III. Security Mechanisms of Virtual Private Network
To prevent leaking or stealing of private information VPNs typically allow only authenticated remote access using tunnelling protocols and various encryption techniques.
VPNs cannot make the user completely anonymous in the internet, but they can usually increase anonymity and confidentiality of the information. To prevent disclosure of private information publicly, VPNs typically allow only authenticated users who remotely access the internet using software that allow and use tunneling protocols and encryption techniques.
The VPN security model provides:
confidentiality such that even if the network traffic were sniffed at the packet level an attacker would only see encrypted data.
Sender authentication is used to prevent unauthorized users from accessing the VPN.
Message integrity and to detect any instances of tampering with transmitted messages The most important aspects of VPN security are authorization, authentication, data encryption, packet filtering and tunnelling. A well designed VPN uses several methods for keeping connection and data secure.
The SSL VPN Security has 3 categories which falls into the AAA Servers which stands for Authorization, Authentication and Accounting.
Authorization for VPN connections are only created for users and routers that have been authorized. If a user or router is not authorized for communicating in such connections, the server will disable them from using the VPN.
Authentication takes place at 2 levels.
a)User-level Authentication. It requires tunnel endpoints to be authenticated before secure VPN connections can be established. User created remote access may use passwords, RSAs, biometrics or other methods.
b) Machine-level Authentication. It allows Network-to-Network interaction and often uses preshared passwords or digital certificates such as VeriSign.
Accounting is a service provided by the network systems that keeps track of the users who access the resources. Network resources are commonly tracked through: disk space utilized, user logons and logoffs, files accessed, applications started and so on. In most places the admin is allowed to set limits and restrictions to the user and the amount and types of resources.
Data Encryption in a secure VPN uses several protocols that include SSL, IPSec, PPTP (described in section II. Types of Virtual Private Network). The protocols used to create VPN connections allow encrypted data to be sent inside the network. Although it is possible to have a non-encrypted connection, this is not recommended. Data encryption for VPN connections does not provide end-to-end security, but only security between the client and the VPN server. In order to provide a secure end-to-end connection, the IPSec protocol can be used once a VPN connection has been established.
Packet Filtering is used to enhance security of the VPN, Packet filtering must be configured so that it only performs VPN routing.
Tunnelling is the mechanism for the transportation of network specific packets over foreign networks and is a part of IPSec. Tunnelling uses 3 types of protocols.
Carrier: The protocol used by the network in which the information is travelling.
Encapsulation: The protocols such as PPTP, IPSec, L2TP that wraps the data packets therefore encrypting the original data.
Passenger: The original data being carried.
Firewalls protects private networks over the internet, they control which files are allowed to leave the private network and, which port packets can pass through. Two commonly used types of firewalls are packet-level firewalls and application-level firewalls.
a) Packet-level firewall is simplest form of firewall. That is a router that screens and rejects packets based purely on fields in the IP and Transport header. It also checks the source and destination address of every packet that is trying to passes through the network. Packet-level firewall only lets the user stay inside the network and communicate if the packets are valid. Firewall checks each data packet individually using port ids and IP addresses and will also be able to keep a log of the packets as to where its coming from and going to. Disadvantage of packet-level firewall is that it does not check the packet contents, or why they are being transmitted, and resources that are not disabled are available to all users.
b) Application-level firewall acts as a host computer between the organization’s network and the Internet. Users who want to access the organization’s network must log in to the application-level firewall and can only access information that they are allowed. Advantages for using application-level firewall are: can set user access control as to what information can be accessed and what information cannot be accessed. The downside is that the user will have to remember additional passwords due to the extra security implemented by the firewall.
IV. Security Issues (Threats) for using a VPN
As any network VPN has its own security issues and threats. These issues must be carefully handled to ensure confidentiality and integrity of data and information along with the network security.
Some of the security risks involved are:
a) User Authentication: Where the VPN security is only as strong as the users authentication (passwords). Simple passwords may lead to hacking attacks and cracking the password will be easy. Certificates are generally given to enhance the security of the authentication.
b) Digital Certificates: Are based on public/private key pairs. Each certificate contains a private key that identifies its end receiver. The trusted Certificate Authority such as enterprise networks produces the private key. The sender can verify the receiver certificate using a machine public key to decrypt the message.
c) Infecting the network: If the company does not meet the security requirements it will be open for infection from the local area networks in the form of worms, viruses, trojans, bots etc. Having a good anti-virus which is up-to date is mandatory .
d) Tunnelling: Tunnelling is a key part of a VPN. It is responsible for encapsulating data packets inside a protocol from the start to the end of the network. Split tunnelling happens when a user on one end of a VPN tunnel simultaneously exchanges network traffic with another user on the other end of the tunnel with both public network and private network before all of the network traffic is inside the VPN tunnel. This provides an opportunity for hackers who are on the shared network to get illegal access to the host computer and use it to gain network access to the internal network of the organization. A host-based firewall is an effective way to defend against network-based attacks.
e) Domain Name Server Leakage (DNS Leakage): VPN ensures that the users data packets go through a private tunnel but on certain events there could be a DNS leakage where the network uses the users default DNS address instead of the DNS provided by the VPN.
V. Security Benefits of using a VPN
Virtual private networks offers a lot of benefits. The two most important benefits are cost savings and the network scalability. VPN allows easy maintenance. The cost for running a VPN network is cheap and helps reduce the company/business working costs. The various security benefits of VPN are discussed below.
a) Secure Data Transmission: VPN secures data at the packet level and therefore provides increased security when you are connected to a network. The data that you will send or receive is kept encrypted so it is not easy to hack.
b) Anonymity: VPN can help the user stay anonymous in the network and works better than hiding your IP addresses and proxy servers.
c) Increased Accessibility: VPN helps you access blocked or restricted information and is very popular in places where internet censorship and policies are used frequently.
d) Integrity Verification: VPN allows integrity where there is concern that someone will manipulate IP addresses. Integrity ensures to check that the packets have not been damaged, changed or recorded by hackers during the path from sender to receiver. Data encryption standard is the most commonly used encryption method in VPN.
e) Anti-Spoofing: VPN allows the developer to find and filter the data packets which are being duplicated and thereby helps prevent spoofing.
VI. Future of VPN technology
Future of VPN technology is appealing to the public due to decreases in the cost of long distance or leased lines, data security and privacy. IPSec VPN happens to be highly accepted and highly secured and is also currently the most popular VPN in use today.
A lot of corporates are debating whether to switch over to a VPN or if their networks are user friendly and if it would be worth the cost and expanding. Furthermore as VPNs are growing they are becoming more sophisticated, which increases the expenses for training new employees. The rising costs for data security will impact VPN technology and may hold back its progress if no new protocols are developed or if the existing protocols are strengthened.
Factorization techniques are getting faster as the processors are becoming much better over time. It is possible that in future the encryption techniques may be cracked much faster as well thereby rendering them useless. VPNs have a lot of importance in this matter.
With the increasing trend of mobile phones, cloud computing and the internet connectivity almost everywhere, with lots of private information shared across these platforms, security is a top priority. Virtual private network is one such security methods with SSL VPNs being the most popular ones at the moment. VPNs are evolving with time and becoming much better and more useful in day-to-day life.
The security needs for mobile phones are different compared to applications used in PC as they both have different architectures. Since the mobile phone applications use internet to download or communicate and since VPN secures the internet this becomes a perfect match for both PCs and mobile phones and there is no need to create additional security software, it just needs to be modified and tuned to work for mobile phones. However the mobile phones currently use VPN but they are old VPN protocols like SSL 2.0 or IPSec that were mainly built for computers. However with the rising reliance on smart phones there are possibilities to see new VPN protocols developed specifically and purely for mobile phones.
A lot of small businesses are opting for cloud services offered by the likes of Amazon and Google in place of VPNs. This is something that VPN companies should look for when catering to other businesses. Smaller businesses moving into cloud services will have a huge effect on VPN companies as VPN currently does not support cloud operating systems. To reverse the trend, some VPN companies are beginning to offer Cloud storage as a part of their VPN plans so that customers can get the best of both worlds. In addition, some VPN providers are also taking advantage of cloud and Peer-To-Peer technologies to offer Cloud and P2P based VPN services.
Cloud based VPNs helps multiple employees to unrestricted access to remote machines and tools and virtually control them from any where as well as check its status. Business owners can also restrict the VPN to only allow employees certain access. It also reduces cost of travelling and the benefits of being able to work from home is endless. Many companies are looking to adapt into cloud based VPN and services because of lower staff, hardware and setup costs. The staff does not need intensive training to be able to use the cloud based technology as its made simple for use.
The future of VPN looks bright with the evolving technology. The next big change in the field of VPN is debatable but VPN does look promising to protect user privacy and security of the internet. VPNs will also help create better trust and relationship between businesses and customers with the provision of secured data and safety. Hopefully in the future, internet will be a less corrupted place and more free without too many restrictions. VPNs will play a major role in achieving this goal.
...(download the rest of the essay above)