A VPN is a Virtual Private Network that allows a user to connect to a network over the internet in a safe and private manner by establishing an encrypted connection known as a VPN tunnel. The VPN tunnel is a secure channel through which internet traffic and other communications are routed.
Client-based VPNs allow a user to connect to a remote network via an application. In this situation, the application in use initiates communication and establishes the virtual private network. Starting the application to gain access to the secure connection requires username and password authentication and this creates an encrypted channel of communication between the computer and the remote network (Gutierrez, 2016). Client-based VPNs are implemented in operating systems of Windows, Mac, and Android and are simple to ensure the privacy of information.
Network-Based VPNs
Network-based VPN is a type of VPN that allows the user to connect to different networks through an unsecured network like the internet. This type of VPN is mostly adopted by companies that have various offices located in different geographical locations around the world and need to share information securely (Gutierrez, 2016). When sharing information between the different locations in an unsecure network using the network-based VPNs, the data is encrypted and sent in a secure manner to the destination.
Types of Remote Access Applications
IPsec VPN
IPsec VPN is a remote access technology which involves software being installed in the user’s computer and configured with information of the target network like the gateway IP address and pre-shared security key (Durkin, 2014). This technology enables the user to connect to the network securely through the firewall.
SSL VPN
SSL VPN is a type of remote access technology and means Secure Sockets Layer. This remote access technology uses encryption technology to provide security when sharing information on the internet. The SSL VPN requires publishing of the VPN client to the firewall for download through the public firewall connection (Durkin, 2014). The users then visit the site and install the SSL VPN client then they can download and configure the details for a secure on the internet.
Techniques to Subvert VPNs and Remote Access Security
Trick, No Treat
This is a technique used to subvert the SSL remote access whereby an SSL VPN user is tricked to accept and click on a website despite a warning being displayed at the end users computer. The trick, no treat technique is easy to launch and only requires the victim to accept a faulty certificate (Gregg, 2017).
Man in the Middle
Man in the middle is a technique used to subvert the SSL VPN which involves eavesdropping. The attacker creates independent connections with victim’s computer and relays messages to the server. With this connection complete, the attacker can manipulate and see the information on the client computer as well as the server (Gregg, 2017).
Heartbleed
Heartbleed is a technique used to subvert VPNs whereby malicious attackers exploit a bug to bypass authentication and fraud detection in a VPN. The heartbleed exploitation enables the hackers to gain usernames, passwords, and encryption keys of VPN (Goodin, 2014). Heartbleed exploitation can be used to steal private key of VPNs which are widely used in VPN applications and other software relying on open SSL versions by looking for session tokens of the target concentrator.
VPN Hijacking
VPN hijacking is a technique used to subvert VPNs whereby the malicious hacker takes over an established connection created by a remote client and impersonates that particular client on the network and may perform activities not authorized by the user (VPN Security, 2008).
Conclusion
In conclusion, it is evident that there are two different types of VPN which include client-based and network-based VPN’s. The types of remote access applications are such as IPsec VPN and SSL VPN. Even though VPNs provide security, several techniques can be used to subvert it such as the man in the middle, trick no treat, VPN hijacking, and heartbleed.
References
Durkin, N. (2014). Pros and Cons: 3 Types of Remote Access Methods. Retrieved from: https://blog.wsol.com/pros-and-cons-3-types-of-remote-access-methods
Goodin, D. (2014). Heartbleed maliciously exploited to hack network with multifactor authentication. Retrieved from: https://arstechnica.com/information-technology/2014/04/heartbleed-exploited-to-hack-network-with-multifactor-authentication/
Gutierrez, C, A. (2016). Types of VPN networks and how they work: do you know which kind to use? Retrieved from: https://www.welivesecurity.com/2016/07/07/types-vpn-networks-work-know-kind-use/
Gregg, M. (2017).Six ways hackers try to break Secure Sockets Layer-encrypted data. Retrieved from: http://searchnetworking.techtarget.com/tip/Six-ways-hackers-try-to-break-Secure-Sockets-Layer-encrypted-data
VPN Security. (2008). VPN Security. Retrieved from https://www.infosec.gov.hk/english/technical/files/vpn.pdf
