VPN Replacement Technologies
a). VPN Replacement Technologies
The first way to replace the private network is to have a leased line which is also known as the dedicated line. The leased line is a network which connects more than one locations for the purpose of private voice and also used for communication of data in tele-communication service [14]. The leased line is connected as reserved circuit that is connected between a point to another. The lines are always considered as active lines and can be available for a monthly amount. Instead of using the private network, leased lines can be used for short as well as long distances. The leased lines maintains open circuit signal, on the other hand the virtual networks uses same lines for transferring different conversations by the process of switching [22]. The process of leased lines are used by organizations who needs to connect their branch offices as the lines provides a bandwidth that is guaranteed for transferring the data between two location.
There is another way to replace the virtual network is using the DirectAccess method. The DirectAccess method allows all the remote users to access file share internally, web site share,
and also helps to share the application without being connected to Virtual Private Network (VPN) in a secured way [15]. The internal network of DirectAccess is also known as the intranet or the private network. This network establishes a connectivity which is bi-directional with internal network in a computer system to connect to Internet before the user has logged in. when the systems are not connected to the virtual network, the administrators of IT can also manage the computers remotely without being in the office [16]. A direct infrastructure can be setup in DirectAccess management by the following procedures:
- The client’s system have to be specified which use DirectAccess. This is done by selecting the group of security in which they lie on.
- The network adaptors are to be configured on server of DirectAccess which are connected on internal network and Internet.
- The location of the internal website is configured to determine the client’s system of DirectAccess when the users are located on internal network.
- The DNS (Domain Name Service) is to be configured.
- Optional authentication is to be identified by application servers.
b). VPN Security Issues
There are many security issues in the virtual network. The systems that are connected with VPN can be hacked by the hackers. The attacker can attack the system by exploiting the bugs and misconfigure the system of the client. There are many hacking tools that are used by intruders to hack the systems connected to a virtual network [17]. VPN hijacking and middleman attacks are attacks that are used by attackers to get access of the VPN systems. VPN hijacking is a process in which the control of the VPN network is taken over by an unauthorized user from the remote user showing that the attacker is the real user. The middleman attack is the attack which mainly attacks the traffic that are send between the communicating parties and also include insertion, deletion, interception and also changes the data and then reflects back the messages to the senders.
Leased Line
The issues can also arise from the user authentication in the VPN network. The network of does not give the users a strong authentication [18]. A connection of VPN should have a user authentication technique in them. Most of the VPN networks have limited methods of authentication. This provides the user facing a difficulty in security.
The VPN also has a risk on the client side when the users use the network in their homes. Users may have connection via a broadband or can have connection over the VPN network by using split tunneling. The system of the client can also have connection with some other machines which does not have security implications. This is a risk to virtual private network. There can also be connection with laptop or other mobile users [19]. The protection for security in the VPN machine is a risk to the users.
There can be a risk of connecting the system of the client because the system of the client may be infected by some malware. If the clients system is infected by a spyware or a virus, then the password of the VPN connection can be leaked
to the attacker who might attack the network. The VPN network does not provide security for this risk [21]. The virus gets spread quickly by the virus or the worm is the intranet or the extranet is affected by the spyware or malware.
There can be many security process that can be taken while dealing with a VPN connection [20]. The following steps shows the processes that can be followed while deploying a Virtual network.
- The connection of VPN can be made strong by using the firewall in the network.
- An Intrusion Detection or Prevention System can be used so that the attacks can be monitored effectively.
- The system connected to VPN network should have an anti-virus installed in them for the prevention of spreading of virus.
- Unmanaged or unsecured systems with no authentication can be allowed for making the connection of VPN in internal network.
- Auditing and the logging functions can be used to record the network connections who use unauthorized access or attempts to get access.
- The administrator of the network security and the supporting staffs have to be trained so that they can ensure the best security practices and follow the policies that are best for the connection.
- There should be appropriate security guidelines and policies for the network of VPN and it has to be distributed among all the parties who use the connection.
- There should be restrictions on the unnecessary access of the internal networks.
VPN is known as Virtual Private Network. VPN is needed to combine all the traffics of network are held inside a tunnel which is private as well as encrypted when it is connected to public internet [1]. The user cannot reach to its destination without reaching to the end of VPN tunnel. Virtual Private Networks are very important for the reason that they can be used as a private and encrypted network to anonymize the internet traffic. No one can see what is present inside the VPN, even the ISPs, hackers of wireless network, and governments get to know about what is in the network of VPN.
There are many reasons to use VPN in an environment. A user of mobile who mainly access the information from a different work server may get the credentials of VPN for logging in the server so that they can get the access of all important files. There are many types of VPN which includes site-to-site VPN, intranet VPN, and extranet VPN. The site-to-site VPN is a local area network which is joined or is connected to other different LANs [2]. The most common way to use a VPN is by hiding the traffic of internet from the agencies which mainly gather the information which includes ISPs, governments, and websites. The user who mainly obtains the files in an illegal way uses the
VPN when they wanted to access the material that is copyright through different websites.
There are many protocols that are used by Virtual Private Network. The protocols are mainly used to encrypt the users and also corporate the data. The protocols that used are IP security (IPSec), Secure Socket Layer (SSL) or TLS (Transport Layer Protocol), PPTP (point to point tunneling protocol), L2TP (Layer 2 Tunneling Protocol), and Open Virtual private Network. The most common of all the types of VPN are site to site VPN and remote access VPN.
Remote access VPN– The remote access of VPN basically uses an infrastructure of tele-communication such as internet so that they can provide the remote users with a secure access to network of their organization. This is important when the employees of the company are working on a public hotspot or may be some other avenues that are public and then connect in the corporate network [3]. The client of the VPN especially on the user of a remote system or may be on some mobile devices get a connection to the VPN gateway on the network of the organization in which the client is working. Devices are required by the gateway so that they can authenticate their identity. After that the gateway creates a link of network back to device allowing the signal to reach on the internal resource network such as printers, intranets, and file servers locally. The diagram shows the working process of remote access VPN.
References:
- Harmening, James T. “Virtual private networks.” In Computer and Information Security Handbook (Third Edition), pp. 843-856. 2017.
- Rao, Umesh Hodeghatta, and Umesha Nayak. “Virtual Private Networks.” In The InfoSec Handbook, pp. 245-262. Apress, 2014.
- Abdelaal, Ayman EA, Fathi E. Abd El-Samie, and Moawad I. Dessouky. “A Diffserv-Aware Multi-Protocol Label Switching Traffic Engineering Applied on Virtual Private Networks.” Networking and Communication Engineering6, no. 7 (2014): 279-285.
- Zhang, Qiaoyan, Chongfu Zhang, Wei Jin, and Kun Qiu. “Enabled scalable and privacy wavelength division multiplexing-radio over fiber system based on optical virtual private networks.” Optical Engineering53, no. 6 (2014): 066105-066105.
- Choffnes, David. “A Case for Personal Virtual Networks.” In Proceedings of the 15th ACM Workshop on Hot Topics in Networks, pp. 8-14. ACM, 2016.
- Niemiec, Marcin, and Petr Machnik. “Authentication in virtual private networks based on quantum key distribution methods.” Multimedia Tools and Applications75, no. 17 (2016): 10691-10707.
- Rossberg, Michael, Michael Grey, Markus Trapp, Franz Girlich, and Guenter Schaefer. “Distributed monitoring of self-configuring Virtual Private Networks.” In Integrated Network Management (IM 2013), 2013 IFIP/IEEE International Symposium on, pp. 1080-1081. IEEE, 2013.
- Conti, Mauro, Arbnor Hasani, and Bruno Crispo. “Virtual private social networks and a facebook implementation.” ACM Transactions on the Web (TWEB)7, no. 3 (2013): 14.
- Moreno-Vozmediano, Rafael, Ruben S. Montero, Eduardo Huedo, and Ignacio M. Llorente. “Cross-Site Virtual Network in Cloud and Fog Computing.” IEEE Cloud Computing4, no. 2 (2017): 46-53.
- Hoy, Jeffrey Robert, Sreekanth Ramakrishna Iyer, Kaushal Kiran Kapadia, Ravi Krishnan Muthukrishnan, and Nataraj Nagaratnam. “Dynamically defined virtual private network tunnels in hybrid cloud environments.” U.S. Patent 9,571,457, issued February 14, 2017.
- Asati, Rajiv, Mohamed Khalid, Sunil Cherukuri, Kenneth A. Durazzo, and Shree Murthy. “Integrating service insertion architecture and virtual private network.” U.S. Patent 8,650,618, issued February 11, 2014.
- Ferris, James Michael. “Extending security platforms to cloud-based networks.” U.S. Patent 8,977,750, issued March 10, 2015.
- Shokhor, Sergey, and Andrey Shigapov. “System and method for dynamic policy based access over a virtual private network.” U.S. Patent 8,560,709, issued October 15, 2013.
- Chawla, Deepak, and William R. Beckett III. “Methods, systems, and computer program products for providing a virtual private gateway between user devices and various networks.” U.S. Patent 9,021,251, issued April 28, 2015.
- Giniger, Michael L., and Warren S. Hilton. “Automated operation and security system for virtual private networks.” U.S. Patent Application 13/930,927, filed June 28, 2013.
- Yu, Shunjia, Anoop Ghanwani, Phanidhar Koganti, and Dilip Chatwani. “Flooding packets on a per-virtual-network basis.” U.S. Patent 9806906B2, issued October 31, 2017.
- Kermarec, Francois, Marc Lamberton, Michael Tate, and Eric Mouque. “Methods of establishing virtual circuits and of providing a virtual private network service through a shared network, and provider edge device for such network.” U.S. Patent 9,065,680, issued June 23, 2015.
- Williams, Brandon O., Martin K. Lohner, Kevin Harmon, and Jeffrey Bower. “Virtual private network (VPN)-as-a-service with delivery optimizations while maintaining end-to-end data security.” U.S. Patent 20150188943A1, issued December 2, 2014.
- Dorfman, Scott, Anthony M. Spinelli, and Umesh S. Chhatre. “Virtual private network based parental control service.” U.S. Patent Application 14/728,713, filed June 2, 2015.
- Theodoro, Luiz Cláudio, Pedro Macedo Leite, Hélvio Pereira de Freitas, Adailson Carlos Souza Passos, Joao Henrique de Souza Pereira, Flávio de Oliveira Silva, Pedro Frosi Rosa, and Alexandre Cardoso. “Revisiting Virtual Private Network Service at Carrier Networks: Taking Advantage of Software Defined Networking and Network Function Virtualisation.” ICN 2015(2015): 84.
- Lospoto, Gabriele, Massimo Rimondini, Benedetto Gabriele Vignoli, and Giuseppe Di Battista. “Rethinking virtual private networks in the software-defined era.” In Integrated Network Management (IM), 2015 IFIP/IEEE International Symposium on, pp. 379-387. IEEE, 2015.
- Hegde, Vikas, Santosh Pallagatti Kotrabasappa, and Chandrasekar Ramachandran. “Application-specific connectivity loss detection for multicast virtual private networks.” U.S. Patent 9,071,514, issued June 30, 2015.
- Bennacer, Leila, Yacine Amirat, Abdelghani Chibani, Abdelhamid Mellouk, and Laurent Ciavaglia. “Self-diagnosis technique for virtual private networks combining Bayesian networks and case-based reasoning.” IEEE Transactions on Automation Science and Engineering12, no. 1 (2015): 354-366.
- Brendel, Juergen, Christopher C. Marino, Patrick Amor, and Pritesh Kothari. “Fully distributed routing over a user-configured on-demand virtual network for infrastructure-as-a-service (IaaS) on hybrid cloud networks.” U.S. Patent 8,660,129, issued February 25, 2014.
- Hoese, Geoffrey B., and Jeffry T. Russell. “Storage router and method for providing virtual local storage.” U.S. Patent 9785583B2, issued October 10, 2017.
- Cheng, Joseph, Zahid Hussain, and Tim Millet. “Hardware-accelerated packet multicasting in a virtual routing system.” U.S. Patent 8,644,311, issued February 4, 2014.