Cross Identity: Converged IAM Solutions for Enhanced Security

Official Blog

How Secure is Your VPN?

vpn security

Thanks to ever-growing technologies and the ubiquity of the internet, employees are always connected to the organization even if they work remotely. However, as a common practice, most remote employees connect to public Wi-Fi when they are on-the-move, and this may not be the best practice concerning the security of the data available to them.

Therefore, to mitigate the security risks attached to using a public Wi-Fi or unsecured internet, organizations are encouraging remote employees to connect to a VPN (Virtual Private Network).

What is a VPN?

Virtual Private Network encrypts and secures information or data that is transmitted on private or public networks. With a VPN, an employee can work on critical data without apprehensions about the data being stolen or compromised. Essentially, a VPN is built to:

Mask your IP address and location: Sometimes, all a threat actor needs is your IP address or location to get access to all the information. VPN spoofs your IP address by directing you from public Wi-Fi to a new gateway and shows that you are in a different location and masks where you are operating from.

Streamline your internet traffic: VPN creates a private tunnel within the public network. All the information being transmitted on the public Wi-Fi is directed to this private tunnel such that only you can operate it.

Encrypt your data: As the information enters the private tunnel on a VPN, it is always encrypted before it is sent across on other networks, making it impossible for a malicious actor or a bot to decode it.

However, given the rate at which cybercrimes are growing, no connection is completely secure. When you can question the security of public networks, you may rightly question the security of your VPN too.

How secure is your VPN?

The fundamental problem with public Wi-Fi is that anyone can eavesdrop on your online activity and get access to all your sensitive information.

According to Justin Jett, director of audit and compliance at Plixer: “Unless businesses created multiple VPN profiles that restrict access to individual network resources, a VPN connection can allow carte blanche access to every network resource that would normally be available to users on the physical network”

When the RSA data breach happened, questions regarding the security of VPN begin to arise as hackers stole the private key used to generate all of RSA’s Secure IDs to penetrate organizations that used Secure ID through their VPN, most notably stealing confidential information.

Therefore, the security of your VPN can be checked against the following parameters:

Security Protocols: There are different types of VPN protocols- IPSec, Layer 2 Tunneling Protocol, Point-to-point Tunneling protocol, Secured Socket Layers, etc. It is imperative to choose the one that best suits your security requirements. Your business may have sensitive data in volumes, if a weak protocol is chosen to protect such data, hackers can easily break into the VPN server and the corporate intranet.

Servers: If your server is frequently down or slow on the speed you may not get full advantage of VPN; your data may not be as private as you think. It becomes very easy for a cybercriminal to break into a server that is prone to connectivity problems all the time.

Configuration: Is the VPN service you opt for completely reliable? The way a VPN is configured plays an important role in mitigating cybercrimes. If you are connected to a weakly configured VPN, you are making the hacker’s job a lot easier. According to Fausto Oliveira, principal security architect, Acceptto, “It is not enough to trust the security of the endpoint. My advice is to use defense-in-depth to help keep your information secure and continue to raise the level of effort required for an attacker to be able to exploit this type of vulnerability.”

Encryption: Undeniably, encrypted data is a lot safer — however, the level of encryption used by the VPN network matters. With a basic encryption system, the data is always prone to vulnerabilities. Therefore, the encryption level used on the VPN should be according to industry standards.

Once you have a thorough check on your VPN’s security, you can establish if your VPN is indeed secure enough or you need to implement better VPN security best practices; we’ve listed some of them:

VPN security best practices

Military-Grade Encryption

It is a 256-bit, advanced encryption standard (AES) established by the U.S. National Institute of Standards and Technology in 2001; this augments the security of your data to a very high level. Military-grade encryption is used as an encryption standard by governments, banks, and financial institutions. In fact, according to an interesting theory, a hacker would need billions of years to decrypt an AES!

Kill Witch

Enabling a Kill Witch will leave your IP address or location unexposed should your VPN fail to connect. In case you disconnect from VPN, your connection is switched off instantly; you will not be directed to the public network that makes your data vulnerable to cybercrimes. So, with a Kill Witch, you are either connected to a secure network or not connected at all.

Leak Tests

Check for the following leaks:

DNA leaks: Domain Name System (DNS) is responsible for translating website names to IP addresses. If there is a DNA leak, your IP addresses will get exposed.

IPv6 leaks: IPv6 is an internet protocol, operating outside VPN, an attacker may use it to decode your identity.

WebRTC leaks: WebRTC is a protocol allowing connected devices to communicate with each other by transmitting IP addresses, and WebRTC leaks may disclose the user’s location.

So, ensure that your VPN has enabled controls to detect these leaks, if not, you may want to enable them manually.

Context MFA

Multi-Factor Authentication is a layered authentication technique that verifies two or more independent sets of credentials before granting access to the system. Opting for MFA as an authentication standard for VPN adds an extra layer of security to the network, making it almost impossible for an attacker to cross multiple security barriers.

Cross Identity’ Context MFA forms a robust authentication mechanism with Password, Challenge-Response, Email / SMS OTP, Soft Tokens, and Biometric. It gives enterprise-level security to your VPN.

Every network – public or private, is vulnerable to cybercrimes at some level. However, this certainly does not mean you should stop working remotely. Have a quick check on the security of your VPN, take necessary measures in securing the same, and you are good to go!

Leave a comment