Today’s VPNs can provide a secure point-to-point tunnel between two devices, an origin and a destination. The level of security across a VPN is largely dependent upon the type of encryption that is used to encapsulate the transmission. Key issues with traditional VPNs:
· Discoverability: VPNs typically connect an ingress point to an egress point, and are static and easily discoverable. As a result, it is possible for an adversary or interested party to detect the presence of a VPN link and obtain intelligence related to the existence of a link between the ingress point and the egress point, even if the traffic itself remains encrypted.
There are well known vulnerabilities in the most popular VPNs, which result in users having a false sense of security.
· Network topology changes: To alter the topography of a traditional VPN (i.e., change the egress point), the existing link is “torn down” and a new VPN is established. This process results in a break in traffic exchange, and the establishment of a new VPN can consume significant network overhead and take a significant amount of time to restore communications. Moreover, users and/or administrators associated with the origin and/or destination computer devices have little or no control over the physical and/or virtual path the VPN tunnel takes across the cloud(s).
As a result, most users fail to alter the network topology of their VPN once established, making them a static target for attack.
· Latency/Performance: Traffic sent across VPNs or implemented in a cloud applying traditional network virtualization techniques will typically take an unpredictable and/or varied path through the physical and/or virtual infrastructure. As a result, traditional VPNs have inconsistent latencies as two packets traversing a VPN implemented across a virtual network may take different routes and may arrive out-of-order.
Many users will elect not to use VPNs when performance matters, which is often when they need them the most.
· TOR: The Onion Router (TOR) allows a user to surf the Internet with some degree of anonymity by obfuscating the path between the origin and the destination. TOR clients and nodes maintain a list of participating TOR nodes in a routing table that is updated via network broadcasts. TOR clients then select a path between the origin and destination by randomly selecting multiple routing nodes from the list. TOR, however, does not allow a client or administrator to select a path through the TOR network. TOR operates by broadcasting a node list so that each client and node remain up-to-date.
As a result, an adversary or interested party can recognize the use of TOR and take advantage of well-documented TOR vulnerabilities.
The NetAbstraction patents allow us to provide dynamically shifting VPN routing that enables a user and/or administrator to control the routing and select the path through the network that:
o Improves privacy by protecting the location and identity of our customers;
o Improves network performance by providing a consistent path for our customers; and
o Improves security by not broadcasting information in order to set up a connection.
Barbara is a recognized expert in information and telecommunications technology and operations, based on her extensive experience in the Intelligence Community (IC). She is a sought-after speaker and presenter in the cyber communications market.
Visibility remains a principal need for security and other reasons, especially across distributed environments.READ MORE
Security issues with these virtual private network services could’ve enables cybercrooks to spy and even install ransomware.READ MORE
Remote work is a popular use case, and in light of the Covid-19 outbreak, many companies are rushing to deploy VPNs to enable employees to work remotely.READ MORE
Sign up for the latest posts and updates from NetAbstraction.
This article appeared in Security Brief, New Zealand and is republished here with their permission.Mobile phones have a huge impact on the day-to-day lives and the way one communicates with the world.Read More
This article, “Life Beyond Malware,” originally appeared on ITProPortal and is published here with their permission.Read More