IV. Security Issues (Threats) for using a VPN
As any network VPN has its own security issues and threats. These issues must be carefully handled to ensure confidentiality and integrity of data and information along with the network security.
Some of the security risks involved are:
a) User Authentication: Where the VPN security is only as strong as the users authentication (passwords). Simple passwords may lead to hacking attacks and cracking the password will be easy. Certificates are generally given to enhance the security of the authentication.
b) Digital Certificates: Are based on public/private key pairs. Each certificate contains a private key that identifies its end receiver. The trusted Certificate Authority such as enterprise networks produces the private key. The sender can verify the receiver certificate using a machine public key to decrypt the message.
c) Infecting the network: If the company does not meet the security requirements it will be open for infection from the local area networks in the form of worms, viruses, trojans, bots etc. Having a good anti-virus is mandatory which is up-to date.
d) Tunnelling: Tunnelling is a key part of a VPN. It is responsible for encapsulating data packets inside a protocol from the start to the end of the network. Split tunnelling takes place when a computer on the remote end of a VPN tunnel simultaneously exchanges network traffic with both the public network and the private network without first placing all of the network traffic inside the VPN tunnel. This provides an opportunity for attackers on the shared network to compromise the remote computer and use it to gain network access to the internal network. A host-based firewall is an effective way to defend against network-based attacks.
e) Domain Name Server Leakage (DNS Leakage): VPN ensures that the users data packets go through a private tunnel but on certain events there could be a DNS leakage where the network uses the users default DNS address instead of the DNS provided by the VPN.
V. Security Benefits of using a VPN
Virtual private networks offers a lot of benefits. The two most important benefits are cost savings and the network scalability. VPN allows easy maintenance. The cost for running a VPN network is cheap and helps reduce the company/business working costs. The various security benefits of VPN are discussed below.
a) Secure Data Transmission: VPN secures data at the packet level and therefore provides increased security when you are connected to a network. The data that you will send or receive is kept encrypted so it is not easy to hack.
b) Anonymity: VPN can help the user stay anonymous in the network and works better than hiding your IP addresses and proxy servers.
c) Increased Accessibility: VPN helps you access blocked or restricted information and is very popular in places where internet censorship and policies are used frequently.
d) Integrity Verification: VPN allows integrity where there is concern that someone will manipulate IP addresses. Integrity ensures to check that the packets have not been damaged, changed or recorded by hackers during the path from sender to receiver. Data encryption standard is the most commonly used encryption method in VPN.
e) Anti-Spoofing: VPN allows the developer to find and filter the data packets which are being duplicated and thereby helps prevent spoofing.
VI. Future of VPN technology
Future of VPN technology is appealing to the public due to decreases in the cost of long distance or leased lines, data security and privacy. A lot of corporates are debating whether to switch over to a VPN or if their networks are user friendly and if it would be worth the cost and expanding. Furthermore as VPNs are growing they are becoming more complex, thus, increasing costs for training. All these lead to hidden costs for the VPN technology, which may hinder the success of a VPN. However, we should expect VPNs to strengthen their standards and products and correct their flaws to avoid these uncertainties.
Factorization techniques are getting faster as the processors are becoming much better over time. It is possible that in future the encryption techniques may be cracked much faster as well thereby rendering them useless. VPNs have a lot of importance in this matter.
With the increasing trend of mobile phones, cloud computing and the internet connectivity almost everywhere, with lots of private information shared across these platforms, security is a top priority. Virtual private network is one such security methods with SSL VPNs being the most popular ones at the moment. VPNs are evolving with time and becoming much better and more useful in day-to-day life.
The security needs for mobile phones are different compared to applications used in computers. Since the mobile phone applications use internet to download or communicate and VPN secures the internet this becomes a perfect match for both computers and mobile phones and there is no need to create additional security software. However the mobile phones currently use old VPN protocols like SSL or IPSec that were mainly built for computers. However with the rising reliance on smart phones there are possibilities to see new VPN protocols developed specifically and purely for mobile phones.
A lot of small businesses are opting for cloud services offered by the likes of Amazon and Google in place of VPNs. This is certainly a worrying sign for VPN companies catering to businesses. To reverse the trend, some VPN companies are beginning to offer Cloud storage as a part of their VPN plans so that customers can get the best of both worlds. In addition, some VPN providers are also taking advantage of cloud and Peer-To-Peer technologies to offer Cloud and P2P based VPN services.
The future of VPN looks bright with the evolving technology. The next big change in the field of VPN is debatable but VPN does look promising to protect user privacy and security of the internet. VPNs will also help create better trust and relationship between businesses and customers with the provision of secured data and safety. Hopefully in the future, internet will be a less corrupted place and more free without too many restrictions. VPNs will play a major role in achieving this goal.
1. Kurose, J., & Ross, K. (2013). Computer networking: A top-down approach (6th ed.). Boston: Pearson.
2. Mason, Andrew G. (2002).Cisco Secure Virtual Private Network. Cisco Press. p.7.
3. Layer 2 Tunnelling Protocol. (1999). Cisco Systems. Introduction from
4. Microsoft Technet (2001).”Virtual Private Networking: An Overview”.
5. Cisco Systems, et al. Internet working Technologies Handbook, Third Edition. Cisco Press, 2000, p. 232.
6. Lewis, Mark. Comparing, Designing. And Deploying VPNs. Cisco Press, 2006, p. 5
7. Technet Lab.”IPv6 traffic over VPN connections”
8. Layer Two Tunneling Protocol “L2TP”, RFC 2661, W. Townsley et al., August 1999
9. Hamzeh, K., Pall, G., Verthein, W., Taarud, J., Little, W. and G. Zorn, “Point-to-Point Tunneling Protocol (PPTP)”, RFC 2637, July 1999.
10. Simpson, W., “The Point-to-Point Protocol (PPP)”, STD 51, RFC 1661, July 1994.
11. Valencia, et. al. “Cisco L2F” Historic , Authentication, RFC 2341, May 1998 p.7
12 . Point-to-Point Tunneling Protocol (PPTP), RFC 2637, K. Hamzeh et al., July 1999
13. Lloyd, B. and W. Simpson, “PPP Authentication Protocols”, RFC 1334, October 1992.
14. Simpson, W., editor, “The Point-to-Point Protocol (PPP)”, STD 51, RFC 1661, July 1994.
16. Kent, S. and R. Atkinson, “Security Architecture for the Internet Protocol”, RFC 2401, November 1998.
18. CERT, “Packet Filtering for Firewall Systems,”
19. CERT, “Advisory CA-96.21: TCP SYN Flooding and IP Spoofing Attacks,
20. Raju,PP “Different Types of VPN Protocols” , March 2013
21. HowStuffWorks.com Contributors. “What are the three types of VPN?” 27 July 2011.
22. technet.microsoft.com, “What is a VPN”, 28 March 2003.
23. Introduction to VPN: VPNs utilize special purpose networking protocols, Computer networking from about.com
24. Pawel,G “Firewalls and VPN”, 14 August 2002
25. Jain, Samir (2007-01-17). “SSTP FAQ – Part 2: Client Specific”. Microsoft TechNet. Retrieved 2015-10-17.
26. T. Dierks, E. Rescorla (August 2008). “The Transport Layer Security (TLS) Protocol, Version 1.2”
27. Thayer, R.; Doraswamy, N.; Glenn, R. (November 1998). IP Security Document Roadmap. IETF. RFC 2411.
28. Hoffman, P. (December 2005). Cryptographic Suites for IPsec. IETF. RFC 4308.
29. Kent, S.; Atkinson, R. (November 1998). IP Authentication Header. IETF. RFC 2402.
30. Kent, S. (December 2005). IP Authentication Header. IETF. RFC 4302.
31. IETF (1999), RFC 2661, Layer Two Tunnelling Protocol “L2TP”
32. D. Mitton, M. St.Johns, S. Barkley, D. Nelson, B. Patil, M. Stevens, B. Wolff, “Authentication, Authorization, and Accounting: Protocol Evaluation”, June 2001 RFC 3127
33. Kent, S.; Atkinson, R. (November 1998). IP Encapsulating Security Payload (ESP).IETF. RFC 2406.
...(download the rest of the essay above)