VPN Vulnerabilities

Today’s VPNs can provide a secure point-to-point tunnel between two devices, an origin and a destination. The level of security across a VPN is largely dependent upon the type of encryption that is used to encapsulate the transmission. Key issues with traditional VPNs:

· Discoverability: VPNs typically connect an ingress point to an egress point, and are static and easily discoverable. As a result, it is possible for an adversary or interested party to detect the presence of a VPN link and obtain intelligence related to the existence of a link between the ingress point and the egress point, even if the traffic itself remains encrypted.

There are well known vulnerabilities in the most popular VPNs, which result in users having a false sense of security.

 

· Network topology changes: To alter the topography of a traditional VPN (i.e., change the egress point), the existing link is “torn down” and a new VPN is established. This process results in a break in traffic exchange, and the establishment of a new VPN can consume significant network overhead and take a significant amount of time to restore communications. Moreover, users and/or administrators associated with the origin and/or destination computer devices have little or no control over the physical and/or virtual path the VPN tunnel takes across the cloud(s).

As a result, most users fail to alter the network topology of their VPN once established, making them a static target for attack. 

 

· Latency/Performance: Traffic sent across VPNs or implemented in a cloud applying traditional network virtualization techniques will typically take an unpredictable and/or varied path through the physical and/or virtual infrastructure. As a result, traditional VPNs have inconsistent latencies as two packets traversing a VPN implemented across a virtual network may take different routes and may arrive out-of-order.

Many users will elect not to use VPNs when performance matters, which is often when they need them the most.

 

· TOR: The Onion Router (TOR) allows a user to surf the Internet with some degree of anonymity by obfuscating the path between the origin and the destination. TOR clients and nodes maintain a list of participating TOR nodes in a routing table that is updated via network broadcasts. TOR clients then select a path between the origin and destination by randomly selecting multiple routing nodes from the list. TOR, however, does not allow a client or administrator to select a path through the TOR network. TOR operates by broadcasting a node list so that each client and node remain up-to-date.

As a result, an adversary or interested party can recognize the use of TOR and take advantage of well-documented TOR vulnerabilities. 

 

The NetAbstraction patents allow us to provide dynamically shifting VPN routing that enables a user and/or administrator to control the routing and select the path through the network that:

o   Improves privacy by protecting the location and identity of our customers;

o   Improves network performance by providing a consistent path for our customers; and

o   Improves security by not broadcasting information in order to set up a connection.

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *