SSL VPN Security Vulnerabilities Exposed
In most cases, Secure Sockets Layer Virtual Private Networks (SSL VPNs) will provide a convenient, secure way of obtaining remote access to a private network, and safely transmitting and working with data, but users need to be aware that there are some security vulnerabilities that can plague an SSL VPN in certain cases.
Introduction
Tyson & Crawford (2015) describe the function of a VPN (virtual private network) as connecting remote sites or users together via a public network like the Internet. An SSL (Secure Socket Layer) VPN, is created by using the SSL protocol, a cryptographic protocol (Jabbar, 2015). When using a VPN, data that is to be exchanged is encrypted and then it moves through a virtual tunnel so that it cannot be seen by the public (Tyson & Crawford, 2015). The tunnel effect is achieved by using encapsulation, which means that each packet is encapsulated within another packet before it is sent across the Internet, thus providing protection from the public network. Jabbar (2015) explains that the security level of an SSL VPN is more “invulnerable to breach” than a VPN created with other protocols like PPTP or L2TP/IPSec as it adds the use of “X 509 certificates to facilitate data encryption,” thus adding another level of security. Another difference with an SSL VPN is that it does not require client software; it can be accessed with just a web browser and no specific operating system is required (Jabbar,
Virtual Private Networks (VPNs) are used to allow a remote public connection to an internal network. A VPN is essentially a virtual tunnel connecting a remote user (Tunnel Vision). The traffic within the VPN tunnel is encrypted, and there are two ways to do this. One way is Internet Protocol Security (IPsec) and the other is Secure Sockets Layer (SSL).
TLS (Transport Layer Security) is the successor to another security protocol; SSL (Secure Sockets Layer) which was originally developed by ‘Netscape’ (HowStuffWorks "SSL and TLS". 2014). It is a cryptographic security protocol which was designed primarily to ensure communication security across the internet. Communication security is achieved by the use of X.509 certificates and hence asymmetric cryptography which allows the exchange of a symmetric key, which can then be used to encrypt the data that is being transmitted between both parties involved in the communication. The protocol is made up of two main layers; TLS Record Protocol and TLS Handshake Protocol. TLS will be most commonly recognised when ‘https’ is noticed in
Which of the following is protocol used to enable communication securely between points on a Virtual Private Network (VPN)?
Encrypted Outbound Sessions – an encrypted interactive session by an adversary which takes advantage of less restrictive outbound connections
OpenVPN is an open-source software application that implements virtual private network (VPN) techniques for creating secure point-to-point or site-to-site connections and remote access facilities. OpenVPN allows authentication using certificates or username/password. OpenVPN can work in two different modes regarding encryption. It can use static encryption or Public Key Infrastructure (PKI). The advantage of static encryption is that it is very easy to configure. The disadvantage of this type setup is that if your encryption key is compromised, all VPN data can easily be decrypted. The PKI mode resolves many of the issues static encryption has. It
A VPN is a private network that uses a public network (usually the Internet) to connect
VPN refers to the networking technology Virtual Private Network. A VPN allows users connected to this network the ability to access any website or computer data from any location in the world with dedicated and secure networking environment rather than being present in a public server. Majority of VPN users belong to business class industry and educational purposes. VPN networks are used in this manner because majority of VPN networks offer the features like encryption and anonymity which increases the privacy and security benefits while using the VPN network. VPN networks also allow the user ability to perform activities on the internet as if they were accessing
Security is the heart of internetworking. The world has moved from an Internet of implicit trust to an Internet of pervasive distrust. In network security, no packet can be trusted; all packets must earn that trust through a network device’s ability to inspect and enforce policy. Clear text (unencrypted data) services represent a great weakness in networks. Clear text services transmit all information or packets, including user names and passwords, in unencrypted format. Services such as file transfer protocol (FTP), email, telnet and basic HTTP authentication all transmit communications in clear text. A hacker with a sniffer could easily capture user names and passwords from the network without anyone’s knowledge and gain administrator access to the system. Clear text services should be avoided; instead secure services that encrypt communications, such as Secure Shell (SSH) and Secure Socket Layer (SSL), should be used. The use of routers and switches will allow for network segmentation and help defend against sniffing
VPN is the abbreviation of Virtual Private Network. A VPN can extend a private network (like local network) across a public network, such as the Internet. It enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network, and thus benefit from the functionality, security and management policies of the private network [7].
Douligeris, C., Serpanos, D. (2007). VPN Benefits. Network Security: Current Status and Future Directions. John Wiley and Sons
This type of network is designed to provides a secure, encrypted tunnel in which to transmit the data between the remote user and the company network” (Beal). VPN uses encryption to provide data confidentiality. Virtual Private Networks makes use of encryption and special protocols to provide extra security.
A VPN is a secure protected network called a tunnel for communication purposes over long distances using the Internet as its means of transport. Due to the nature of the communication or transmissions that are being utilized by say a larger corporation, secure and reliable communication is a must. In the beginning these VPN connections were established using one or more dial up modems for users to access the information. Authentication was established by requiring the correct user name and password. As time went on as always things changed, new technology and advances in communication as well as equipment allowed the VPN to evolve and expand. To ensure security, the virtual tunnel is encrypted. VPNs use several protocols in order to encrypt
These are the problems that Transport Layer Security (TLS) aims to solve, building on the Secure Socket Layer (SSL) protocol originally created by a team at Netscape for secure transactions on early websites (although similar to SSL, TLS is different enough for them to not work together). TLS will create a “tunnel” that is an established connection between source and destination, through which all packet data AND packet headers are encrypted. However, before TLS gets involved, Dubh’s source machine must first establish a reliable transport protocol with which to communicate with the destination. In this case, we will (safely) assume that we are using Transmission Control Protocol (TCP) to establish this connection:
SSL VPN is a newer VPN technology that links an employee’s computer to a corporate network via a web browser. No client software is required, meaning a larger variety of operating systems are potentially supported. The third type of VPN is mobile, in which one of the endpoints of the tunnel is not fixed (Bridwater, 2013).
Virtual Private Networks: It provides a private network over a shared infrastructure, it interconnect separate sites which are geographically far from each other, with the same privacy and facilities as a private network.