Is our data secure on the internet or is confidential information that we upload at risk on the internet?
The answer is YES it is at risk.
Over the years, this issue has been proven many times over. Millions of companies per year have the horrible experience of having their confidential data stolen.
Using sniffing methods, hackers can easily steal any personal data over the internet, it is not easy to do of course but by hijacking a BGP session an expert can get into your ISP and start a “man in the middle” attack.
One solution to help minimise your chance of being hacked is called a lease line; a dedicated lease line reduces the risk as it is not a shared line like most other internet connections. Instead the line is a dedicated, 24 hour service from the provider to the customer, however there is one problem, it is extremely expensive.
Dedicated line is used most often by financial companies and large firms that have highly confidential data traveling though their offices via the internet.
In order for all companies to have data security, integrity and encryption for a much cheaper price, new VPN technology has been invented.
There are 2 main types of VPN:
- A site-to-site where data is encrypted from the gateway of one network and it’s decrypted at the other end which ensures your data traveling through the internet is secure.
- Remote access VPN, that that allow client machines (staff computers) outside of the company to establish a secure connection with the companies VPN Gateway, to ensure that data travelling through the internet is also secure.
What does a VPN offer users?
Let’s take the IPSec:
There are many security protocols that have been developed for VPN, each one offering a different level of security.
The most frequently used method to secure two or more networks between them is IPSec.
IPSec (IP Security): operates in 2 modes, transport and tunneling, while the first one encrypts the data package message itself while the tunneling mode encrypts the entire data package.
The L2TP (Layer 2 tunneling protocol) / IPSec: Since L2TP doesn’t offer encryption, it is combined with IPSec to increase the level of security. L2TP generates the tunnel and IPSec handles the encryption.
SSL (Secure Socket Layer) and TLS (Transport Layer Security): These 2 protocols are operate on and are used to extend the security of online services. An HTTP based SSL connection can be seen as HTTPS, an FTP protocol with SSL or TLS is also known as FTPS or FTP-SSL. These connections are exchanged after the SSL handshake with digital certificates, encryption keys and authentication of the session in order to create a secure connection.
PPTP (Point-to-Point Tunneling Protocol): PPTP protocol has been used since the mid 90’s and can be used with Windows OS’s since Windows 95. Similarly to L2TP, PPTP does not encrypt the data, it only encapsulates the data package, however there are other protocols that can handle the encryption such as GRE or TCP.
SSH (Secure Shell): This protocol creates both the tunnel and the encryption, this is to allow the data to be transferred securely through the internet, one example of the use of SSH is in conjunction with telnet; telnet uses unencrypted (clear text) data, with an SSH session, the information is encrypted and delivered securely.
Today there are many services over the internet that they offer their own solutions, some of them are software only and some of them are combinations between software and a network technology (i.e. TOR).
VPN can be used from the network (router) to a mobile device (VPN Software), do you connect from a public wireless network to your personal accounts without using VPN or an SSL (HTTPS) service? Well if you do your data would is in danger. Using VPN on your laptop as a software connection gateway or using the HTTPS (SSL-TLS) method is much more secure.
Finally thanks to VPN, Data Confidentiality is a service that is available to all internet users.
Do these 2 technologies have any weaknesses? Yes, almost every technological development is subject to some weakness, but implementing it is sure to increase your general level of network security.
Now let’s see the security risk’s for these 2 technologies.
- Wiretapping at your office building – Physically connects to your communication equipment.
- Wiretapping at manholes thought which your leased line circuits pass– need an expert to know how to splice into fibre networks and figure out which fibre carries your data.
- The hacking of your leased line provider – Even if the hackers manage to take control of a PC on the LAN of your leased line supplier, turning that control into control of the routers through which your traffic passes is likely to be difficult, as it requires strong networking knowledge like to reconfigure a the main router to send the packets from your network to another network.
VPN Security Risks
- PPTP has a lot of well-known vulnerabilities
- SSL VPN – If they configured poorly it can be vulnerable to a “man-in-the-middle” attack.
- Non updated software on VPN appliances can have a lot of bugs on their software.
- Home network insecurity – The VPN is very often use by home users working remotely that their own laptops and or home network is not been patched correctly with result of security risk.