1 / 2100%
Explaini somei ofi thei securityi risksi associatedi withi VPNs.
Duringi COVID-19i pandemic,i employeesi hadi toi worki remotelyi fromi home.i Perhapsi mosti ofi
themi hadi usedi virtuali privatei networki (VPN)i toi reachi corporatei resources.i Virtuali Privatei
Networki (VPN)i wasi onlyi thei wayi thati enablesi securei communicationi betweeni computersi usedi
byi employeesi andi officesi (Rash,i 1).i Sincei somei VPNi providersi doi noti providei thei guaranteei ofi
privacyi andi security,i therei arei somei securityi risksi associatedi withi VPNi whichi arei explainedi
below.
VPNi hijacking-i Thisi isi ai riski ini whichi ani unauthorizedi useri takesi ai VPNi connectioni fromi ai
remotei client.
Man-ini -the-middlei attack-i Ini thisi attack,i attackersi cani intercepti data.
Weaki useri authentication-i Authenticationi meansi verifyingi thei identityi ofi users.i Ifi thei usersi
usei weaki usernamei andi passwordi fori verification,i thisi mayi bei thei easyi spoti fori hackersi toi attacki
andi steali sensitivei data.
Spliti tunneling-i Ini thisi attack,i useri accessesi ani insecurei interneti connectioni whilei alsoi
accessingi thei VPNi connectioni toi ai privatei network.
DNSi leak-i Duringi thisi risk,i thei computeri usesi itsi defaulti DNSi connectioni ratheri thani thei VPNsi
securei DNSi serveri (Author,i 2).
i
Describei howi organizationsi cani mitigatei thesei risks.
Toi mitigatei thesei risks,i organizationsi shouldi thinki carefullyi abouti VPNi securityi featuresi wheni
choosingi ai VPNi producti (Author,i 2).i Usingi freei VPNi productsi shouldi bei avoidedi becausei
providersi sharei users’i datai toi thirdi partiesi (Mocan,i 3).i Attackersi tryi toi findi thei weaknessi ini ai
networki likei weaki useri authenticationi whichi mayi bei thei targeti point.i VPNi producti shouldi
requirei strongi passwordi toi logi in.i Thisi securityi featurei couldi preventi VPNi fromi hacking.i Ini
addition,i VPNi productsi shouldi havei provisioni ofi installingi anti-virusi softwarei andi intrusioni
detectioni andi preventioni toolsi soi thati thei attackeri cannoti havei accessi toi internet.i Further,i
trainingi isi mosti importanti fori VPNi users.i Unlessi trainingi abouti howi VPNi worksi isi giveni toi
networki andi securityi administrators,i staffi asi welli asi remoteri users,i theyi cannoti ensurei thati theyi
followi securityi besti practicesi duringi VPNi implementationi (Author,i 2).
i
Determinei thei effecti ofi penetrationi testingi andi applicablei lawsi oni VPNs.
VPNi isi thei mosti securei parti ofi network,i andi iti hasi beeni ani attractivei targeti fori attackers.i Iti
providesi directi linki toi organizationali networksi thati isi whyi iti isi essentiali toi keepi VPNi securedi
anytimei (Breachlock,i 4).i VPNi penetrationi testingi isi ai testi donei byi thei certifiedi expertisei ofi
penetrationi testingi companyi toi findi thei vulnerabilitiesi ini thei network.i Ini thei processi ofi testing,i
testeri pretendsi toi bei ai professionali employeei andi exploitsi thei vulnerabilitiesi ofi organization’si
network.i Thei effecti ofi penetrationi testingi oni VPNsi isi thati thei corporatei networki becomesi
vulnerablei toi hackersi ini thei futurei (Author,i 2).i Researchi showsi thati VPNi hasi beeni usedi byi
businessesi andi employeesi toi sendi datai securelyi fromi theiri computersi usingi publici ori homei
networks.i Thisi meansi VPNi playsi ai vitali rolei ini ensuringi digitali securityi andi privacy.i Eveni
thoughi iti hasi ai rolei fori security,i VPNi providersi cannoti givei clientsi guaranteei ofi security.i Onei
day,i VPNi mayi bei thei pointi ofi hijackingi andi datai breaches.i Toi ensurei morei guaranteei ofi
security,i ini myi opinion,i therei shouldi bei applicablei lawsi oni VPNsi thati cani bindi VPNi providersi
soi thati VPNi providersi takei responsibilityi ofi securityi andi privacy.i Ii think,i ini U.S.i therei isi ani acti
calledi Computeri Fraudi andi Abusei Acti (CFAA)i ifi implementedi oni VPNi cani protecti privacyi ofi
computers'i datai (Cole,i 5).i i Thisi lawi mayi alsoi preventi penetrationi testeri toi standi ini thei positioni
ofi hackersi andi otheri attackersi simplyi noti toi takei advantagesi oni thei weaknessi ofi interneti ofi anyi
organizations.i
i
Sources
1.i Waynei Rash.i 2020.i Youri VPNi Mayi Bei Youri Greatesti Securityi Riski Duringi COVID-19.i https://www.forbes.comi >i
sitesi >i waynerashi >i 2020/06/17.
i
2.i Guesti Author.i 2020.i VPNi Securityi Risks:i Besti Practicesi fori 2022i |i eSecurityi Planet.i
https://www.esecurityplanet.comi >i networksi >i vpn-sec....
i
3.i Timi Mocan.i 2019.i Thei Topi 8i VPNi Securityi Risksi (i Whati toi Looki Outi for).i https://www.cactusvpn.comi >i Blog.
i
4.i Breachlock.i 2021.i VPNi penetrationi testingi explained-i BreachLock.i https://www.breachlock.comi >i -penetration-
testing-....
5.i Beni Cole.i 2012.i Computeri Fraudi andi Abusei Acti (CFAA).i https://searchcompliance.techtarget.comi >i definitioni
>i The....
Students also viewed