opportunities on the topic.
Literature Review
The main objective of the VPN
technology is to provide the capabilities of a
private leased secure lines that in the public
3ALTERNATIVE TECHNOLOGIES TO REPLACE VPN
networks while making it cost effective and
more secure than public connection in the
unsecured public networks. With this benefits
there are some common issues that affects
the security and the performance.
VPN fingerprinting: As opined by the Al
Mhdawi (2016), with the use of the traditional
VPN solutions it is possible to get the digital
fingerprints of the VPN servers. Techniques
such as Vendor Identity (ID) fingerprinting,
UDP (User Datagram Protocol) back off
fingerprinting, or similar other techniques.
While this is not considered as a performance
or security issue; even some of the VPN
service providers does not consider as an
issue by any means. When analysed this
fingerprinting techniques it gives helpful data
to potential hackers or the attackers. A few
frameworks also uncover the general kind of
used device information, such as “Cisco PIX".
In addition to that others exposes the product
software/firmware details as well. In their
papers, the authors Shahzad and Hussain (2013)
described that Information of the devices to
implement the VPN the details of the
backdoors of these devices enables an
attackers to focus on those flaws in order to
intrude the VPN between the two points [6].
Storing authentication credentials insecurely:
Numerous VPN solutions/programs offer to
store a few or the greater part of the
validation credentials such as username and
the corresponding password for particular
user, which is the default setting for a . While
this makes the VPN easy to utilize it likewise
presents security risks that, particularly if the
accreditations are not very much ensured.
Man in the middle attacks: An unapproved
machine begins blocking the correspondence
between the hubs in the system and changes
the substance of the information that is
transmitted between them. The sort of
changes includes expansion, erasure and
alteration of information [5].
With the combination of the multiple private
and public networks like the internet, the VPN
helps the users to send and receive the data
through public networks which are often
unsecure. According to Kuroda (2017), even
though the VPN is a cost effective for the
users as well for the organizations which
provides an efficient data transmission
channel among the unsecured public
networks, it also possess numerous
vulnerabilities and risks that needs to be
addressed such as Man in the Middle attacks
and VPN hijacking. More over as mentioned
by BĂNUȚĂ (2012), the due to the lack of user
authentication, interoperability and infection
of any one of the two points (sender and
receiver) is infected by malwares or viruses
then it is possible that the whole network is
compromised by the attackers and may be
able to steal the password of VPN.
Another issue in the VPN is the
interoperability between the frame works.
networks while making it cost effective and
more secure than public connection in the
unsecured public networks. With this benefits
there are some common issues that affects
the security and the performance.
VPN fingerprinting: As opined by the Al
Mhdawi (2016), with the use of the traditional
VPN solutions it is possible to get the digital
fingerprints of the VPN servers. Techniques
such as Vendor Identity (ID) fingerprinting,
UDP (User Datagram Protocol) back off
fingerprinting, or similar other techniques.
While this is not considered as a performance
or security issue; even some of the VPN
service providers does not consider as an
issue by any means. When analysed this
fingerprinting techniques it gives helpful data
to potential hackers or the attackers. A few
frameworks also uncover the general kind of
used device information, such as “Cisco PIX".
In addition to that others exposes the product
software/firmware details as well. In their
papers, the authors Shahzad and Hussain (2013)
described that Information of the devices to
implement the VPN the details of the
backdoors of these devices enables an
attackers to focus on those flaws in order to
intrude the VPN between the two points [6].
Storing authentication credentials insecurely:
Numerous VPN solutions/programs offer to
store a few or the greater part of the
validation credentials such as username and
the corresponding password for particular
user, which is the default setting for a . While
this makes the VPN easy to utilize it likewise
presents security risks that, particularly if the
accreditations are not very much ensured.
Man in the middle attacks: An unapproved
machine begins blocking the correspondence
between the hubs in the system and changes
the substance of the information that is
transmitted between them. The sort of
changes includes expansion, erasure and
alteration of information [5].
With the combination of the multiple private
and public networks like the internet, the VPN
helps the users to send and receive the data
through public networks which are often
unsecure. According to Kuroda (2017), even
though the VPN is a cost effective for the
users as well for the organizations which
provides an efficient data transmission
channel among the unsecured public
networks, it also possess numerous
vulnerabilities and risks that needs to be
addressed such as Man in the Middle attacks
and VPN hijacking. More over as mentioned
by BĂNUȚĂ (2012), the due to the lack of user
authentication, interoperability and infection
of any one of the two points (sender and
receiver) is infected by malwares or viruses
then it is possible that the whole network is
compromised by the attackers and may be
able to steal the password of VPN.
Another issue in the VPN is the
interoperability between the frame works.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
4ALTERNATIVE TECHNOLOGIES TO REPLACE VPN
The two associating frameworks in the system
ought to concur upon the security
conventions utilized for the information
transmission. The conventions executed by
various sellers on the two sides of
transmission may not generally be
synchronized. This may increase the risks in
the system.
Now there are multiple options
available that can be used as the alternative
that incorporates enhanced security features
compared to the traditional VPNs. Some of
these alternatives includes Microsoft’s
DirectAccess, SoftEther VPN [7]. The
DirectAccess by Microsoft helps the users to
have internet connectivity when the client
systems are connected with the internet.
When compared to the traditional VPNs, the
connection is initiated /terminated by the
explicit action of the users, but the Direct
Access is developed in such a way that the
connection is automatically initiated
whenever the users computers gets
connected with the internet.
The DirectAccess utilizes the IPSec
protocols to establish the tunnel as well as
IPv6 to get the intranet resources for the
clients. This technology encapsulates the data
traffic over the IPv4 so that it can reach the
clients using the internet [7]. The traffic is
encapsulated in IPv4 data packets.
DirectAccess does not need any kind of
configuration to connect and send data over
the VPN. As the IPv6 addresses are globally
routable thus corporate network from an
organization can easily initiate a connection to
a client who have DirectAccess connection to
manage the systems of the client.
Benefits, Issues and proposed
alternatives solutions for VPN
technology (1200)
Benefits of VPN
Following are the benefits of using
VPN for a secure connection,
Increased geographic availability of
resources: A VPN tunnel helps the user to
connect different remote users to the
centralised computing resources, making it
easier to set up worldwide connections and
operations on the remote system.
Scalability – A VPN enables
organizations to use the remote access
framework inside IPSs, henceforth
organizations can for all intents and purposes
include boundless measure of limit without
including foundation.
Improved security to the transmitted
data: At the time the client’s computer
system to the web/internet makes these
systems vulnerable against the attacks by the
hackers or the intruders [2]. VPN connections
incorporate firewalls and encryption
measures to balance organize security risks.
Cost effective: VPNs are helpful in
bring down expenses by dispensing with the
The two associating frameworks in the system
ought to concur upon the security
conventions utilized for the information
transmission. The conventions executed by
various sellers on the two sides of
transmission may not generally be
synchronized. This may increase the risks in
the system.
Now there are multiple options
available that can be used as the alternative
that incorporates enhanced security features
compared to the traditional VPNs. Some of
these alternatives includes Microsoft’s
DirectAccess, SoftEther VPN [7]. The
DirectAccess by Microsoft helps the users to
have internet connectivity when the client
systems are connected with the internet.
When compared to the traditional VPNs, the
connection is initiated /terminated by the
explicit action of the users, but the Direct
Access is developed in such a way that the
connection is automatically initiated
whenever the users computers gets
connected with the internet.
The DirectAccess utilizes the IPSec
protocols to establish the tunnel as well as
IPv6 to get the intranet resources for the
clients. This technology encapsulates the data
traffic over the IPv4 so that it can reach the
clients using the internet [7]. The traffic is
encapsulated in IPv4 data packets.
DirectAccess does not need any kind of
configuration to connect and send data over
the VPN. As the IPv6 addresses are globally
routable thus corporate network from an
organization can easily initiate a connection to
a client who have DirectAccess connection to
manage the systems of the client.
Benefits, Issues and proposed
alternatives solutions for VPN
technology (1200)
Benefits of VPN
Following are the benefits of using
VPN for a secure connection,
Increased geographic availability of
resources: A VPN tunnel helps the user to
connect different remote users to the
centralised computing resources, making it
easier to set up worldwide connections and
operations on the remote system.
Scalability – A VPN enables
organizations to use the remote access
framework inside IPSs, henceforth
organizations can for all intents and purposes
include boundless measure of limit without
including foundation.
Improved security to the transmitted
data: At the time the client’s computer
system to the web/internet makes these
systems vulnerable against the attacks by the
hackers or the intruders [2]. VPN connections
incorporate firewalls and encryption
measures to balance organize security risks.
Cost effective: VPNs are helpful in
bring down expenses by dispensing with the
5ALTERNATIVE TECHNOLOGIES TO REPLACE VPN
requirement for costly and lengthy rented
lines. A VPN needs just a generally short
connection to the ISP (Internet service
Provider). The association could be either a
nearby rented line. VPN additionally
diminishes cost by lessening the long-remove
phone charges for remote access. VPN
customers just need to dial up to the closest
ISP's Access point.
Issues
Virtual private systems administration
requires modifications on the user’s computer
system. By and large, VPN network providers
require that client end software to be
installed on the system [1]. Customer
alteration and organization are effectively the
main inhibitor to virtual private network
administration development.
The absence of the maturity of virtual
private systems administration technology,
for the vendors and standards presents
unexpected shortcomings. By and large,
arrange security individuals see another
innovation suspiciously and as it should be.
Due to the gateway devices used in
the networks: With numerous private and
public networks as some home systems,
organization systems are isolated from the
Internet by measures, for example, NAT
intermediary firewalls and servers, number of
IP addresses is restricted and security is
supported [3]. Gadgets that lead this
preparing are known as the network gateway
devices. This network gateway devices are
dedicated devices, on the other hand superior
PC on which Linux and other server operating
systems are installed.
However numerous traditional VPN
conventions cannot convey by means of this
system door gadget [6]. One purpose behind
this is numerous VPN conventions headers of
uncommon convention that is not normal
TCP/IP convention might be included while
typifying interchanging data packets. For
instance a VPN convention called PPTP utilizes
to a great degree minor convention called
GRE (Generic Routing Encapsulation). Another
protocol which is called L2TP besides requires
utilization of IPSec, whereby a header is
included in light of the fact that it is an IPSec
data packet.
The greater part of traditional VPN
protocol, for example, in these cases, on the
grounds that VPN interchanges is
acknowledged by an approach dissimilar to
conventional TCP/IP association situated
correspondence show, it can't do VPN
interchanges rising above in numerous
arrange entryway gadgets, particularly NAT,
all intermediary servers and firewalls [5].
Thusly when utilized, the larger part of regular
VPN conventions require a worldwide IP
deliver will be apportioned to both of the VPN
association source client PC and a goal VPN
server PC. Or on the other hand establishment
requirement for costly and lengthy rented
lines. A VPN needs just a generally short
connection to the ISP (Internet service
Provider). The association could be either a
nearby rented line. VPN additionally
diminishes cost by lessening the long-remove
phone charges for remote access. VPN
customers just need to dial up to the closest
ISP's Access point.
Issues
Virtual private systems administration
requires modifications on the user’s computer
system. By and large, VPN network providers
require that client end software to be
installed on the system [1]. Customer
alteration and organization are effectively the
main inhibitor to virtual private network
administration development.
The absence of the maturity of virtual
private systems administration technology,
for the vendors and standards presents
unexpected shortcomings. By and large,
arrange security individuals see another
innovation suspiciously and as it should be.
Due to the gateway devices used in
the networks: With numerous private and
public networks as some home systems,
organization systems are isolated from the
Internet by measures, for example, NAT
intermediary firewalls and servers, number of
IP addresses is restricted and security is
supported [3]. Gadgets that lead this
preparing are known as the network gateway
devices. This network gateway devices are
dedicated devices, on the other hand superior
PC on which Linux and other server operating
systems are installed.
However numerous traditional VPN
conventions cannot convey by means of this
system door gadget [6]. One purpose behind
this is numerous VPN conventions headers of
uncommon convention that is not normal
TCP/IP convention might be included while
typifying interchanging data packets. For
instance a VPN convention called PPTP utilizes
to a great degree minor convention called
GRE (Generic Routing Encapsulation). Another
protocol which is called L2TP besides requires
utilization of IPSec, whereby a header is
included in light of the fact that it is an IPSec
data packet.
The greater part of traditional VPN
protocol, for example, in these cases, on the
grounds that VPN interchanges is
acknowledged by an approach dissimilar to
conventional TCP/IP association situated
correspondence show, it can't do VPN
interchanges rising above in numerous
arrange entryway gadgets, particularly NAT,
all intermediary servers and firewalls [5].
Thusly when utilized, the larger part of regular
VPN conventions require a worldwide IP
deliver will be apportioned to both of the VPN
association source client PC and a goal VPN
server PC. Or on the other hand establishment
6ALTERNATIVE TECHNOLOGIES TO REPLACE VPN
of system passage gadgets can be modified so
exceptional data packets can be handled.
In order to manage the security of the
VPN connection it is important to follow the
following rules so that the data through it can
be secured.
At the point when effectively
associated with the network, VPN will compel
all movement to and from the PC over the
VPN tunnel: all other data traffic must be
dropped so that the data through the VPN can
be transmitted without any interruption.
The VPN connection must be
controlled utilizing either a one-time
password confirmation, for example, like
private and public key system, token devices
etc.
All the Computer systems or work
stations having connection with the intranet
system through VPN or some other
technology must utilize the most up to date
antivirus applications that is of the corporate
standard so that intrusion of malware
infection into the VPN connection can be
prevented.
VPN concentrator is restricted to a flat
out association time of 24 hours.
Double tunnelling in the VPN should
not be allowed; it is important from security
perspective that only a single system at both
the ends are permitted.
Use of IPsec for security
IPSec gives a structure to key
management, confirmation and encryption;
yet it does not shield an user or an
organization from shortcomings specifically
vendor’s executions. With for the most part
next to no cryptographic skill at last client
group, it is without a doubt more secure to
take into account an appropriate time of
market testing of a specific execution of a
virtual private systems administration
standard. Shortcomings have just been seen
in Microsoft's and Cisco's virtual private
systems administration executions and expect
littler vendors that get less examination to
capitulate to comparative unforeseen issues.
IPsec is collection of protocols that
are important for securing Internet Protocol
or IP communication (Data Transmission) by
confirming and scrambling every IP data
packets of an incoming and outgoing data
stream. IPsec additionally incorporates
conventions for building up shared validation
between the two agents or the users toward
the start of the session and exchange of the
cryptographic keys to be utilized amid the
session in the established connection. IPsec
can be utilized to secure information streams
between a couple of hosts (e.g. two servers or
between the two user systems), between a
couple of network gateways like the firewalls
or switches, or between a security entryway
and a host. ] A basic part of IPsec, is
automated key administration current being
of system passage gadgets can be modified so
exceptional data packets can be handled.
In order to manage the security of the
VPN connection it is important to follow the
following rules so that the data through it can
be secured.
At the point when effectively
associated with the network, VPN will compel
all movement to and from the PC over the
VPN tunnel: all other data traffic must be
dropped so that the data through the VPN can
be transmitted without any interruption.
The VPN connection must be
controlled utilizing either a one-time
password confirmation, for example, like
private and public key system, token devices
etc.
All the Computer systems or work
stations having connection with the intranet
system through VPN or some other
technology must utilize the most up to date
antivirus applications that is of the corporate
standard so that intrusion of malware
infection into the VPN connection can be
prevented.
VPN concentrator is restricted to a flat
out association time of 24 hours.
Double tunnelling in the VPN should
not be allowed; it is important from security
perspective that only a single system at both
the ends are permitted.
Use of IPsec for security
IPSec gives a structure to key
management, confirmation and encryption;
yet it does not shield an user or an
organization from shortcomings specifically
vendor’s executions. With for the most part
next to no cryptographic skill at last client
group, it is without a doubt more secure to
take into account an appropriate time of
market testing of a specific execution of a
virtual private systems administration
standard. Shortcomings have just been seen
in Microsoft's and Cisco's virtual private
systems administration executions and expect
littler vendors that get less examination to
capitulate to comparative unforeseen issues.
IPsec is collection of protocols that
are important for securing Internet Protocol
or IP communication (Data Transmission) by
confirming and scrambling every IP data
packets of an incoming and outgoing data
stream. IPsec additionally incorporates
conventions for building up shared validation
between the two agents or the users toward
the start of the session and exchange of the
cryptographic keys to be utilized amid the
session in the established connection. IPsec
can be utilized to secure information streams
between a couple of hosts (e.g. two servers or
between the two user systems), between a
couple of network gateways like the firewalls
or switches, or between a security entryway
and a host. ] A basic part of IPsec, is
automated key administration current being
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7ALTERNATIVE TECHNOLOGIES TO REPLACE VPN
utilized to consult in different IPsec
operations, keying material and security suite
necessities characterized in the VPN
communication approach. IPsec includes a
few interesting advances, a large number of
which can be exceptionally confounded and
open to elucidation, for example, IKE (the
automatic key administration). Nonetheless,
IPsec-particular operations, such as the
utilization of security conventions, are
genuinely direct and the execution
alternatives, as to program key administration
are what need to bed passed on.
SoftEther VPN
SoftEther VPN is considered as a VPN
solution that offers flexibility, expandability as
well as stability. This VPN solution is
compatible with different latest available
networks which requires to produce wide
bandwidth as a result of high load.
SoftEther VPN is developed in such a
manner that, it helps in tunnelling and
encapsulating the communications and layer
2, in other words, to Ethernet [8]. At the point
when SoftEther VPN is utilized, networking
devices, for example, switching HUB, network
adapter and layer 3 switch are acknowledged
or realized by the use of the software, and by
interfacing the passage called SoftEther VPN
protocol in view of TCP/IP convention among
them, the end users/clients can build easily
adaptable VPN that was never conceivable
with the used protocol that are introduced till
now [5].
Figure 1: The working mechanism of
SoftEther VPN
Compared to the old and legacy VPN
controls, SoftEther VPN focuses on the layer 2
(Ethernet) for VPN connection between the
two nodes [6]. As it were, with VPN which
have focused on old layer 3, the encapsulated
data packets moved through the established
tunnel. In any case, with SoftEther VPN, it will
epitomized Ethernet data packet stream to
pass through the tunnel.
DirectAccess
For the users of the Windows
operating systems, DirectAccess is an
important feature the enables the availability
to organizational network assets without the
requirement for customary Virtual Private
Network (VPN) [4]. With DirectAccess,
customer PCs are continuously connected
with the organization – there is no
requirement for remote clients to begin and
utilized to consult in different IPsec
operations, keying material and security suite
necessities characterized in the VPN
communication approach. IPsec includes a
few interesting advances, a large number of
which can be exceptionally confounded and
open to elucidation, for example, IKE (the
automatic key administration). Nonetheless,
IPsec-particular operations, such as the
utilization of security conventions, are
genuinely direct and the execution
alternatives, as to program key administration
are what need to bed passed on.
SoftEther VPN
SoftEther VPN is considered as a VPN
solution that offers flexibility, expandability as
well as stability. This VPN solution is
compatible with different latest available
networks which requires to produce wide
bandwidth as a result of high load.
SoftEther VPN is developed in such a
manner that, it helps in tunnelling and
encapsulating the communications and layer
2, in other words, to Ethernet [8]. At the point
when SoftEther VPN is utilized, networking
devices, for example, switching HUB, network
adapter and layer 3 switch are acknowledged
or realized by the use of the software, and by
interfacing the passage called SoftEther VPN
protocol in view of TCP/IP convention among
them, the end users/clients can build easily
adaptable VPN that was never conceivable
with the used protocol that are introduced till
now [5].
Figure 1: The working mechanism of
SoftEther VPN
Compared to the old and legacy VPN
controls, SoftEther VPN focuses on the layer 2
(Ethernet) for VPN connection between the
two nodes [6]. As it were, with VPN which
have focused on old layer 3, the encapsulated
data packets moved through the established
tunnel. In any case, with SoftEther VPN, it will
epitomized Ethernet data packet stream to
pass through the tunnel.
DirectAccess
For the users of the Windows
operating systems, DirectAccess is an
important feature the enables the availability
to organizational network assets without the
requirement for customary Virtual Private
Network (VPN) [4]. With DirectAccess,
customer PCs are continuously connected
with the organization – there is no
requirement for remote clients to begin and
8ALTERNATIVE TECHNOLOGIES TO REPLACE VPN
stop the VPN connections as is required with
customary VPN.
From a client’s perspective
DirectAccess is a totally programmed VPN
connection that rearranges getting to
corporate LAN administrations from wherever
they need to connect to the organization or to
the other clients.
In order to connect to the remote
client it is important to use client transition
protocols so that the IPv4 and IPv6 addresses
can be mapped appropriately [6]. Some of
them are discussed below,
IP-HTTPS- This protocol uses
standard protocols and ports. Earlier
servers/clients used double encryption for
the data traffic such as IPsec & SSL/TLS. In
the later versions such as in windows 8 or
later uses null encryption technique in order
to solve the double encryption issue.
Teredo: This protocol Utilizes UDP on
the port 3544 in order to encapsulate IPv6
packets in IPv4 packets. This protocol
supports the mapping of the client behind a
NAT device. On the other hand this protocol
is unable to detect server behind NAT [9].
This protocol requires Server that are
configured with two successive public IPv4
addresses.
6to4: This transition control protocol
uses protocol 41 in order to encapsulate the
IPv6 Data packets in IPv4 data packets. This
protocol does NOT function when the client
or the server are covered or hidden under a
NAT device [2]. In this scenario, it is important
that both server and client must have public
IPv4 addresses.
Conclusion
In the present scenario with the
development of the internet technology, the
issue of the safe and secure transmission of
data between the different users or systems
needs to be addressed for the sake of user’s
privacy and security of important data. With
the use of the traditional VPN solutions it was
addressed partially as these solutions suffered
from different drawbacks. Different section of
this report, comprises discussion on the use of
the vulnerabilities found in legacy or
traditional VPN . The alternative technologies
such as DirectAccess by Microsoft, Soft
Ethernet which can replace and can be
utilized by the users to secure data. While
discussing the features of the technologies we
also provided a brief comparison between
them so that drawbacks and benefits can be
decided for each of them.
When investment in the right
infrastructure of the VPN is considered, most
of the people gives more preference to the
hardware and software aspects of the system
to implement the VPN. The idea of
strengthening the security measures are often
ignored. Security is considered as one of the
most commonly forgotten investment aspect.
stop the VPN connections as is required with
customary VPN.
From a client’s perspective
DirectAccess is a totally programmed VPN
connection that rearranges getting to
corporate LAN administrations from wherever
they need to connect to the organization or to
the other clients.
In order to connect to the remote
client it is important to use client transition
protocols so that the IPv4 and IPv6 addresses
can be mapped appropriately [6]. Some of
them are discussed below,
IP-HTTPS- This protocol uses
standard protocols and ports. Earlier
servers/clients used double encryption for
the data traffic such as IPsec & SSL/TLS. In
the later versions such as in windows 8 or
later uses null encryption technique in order
to solve the double encryption issue.
Teredo: This protocol Utilizes UDP on
the port 3544 in order to encapsulate IPv6
packets in IPv4 packets. This protocol
supports the mapping of the client behind a
NAT device. On the other hand this protocol
is unable to detect server behind NAT [9].
This protocol requires Server that are
configured with two successive public IPv4
addresses.
6to4: This transition control protocol
uses protocol 41 in order to encapsulate the
IPv6 Data packets in IPv4 data packets. This
protocol does NOT function when the client
or the server are covered or hidden under a
NAT device [2]. In this scenario, it is important
that both server and client must have public
IPv4 addresses.
Conclusion
In the present scenario with the
development of the internet technology, the
issue of the safe and secure transmission of
data between the different users or systems
needs to be addressed for the sake of user’s
privacy and security of important data. With
the use of the traditional VPN solutions it was
addressed partially as these solutions suffered
from different drawbacks. Different section of
this report, comprises discussion on the use of
the vulnerabilities found in legacy or
traditional VPN . The alternative technologies
such as DirectAccess by Microsoft, Soft
Ethernet which can replace and can be
utilized by the users to secure data. While
discussing the features of the technologies we
also provided a brief comparison between
them so that drawbacks and benefits can be
decided for each of them.
When investment in the right
infrastructure of the VPN is considered, most
of the people gives more preference to the
hardware and software aspects of the system
to implement the VPN. The idea of
strengthening the security measures are often
ignored. Security is considered as one of the
most commonly forgotten investment aspect.
9ALTERNATIVE TECHNOLOGIES TO REPLACE VPN
It is also an aspect that is difficult to measure.
One can never be contented with the security
that has been imposed. With the advent of
technology, more chances for security
breaches are discovered, which leads to the
need for tightening security loopholes. A
simple security breach can cost millions to a
company or an individual.
Future Work
As there are still research and
development is going in the field of the VPN
technology that may address the weaknesses
of the legacy VPN solution and the related
security issues. In future it is possible that the
fusion of the some of the tunnelling and
encryption protocols may be able to meet the
security and performance requirements of the
users. In addition to that the scaling of the
VPN, careful attention must be paid to all
three key security technologies as well as the
question of load balancing of the application.
However, management of encryption and
automated access control management are
the two most critical considerations for
scalability.
It is also an aspect that is difficult to measure.
One can never be contented with the security
that has been imposed. With the advent of
technology, more chances for security
breaches are discovered, which leads to the
need for tightening security loopholes. A
simple security breach can cost millions to a
company or an individual.
Future Work
As there are still research and
development is going in the field of the VPN
technology that may address the weaknesses
of the legacy VPN solution and the related
security issues. In future it is possible that the
fusion of the some of the tunnelling and
encryption protocols may be able to meet the
security and performance requirements of the
users. In addition to that the scaling of the
VPN, careful attention must be paid to all
three key security technologies as well as the
question of load balancing of the application.
However, management of encryption and
automated access control management are
the two most critical considerations for
scalability.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
10ALTERNATIVE TECHNOLOGIES TO REPLACE VPN
References
[1]K. Grewal and R. Dangi, "Comparative Analysis of
QoS VPN Provisioning Algorithm on Traditional IP
based VPN and MPLS VPN using NS-
2", International Journal of Computer Applications,
vol. 48, no. 1, pp. 43-46, 2012.
[2]R. Malik and R. Syal, "Performance Analysis of IP
Security VPN", International Journal of Computer
Applications, vol. 8, no. 4, pp. 5-9, 2010.
[3]"QOS Capabilities for Building MPLS VPN",
International Journal of Science and Research
(IJSR), vol. 5, no. 5, pp. 2247-2251, 2016.
[4]T. Kuroda, "A combination of Raspberry Pi and
SoftEther VPN for controlling research devices via
the Internet", Journal of the Experimental Analysis
of Behavior, vol. 108, no. 3, pp. 468-484, 2017.
[5]V. Perta, M. Barbera, G. Tyson, H. Haddadi and A.
Mei, "A Glance through the VPN Looking Glass:
IPv6 Leakage and DNS Hijacking in Commercial
VPN clients", Proceedings on Privacy Enhancing
Technologies, vol. 2015, no. 1, 2015.
[6]B. BĂNUȚĂ, "Security Technologies Implemented
in MPLS VPN Networks", International Journal of
Information Security and Cybercrime, vol. 1, no. 2,
pp. 9-16, 2012.
[7]A. Shahzad and M. Hussain, "IP Backbone
Security: MPLS VPN Technology", International
Journal of Future Generation Communication and
Networking, vol. 6, no. 5, pp. 81-96, 2013.
[8]M. Pólkowski and D. Laskowski, "Analysis Of
MPLS VPN Resistance To External Threats", Journal
of KONBiN, vol. 35, no. 1, 2015.
[9]A. Al Mhdawi, "A Design Analysis of MPLS VPN
Core Architecture and Network Downtime
Impact", International Journal of Engineering
Trends and Technology, vol. 33, no. 3, pp. 130-133,
2016.
[10]清. 清, "Research on MPLS/BGP VPN Full
Connection Network", Computer Science and
Application, vol. 07, no. 08, pp. 722-728, 2017.
References
[1]K. Grewal and R. Dangi, "Comparative Analysis of
QoS VPN Provisioning Algorithm on Traditional IP
based VPN and MPLS VPN using NS-
2", International Journal of Computer Applications,
vol. 48, no. 1, pp. 43-46, 2012.
[2]R. Malik and R. Syal, "Performance Analysis of IP
Security VPN", International Journal of Computer
Applications, vol. 8, no. 4, pp. 5-9, 2010.
[3]"QOS Capabilities for Building MPLS VPN",
International Journal of Science and Research
(IJSR), vol. 5, no. 5, pp. 2247-2251, 2016.
[4]T. Kuroda, "A combination of Raspberry Pi and
SoftEther VPN for controlling research devices via
the Internet", Journal of the Experimental Analysis
of Behavior, vol. 108, no. 3, pp. 468-484, 2017.
[5]V. Perta, M. Barbera, G. Tyson, H. Haddadi and A.
Mei, "A Glance through the VPN Looking Glass:
IPv6 Leakage and DNS Hijacking in Commercial
VPN clients", Proceedings on Privacy Enhancing
Technologies, vol. 2015, no. 1, 2015.
[6]B. BĂNUȚĂ, "Security Technologies Implemented
in MPLS VPN Networks", International Journal of
Information Security and Cybercrime, vol. 1, no. 2,
pp. 9-16, 2012.
[7]A. Shahzad and M. Hussain, "IP Backbone
Security: MPLS VPN Technology", International
Journal of Future Generation Communication and
Networking, vol. 6, no. 5, pp. 81-96, 2013.
[8]M. Pólkowski and D. Laskowski, "Analysis Of
MPLS VPN Resistance To External Threats", Journal
of KONBiN, vol. 35, no. 1, 2015.
[9]A. Al Mhdawi, "A Design Analysis of MPLS VPN
Core Architecture and Network Downtime
Impact", International Journal of Engineering
Trends and Technology, vol. 33, no. 3, pp. 130-133,
2016.
[10]清. 清, "Research on MPLS/BGP VPN Full
Connection Network", Computer Science and
Application, vol. 07, no. 08, pp. 722-728, 2017.
1 out of 11
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.