According to our textbook,Eective Cybersecurity: A Guide to Using Best Practices and
Standards, traﬃc securitu is based on the usual mechanisms for encryption and
authentication. All traﬃc should be encrypted and travel by secure means, such as
SSL or IP security (IPsec). Virtual private networks (VPNs) can be conﬁgured so that
all traﬃc between a mobile device and the organization's nwtowrk is via a VPN.
Some security/mitigation risks and assoicated with VPNs are as follows:
Insucient policies, traning, and awareness - wireless security controls must
include policies and user awareness training specically for wireless access which
include procedufres regarding uses of wireless devices and an understanding of
Access constraints - A wireless access point transmits, at regular intervals, a
signal containing is Service Set Identier (SSID). Countermeasures include
enabling device security features, change default settings, such as default SSIDs
set by the manufacturer, and track empliyees who have WLANs at home or at a
Rogue access points - Rogue access points are APs that users install without
coordination with IT. Access controls, encryption, and authetication procedures
enable IT to maintain control.
Trac analysis and eavesdropping - To counter this threat, it is necessary to use a
strong user authentication technique and to encrypt all trac.
Insucient network performance - Poor performance is due to an imbalance in the
use of access points, insucient capacity planning, or denial of service attack.
One way to mitigate this risk is to continually monitor network perforamce and
investigate any anomalies immediately.,
Hacker attack - Hackers attempt to gain unaurhorized access over wireless
networks. Intrusion detection systems, anti-virus software, and rewalls are
Physical security deciencies - This is in the domain of physical security. Subject
both the network devices and mobile devices to physical secuirty policies and
According to new research, from an attacker’s perspective, ﬁnding a VPN means
that they are close to a jackpot. It is easy to interpret for them that you are using a
VPN to protect your sensitive data. It is easy to overlook VPNs by presuming that
they are the most secure part of your network, and appear to be attractive targets for
attackers. Some reasons why VPN penetration testing is essential is because VPNs
provide a direct link to your organizational networks, your security controls must
prevent unauthorized individuals from accessing your data, and it helps you in
understanding how secure your remote access setup is (2021).
B. (2021, May 28).VPN penetration testing explained. BreachLock. Retrieved April 13,
Stallings, W. (2018).Eective Cybersecurity: A Guide to Using Best Practices and
Standards(1st ed.). Addison-Wesley Professional.