There are a couple of different security risks associated with VPN and users could
be attacked from both inside ot outside the network. Man-in-the-middle attacks are
one of the popular attacks associated with VPNs. This refers to when communication
between nodes is intercepted causing the addition, deletion, and other changes to
data. Users are also at risk of falling victim to VPN Hijacking attacks. This is when an
attacker gains control of the VPN and acts as if they were the user/client. There are
other risks that arise due to infections caused by malware as well as the lack of user
authentication. An organization could mitigate this risk by incorporating IPSec, which
provides encryption if data and authentication of its users. When it comes to
penetration testing there is a chance of customer information and security issues
being exposed. One concern about penetration testing is not monitoring ongoing
penetration causing you to not realize when an actual attack is taking place. Lastly,
VPNs are legal to use within the United States, however, there are some countries
that have laws in place that prohibit the use of VPNs in their countries such as
China, Russia, and Turkey.
Arun Kumar Singh, Shefalika Ghosh Samaddar, Arun K. Misra. March 2012.
Enhancing VPN security through security policy management. p. 137-
142.https://ieeexplore.ieee.org/document/6194494.
Jayanthi Gokulakrishnan, Dr. V. Thilasi Bai. September 2014. A Survey Report on
VPN & Its Technologies. p. 136-139.http://citeseerx.ist.psu.edu/viewdoc/download?
doi=10.1.1.643.7609&rep=rep1&type=pdf.
