CCNA Security Case sutdy IEEE standards Essay Example

  • Category:
    Other
  • Document type:
    Case Study
  • Level:
    Undergraduate
  • Page:
    2
  • Words:
    1052

Paper Title* (Virtual Private Network)

Subtitle as needed (security issues within VPN network)

Email address, award title, date, attention detail Authors Name/s per 2nd Affiliation (Author)

Confidentiality statement-This research work is meant for highlighting VPN technology as well as security issues. This work is properly cited and meant for academic purposes only.

Abstract

VPN provides remote connectivity to organization resources. Once a VPN connection has been established, a user can access all organization resources through a public network (internet). VPN is therefore commonly employed by organization to increase convenience and also because of its perceived security. Nonetheless, there are several security concerns of VPN that must be addressed in order to ensure that the connection is actually secure. This paper points out two major security flaws of VPN connections namely VPN fingerprinting and client server programs that. VPN fingerprinting makes it possible for hackers to acquire device information while server programs can leak authentication credentials to potential hackers. It is therefore recommended to avert these security issues by properly addressing security vulnerabilities.

Key words- Virtual Private Network, Network security, VPN client server, encryption, encapsulating.

Introduction

Virtual Private Network (VPN) are connections that allow access to organization information outside the organization premises. An overview of VPN operations as well as security measures available and existing vulnerabilities provides a basis for VPN improvement in the future. The purpose of this analysis is to shade light on these security issues and recommended ways of dealing with them.

Aims and objectives

The aim of this research is to explore existing security measures within the VPN as well as flaws in order to recommend ways of averting them.

Terminologies

VPN-Virtual Private Network

ISDN-Integrated Digital Service Network

TCP/IP-Transmission Controlled Protocol/Internet Protocol

PPP-Pont to Point Protocol

UDP-User Datagram Protocol

IDS-Intrusion Detection System

Literature Review section

Virtual Private Network (VPN) is a network which rides on the public network to establish connection to remote users or sites. VPN is a secure way of establishing connection to other branches and users. The VPN replaced leased lines like ISDN by taking advantage of the public network (internet) to create connections. Servers provide VPN protocols that allows remote connections. Common connections technologies include Point-to-Point Tunneling Protocol (PPTP), Layer Two Tunneling Protocol over Internet security (L2TP/IPsec) as well as IPsec tunneling mode [1].

Point-to-Point Tunneling Protocol (PPTP) enables multi-protocol as well as secure data transfer from remote client to a private network. This is accomplished through a link across the TCP/IP networks. PPTP demands user-level authentication to establish connection. Layer Two Tunneling Protocol (L2TP) enables frame encapsulation through the PPP over the IP network. It also allows encryption of IP traffic [3]. L2TP uses IPsec to encrypt data over the link between VPN server and Client and hence the term L2TP/IPsec [1]. This connection requires user-level authentication as well as computer-level authentication with computer certificates. IPsec tunneling mode on the other hand allows encryption and encapsulation of IP datagrams. This is achieved by adding IP header before being transmitted through the IP network (public network). This mode allows for interoperability with gateways, routers, and other systems which are incompatible with L2TO/IPsec [2]. The figure below shows how this mode is achieved.

CCNA Security Case sutdy IEEE standards

Notably, the security level of PPTP is moderate, the security connection of L2PT/IPsec and IPsec tunneling mode is high [3]. Nonetheless, VPN connections are not impenetrable systems. Because of the security sensitivity of the information that they carry across an insecure network (internet), most users tend to trust the medium and hence less careful to ensure proper encryption and use of correct protocols for data transmission [3]. VPN allows full access to internal network of an organization, this makes it attractive to hackers who want sensitive information from the organization [1]. More so, VPN is often not visible to IDS, this because the IDS probe is normally outside the VPN server and hence making it easy for a hacker to attack internal systems without being detected [2].

The existing flaws within VPN network increases vulnerabilities. VPN fingerprinting using vendor ID fingerprinting or UDP fingerprinting. Fingerprinting gives hackers information about the device as well as the software version details [2]. This is useful information for the hacker to study vulnerabilities of the device before launching an attack. The other flaw is in the VPN clients, many of these client programs allow users to store important authentication credentials. These credentials can be in plain text or stored in computer registry. This introduces security issues if the computer is accessed by a hacker [1]. The hacker can acquire credentials in unencrypted file and use it to illegally attack the network.

Conclusions and Recommendations

In conclusion, VPN is an important technology because it allows connection to remote sites or branches through the public network. These connections have been employed after the leased lines because of their secure nature. Nonetheless, there are security flaws associated with VPN technologies, as identified VPN fingerprinting and VPN client programs are weaknesses of this technology, VPN fingerprinting allows the hacker to acquire information about the device while VPN client helps the hacker to access the network because important information are saved in the plain text or in computer registries.

It is recommended to ensure that clients are advised about the potential security risk that they face if their VPN client is accessed. Users should always put their credentials safely in order to avoid potential security breach. Further security measures should be taken in order to ensure that the information contained in client computers are inaccessible to potential hackers. Concerning fingerprinting, proper encryption and encapsulation of data transferred over the public network should be ensured. More so, update patches of VPN authentication protocols should always be prioritized in order to ensure that the VPN connectivity is up to date with industry standards. It is also imperative to ensure that fundamental security flaws such as usage of IKE with pre-shared keys are avoided.

References

[1] Kang, B & Balitanas, MO 2009, Vulnerabilities of VPN using IPSec and Defensive Measures, International Journal of Advanced Science and Technology, vol.9. pp. 1-10.

[2] Parmar, MS & Meniya, AD 2013, Imperatives and Issues of IPSEC Based VPN, International Journal of Science and Modern Engineering, vol.1, no.2. pp.1-14.

[3] Ritu, M & Rupali, S 2010, “Performance Analysis of IP Security VPN“ International Journal of Computer Applications, Vol.8, No.4.p.5.