 
Join Date: Aug 2013
Posts: 567
 |
VPN Hacking: How VPN's Work and How They Break Our Security
Welcome back, my aspiring cyberwarriors!
In recent posts, I have emphasized the risks inherent in VPN's. Virtual Private Networks or VPN's are designed to keep us safe and secure but in recent years they have failed us miserably. In highlighting these failings, we have encountered a lot of confusion and misconceptions regarding how VPN's actually work, much of it from so-called cybersecurity experts. In an attempt to clarify this confusion to both the beginner and expert, I am offering this series on VPN's. If you are taking a cybersecurity certification exam in the near future such as the Security+ or CISSP, this information will be invaluable as both exams( and nearly every other cybersecurity certification) requires that you understand how VPN's work and don't work. There are at least two types of VPN's, the ones designed for consumers to keep you safe from attackers (you see their advertisements all over the web and TV) and the corporate style VPN from vendors such as Fortinet and Cisco. These VPN's are designed to enable remote employees to access the local area network, safely and securely. Let's address the consumer level VPN that are supposed to keep you safe from attackers first. Consumer-Level VPN Consumer level VPN's are designed to encrypt the user's data and hide their IP address. The user installs a client software on their system and then connects through the VPN server to the Internet. The client software creates an encrypted "tunnel" between the user and the VPN. When the traffic leaves the VPN, it contains the IP address of the VPN server and not the end user, making it more difficult for attackers to identify and locate you.  This tunnel is effective in keeping your ISP from seeing your data and selling it data brokers and others. As for the protection against identifying you and your location, it is effective in hiding your IP address but web site owners and criminals use a newer techniques to identify you, such as your cookies and browser fingerprinting.So, these consumer level VPN's are effective in hiding your IP address and your data but not your identity. Corporate-Level VPN's Corporate level VPN's are VPN's designed to enable remote workers to access the corporate local area network. They work similarly to the consumer level VPN but instead of providing access to the global internet, they give the end-user access to the corporate network. Just like the consumer level VPN, they encrypt the data between the end user and the VPN server. In this case, they are not intended to hide the identity of the end user as the VPN administrator has access to everyone's identity, username, and password.  The problem with using the VPN's is that vendors have been lax in the security of the VPN servers. If an attacker can access the VPN server, they can "see" all the traffic over the VPN as the server decrypts the traffic before sending through to the local area network. They do not need any credentials to do so once they have breached the server. You might think this is rare or unusual but let me dispel that idea by listing all the VPN vulnerabilities in the last year from the major vendors. Please see the table below. Before I list the multitude of VPN vulnerabilities, let's point out a few facts;
__________________
Advertising Policies |
|
|
 |
«
Previous Thread
|
Next Thread
»
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Is Hacking IP Cameras Just for Voyeurs or Does it Have Strategic and National Security Implications? | Cartographer | News | 0 | 01-16-2025 03:29 PM |
| SCADA/ICS Hacking in Cyber Warfare: Hacking Gas Stations in Russia | Cartographer | News | 0 | 12-30-2024 08:31 PM |
| A must read for your security | Newer | Tutorials | 8 | 04-25-2021 09:40 PM |
| Encryption – Your “Key” To Security | Newer | Tutorials | 1 | 10-25-2015 11:59 AM |
| Paypal security | edward | Payments » Banks » Poker | 0 | 02-24-2014 06:50 PM |