1.
a. Literature Review
The main objective of the VPN technology is to provide the capabilities of a private leased secure lines that in the public networks while making it cost effective and more secure than public connection in the unsecured public networks. With this benefits there are some common issues that affects the security and the performance.
b. VPN fingerprinting: As opined by the Al Mhdawi (2016), with the use of the traditional VPN solutions it is possible to get the digital fingerprints of the VPN servers. Techniques such as Vendor Identity (ID) fingerprinting, UDP (User Datagram Protocol) back off fingerprinting, or similar other techniques. While this is not considered as a performance or security issue; even some of the VPN service providers does not consider as an issue by any means. When analysed this fingerprinting techniques it gives helpful data to potential hackers or the attackers. A few frameworks also uncover the general kind of used device information, such as “Cisco PIX”. In addition to that others exposes the product software/firmware details as well. In their papers, the authors Shahzad and Hussain (2013) described that Information of the devices to implement the VPN the details of the backdoors of these devices enables an attackers to focus on those flaws in order to intrude the VPN between the two points [6].
c. Storing authentication credentials insecurely: Numerous VPN solutions/programs offer to store a few or the greater part of the validation credentials such as username and the corresponding password for particular user, which is the default setting for a . While this makes the VPN easy to utilize it likewise presents security risks that, particularly if the accreditations are not very much ensured.
d. Man in the middle attacks: An unapproved machine begins blocking the correspondence between the hubs in the system and changes the substance of the information that is transmitted between them. The sort of changes includes expansion, erasure and alteration of information [5].
With the combination of the multiple private and public networks like the internet, the VPN helps the users to send and receive the data through public networks which are often unsecure. According to Kuroda (2017), even though the VPN is a cost effective for the users as well for the organizations which provides an efficient data transmission channel among the unsecured public networks, it also possess numerous vulnerabilities and risks that needs to be addressed such as Man in the Middle attacks and VPN hijacking. More over as mentioned by B?NU?? (2012), the due to the lack of user authentication, interoperability and infection of any one of the two points (sender and receiver) is infected by malwares or viruses then it is possible that the whole network is compromised by the attackers and may be able to steal the password of VPN.
Another issue in the VPN is the interoperability between the frame works
The two associating frameworks in the system ought to concur upon the security conventions utilized for the information transmission. The conventions executed by various sellers on the two sides of transmission may not generally be synchronized. This may increase the risks in the system.
Now there are multiple options available that can be used as the alternative that incorporates enhanced security features compared to the traditional VPNs. Some of these alternatives includes Microsoft’s DirectAccess, SoftEther VPN [7]. The DirectAccess by Microsoft helps the users to have internet connectivity when the client systems are connected with the internet. When compared to the traditional VPNs, the connection is initiated /terminated by the explicit action of the users, but the Direct Access is developed in such a way that the connection is automatically initiated whenever the users computers gets connected with the internet.
The DirectAccess utilizes the IPSec protocols to establish the tunnel as well as IPv6 to get the intranet resources for the clients. This technology encapsulates the data traffic over the IPv4 so that it can reach the clients using the internet [7]. The traffic is encapsulated in IPv4 data packets. DirectAccess does not need any kind of configuration to connect and send data over the VPN. As the IPv6 addresses are globally routable thus corporate network from an organization can easily initiate a connection to a client who have DirectAccess connection to manage the systems of the client.
2.Benefits of VPN
a. Increased geographic availability of resources: A VPN tunnel helps the user to connect different remote users to the centralised computing resources, making it easier to set up worldwide connections and operations on the remote system.
Scalability – A VPN enables organizations to use the remote access framework inside IPSs, henceforth organizations can for all intents and purposes include boundless measure of limit without including foundation.
b. Improved security to the transmitted data: At the time the client’s computer system to the web/internet makes these systems vulnerable against the attacks by the hackers or the intruders [2]. VPN connections incorporate firewalls and encryption measures to balance organize security risks.
Cost effective: VPNs are helpful in bring down expenses by dispensing with the requirement for costly and lengthy rented lines. A VPN needs just a generally short connection to the ISP (Internet service Provider). The association could be either a nearby rented line. VPN additionally diminishes cost by lessening the long-remove phone charges for remote access. VPN customers just need to dial up to the closest ISP’s Access point.
Issues
Virtual private systems administration requires modifications on the user’s computer system. By and large, VPN network providers require that client end software to be installed on the system [1]. Customer alteration and organization are effectively the main inhibitor to virtual private network administration development.
The absence of the maturity of virtual private systems administration technology, for the vendors and standards presents unexpected shortcomings. By and large, arrange security individuals see another innovation suspiciously and as it should be.
c. Due to the gateway devices used in the networks: With numerous private and public networks as some home systems, organization systems are isolated from the Internet by measures, for example, NAT intermediary firewalls and servers, number of IP addresses is restricted and security is supported [3]. Gadgets that lead this preparing are known as the network gateway devices. This network gateway devices are dedicated devices, on the other hand superior PC on which Linux and other server operating systems are installed.
However numerous traditional VPN conventions cannot convey by means of this system door gadget [6]. One purpose behind this is numerous VPN conventions headers of uncommon convention that is not normal TCP/IP convention might be included while typifying interchanging data packets. For instance a VPN convention called PPTP utilizes to a great degree minor convention called GRE (Generic Routing Encapsulation). Another protocol which is called L2TP besides requires utilization of IPSec, whereby a header is included in light of the fact that it is an IPSec data packet.
The greater part of traditional VPN protocol, for example, in these cases, on the grounds that VPN interchanges is acknowledged by an approach dissimilar to conventional TCP/IP association situated correspondence show, it can’t do VPN interchanges rising above in numerous arrange entryway gadgets, particularly NAT, all intermediary servers and firewalls [5]. Thusly when utilized, the larger part of regular VPN conventions require a worldwide IP deliver will be apportioned to both of the VPN association source client PC and a goal VPN server PC. Or on the other hand establishment of system passage gadgets can be modified so exceptional data packets can be handled.
In order to manage the security of the VPN connection it is important to follow the following rules so that the data through it can be secured.
At the point when effectively associated with the network, VPN will compel all movement to and from the PC over the VPN tunnel: all other data traffic must be dropped so that the data through the VPN can be transmitted without any interruption.
The VPN connection must be controlled utilizing either a one-time password confirmation, for example, like private and public key system, token devices etc.
All the Computer systems or work stations having connection with the intranet system through VPN or some other technology must utilize the most up to date antivirus applications that is of the corporate standard so that intrusion of malware infection into the VPN connection can be prevented.
VPN concentrator is restricted to a flat out association time of 24 hours.
Double tunnelling in the VPN should not be allowed; it is important from security perspective that only a single system at both the ends are permitted.
d. Use of IPsec for security
IPSec gives a structure to key management, confirmation and encryption; yet it does not shield an user or an organization from shortcomings specifically vendor’s executions. With for the most part next to no cryptographic skill at last client group, it is without a doubt more secure to take into account an appropriate time of market testing of a specific execution of a virtual private systems administration standard. Shortcomings have just been seen in Microsoft’s and Cisco’s virtual private systems administration executions and expect littler vendors that get less examination to capitulate to comparative unforeseen issues.
IPsec is collection of protocols that are important for securing Internet Protocol or IP communication (Data Transmission) by confirming and scrambling every IP data packets of an incoming and outgoing data stream. IPsec additionally incorporates conventions for building up shared validation between the two agents or the users toward the start of the session and exchange of the cryptographic keys to be utilized amid the session in the established connection. IPsec can be utilized to secure information streams between a couple of hosts (e.g. two servers or between the two user systems), between a couple of network gateways like the firewalls or switches, or between a security entryway and a host. ] A basic part of IPsec, is automated key administration current being utilized to consult in different IPsec operations, keying material and security suite necessities characterized in the VPN communication approach. IPsec includes a few interesting advances, a large number of which can be exceptionally confounded and open to elucidation, for example, IKE (the automatic key administration). Nonetheless, IPsec-particular operations, such as the utilization of security conventions, are genuinely direct and the execution alternatives, as to program key administration are what need to bed passed on.
e.SoftEther VPN
SoftEther VPN is considered as a VPN solution that offers flexibility, expandability as well as stability. This VPN solution is compatible with different latest available networks which requires to produce wide bandwidth as a result of high load.
SoftEther VPN is developed in such a manner that, it helps in tunnelling and encapsulating the communications and layer 2, in other words, to Ethernet [8]. At the point when SoftEther VPN is utilized, networking devices, for example, switching HUB, network adapter and layer 3 switch are acknowledged or realized by the use of the software, and by interfacing the passage called SoftEther VPN protocol in view of TCP/IP convention among them, the end users/clients can build easily adaptable VPN that was never conceivable with the used protocol that are introduced till now [5].
Figure 1: The working mechanism of SoftEther VPN
Compared to the old and legacy VPN controls, SoftEther VPN focuses on the layer 2 (Ethernet) for VPN connection between the two nodes [6]. As it were, with VPN which have focused on old layer 3, the encapsulated data packets moved through the established tunnel. In any case, with SoftEther VPN, it will epitomized Ethernet data packet stream to pass through the tunnel.
f. DirectAccess
For the users of the Windows operating systems, DirectAccess is an important feature the enables the availability to organizational network assets without the requirement for customary Virtual Private Network (VPN) [4]. With DirectAccess, customer PCs are continuously connected with the organization – there is no requirement for remote clients to begin and stop the VPN connections as is required with customary VPN.
From a client’s perspective DirectAccess is a totally programmed VPN connection that rearranges getting to corporate LAN administrations from wherever they need to connect to the organization or to the other clients.
In order to connect to the remote client it is important to use client transition protocols so that the IPv4 and IPv6 addresses can be mapped appropriately [6]. Some of them are discussed below,
IP-HTTPS- This protocol uses standard protocols and ports. Earlier servers/clients used double encryption for the data traffic such as IPsec & SSL/TLS. In the later versions such as in windows 8 or later uses null encryption technique in order to solve the double encryption issue.
Teredo: This protocol Utilizes UDP on the port 3544 in order to encapsulate IPv6 packets in IPv4 packets. This protocol supports the mapping of the client behind a NAT device. On the other hand this protocol is unable to detect server behind NAT [9]. This protocol requires Server that are configured with two successive public IPv4 addresses.
6to4: This transition control protocol uses protocol 41 in order to encapsulate the IPv6 Data packets in IPv4 data packets. This protocol does NOT function when the client or the server are covered or hidden under a NAT device [2]. In this scenario, it is important that both server and client must have public IPv4 addresses.
g. Future Work
As there are still research and development is going in the field of the VPN technology that may address the weaknesses of the legacy VPN solution and the related security issues. In future it is possible that the fusion of the some of the tunnelling and encryption protocols may be able to meet the security and performance requirements of the users. In addition to that the scaling of the VPN, careful attention must be paid to all three key security technologies as well as the question of load balancing of the application. However, management of encryption and automated access control management are the two most critical considerations for scalability.
Conclusion:
In the present scenario with the development of the internet technology, the issue of the safe and secure transmission of data between the different users or systems needs to be addressed for the sake of user’s privacy and security of important data. With the use of the traditional VPN solutions it was addressed partially as these solutions suffered from different drawbacks. Different section of this report, comprises discussion on the use of the vulnerabilities found in legacy or traditional VPN . The alternative technologies such as DirectAccess by Microsoft, Soft Ethernet which can replace and can be utilized by the users to secure data. While discussing the features of the technologies we also provided a brief comparison between them so that drawbacks and benefits can be decided for each of them.
When investment in the right infrastructure of the VPN is considered, most of the people gives more preference to the hardware and software aspects of the system to implement the VPN. The idea of strengthening the security measures are often ignored. Security is considered as one of the most commonly forgotten investment aspect. It is also an aspect that is difficult to measure. One can never be contented with the security that has been imposed. With the advent of technology, more chances for security breaches are discovered, which leads to the need for tightening security loopholes. A simple security breach can cost millions to a company or an individual.
In the era of the internet, security and privacy are the greatest concerns. A Virtual Private Network or VPN is one such network, which enhances one’s online privacy and security. The VPN service providers provide an encrypted connection to scramble the data that is transferred over that network. This prohibits outsiders from reading the data by breaking into the network as an intermediary (Man in the Middle Attack). VPN extends the access of a private or restricted network across a public network. This enables the internet users to receive and send data across multiple public or shared networks. This network system creates a make believe environment as if the users are directly connected to the secured or private network. The VPN also hides all browsing records from the Internet Service Provider (ISP) as well. However, the VPN Service Provider is now aware of the data usage and transaction. Therefore, it is best recommended to view VPN as a model for security and not for anonymity.
However, over the time users of VPN has encountered certain issues with the system. Congestion, latency, fragmentation, and packet loss have been a major issue with the VPN system. Other bottlenecks include difficulties with compliance and troubleshooting VPN errors [8]. Several users have complained about their VPN connections being rejected and at times the authentication process getting too complex to manage. Drop in the traffic due to encryption failure is another noticeable problem. When the security gateway at the receiver’s end is expecting an encrypted packet, but it receives an unencrypted one or the vice versa, the traffic system crashes. Other problems include the lack of repeating patterns, the requirement of high availability for VPN connections and it being more bandwidth-intensive than any normal clear-text transmission [5]. There is also an added difficulty with regards to the aspect of platform friendliness. In infrastructures, which are incompatible and obsolete to install or run legacy VPN systems, the cost can rise dramatically. It has high requirements of additional software and hardware components. Other expenses include high-cost licensing and other additional investments.
With the increase in difficulties faced in the traditional or legacy VPN technology, several attempts have been made to replace it with some modern approach. Microsoft Direct Access is one of the newly invented technologies that aim to replace the classic VPN solutions. It was first launched in 2008 but was discarded by the tech society due to its enormously complex functionality. Later in 2012, after the release of the Windows Server 2012, the requirements were not much complicated any more. This made the technology rise up to its fame. Unlike the legacy VPN connections that are bound to be initiated and terminated only by explicit user action, the Microsoft’s solution through their Direct Access connections proved to be fruitful. No sooner does the user connect to the internet, Direct Access is automatically connected. It also provides a more user-friendly way of operation in comparison to the legacy VPNs. Another commonly used replacement technology is the SoftEther or Software Ethernet VPN. It is considered as the world’s strongest multi-protocol VPN. It is easy-to-use and can be run on any Operating System platform. It has more ability and better performing credibility than any Open or Legacy VPN technologies, and hence it is preferred more in the recent times [1]. Network analysts predict that products, which are based on the SSL VPN technology, will replace traditional IP Security Protocol VPN as a permanent remote-access solution.
This report aims at surveying all the above mentioned aspects of the Virtual Private Network technology, covering every minute details about the troubles faced in using the legacy VPN technologies and sorting out the feasible technologies that can replace the same. A literature review is to be conducted in order to throw light on the works of various diligent in this field. The literature review would help in the better understanding of the topic and help in enriching the report. Further, the difficulties that are being faced on using the legacy VPN technologies are to be discussed with detailed explanation for each. Then, the replacement technologies shall be highlighted alongside explaining their advantage over the legacy VPN technology systems. Lastly, the scope of improvement in the field of VPN technologies will be elaborated for further study opportunities on the topic.
References:
[1]K. Grewal and R. Dangi, “Comparative Analysis of QoS VPN Provisioning Algorithm on Traditional IP based VPN and MPLS VPN using NS-2”, International Journal of Computer Applications, vol. 48, no. 1, pp. 43-46, 2012.
[2]R. Malik and R. Syal, “Performance Analysis of IP Security VPN”, International Journal of Computer Applications, vol. 8, no. 4, pp. 5-9, 2010.
[3]”QOS Capabilities for Building MPLS VPN”, International Journal of Science and Research (IJSR), vol. 5, no. 5, pp. 2247-2251, 2016.
[4]T. Kuroda, “A combination of Raspberry Pi and SoftEther VPN for controlling research devices via the Internet”, Journal of the Experimental Analysis of Behavior, vol. 108, no. 3, pp. 468-484, 2017.
[5]V. Perta, M. Barbera, G. Tyson, H. Haddadi and A. Mei, “A Glance through the VPN Looking Glass: IPv6 Leakage and DNS Hijacking in Commercial VPN clients”, Proceedings on Privacy Enhancing Technologies, vol. 2015, no. 1, 2015.
[6]B. B?NU??, “Security Technologies Implemented in MPLS VPN Networks”, International Journal of Information Security and Cybercrime, vol. 1, no. 2, pp. 9-16, 2012.
[7]A. Shahzad and M. Hussain, “IP Backbone Security: MPLS VPN Technology”, International Journal of Future Generation Communication and Networking, vol. 6, no. 5, pp. 81-96, 2013.
[8]M. Pólkowski and D. Laskowski, “Analysis Of MPLS VPN Resistance To External Threats”, Journal of KONBiN, vol. 35, no. 1, 2015.
[9]A. Al Mhdawi, “A Design Analysis of MPLS VPN Core Architecture and Network Downtime Impact”, International Journal of Engineering Trends and Technology, vol. 33, no. 3, pp. 130-133, 2016.
[10]?. ?, “Research on MPLS/BGP VPN Full Connection Network”, Computer Science and Application, vol. 07, no. 08, pp. 722-728, 2017.
Essay Writing Service Features
Our Experience
No matter how complex your assignment is, we can find the right professional for your specific task. Contact Essay is an essay writing company that hires only the smartest minds to help you with your projects. Our expertise allows us to provide students with high-quality academic writing, editing & proofreading services.
Free Features
Free revision policy
$10Free bibliography & reference
$8Free title page
$8Free formatting
$8How Our Essay Writing Service Works
First, you will need to complete an order form. It's not difficult but, in case there is anything you find not to be clear, you may always call us so that we can guide you through it. On the order form, you will need to include some basic information concerning your order: subject, topic, number of pages, etc. We also encourage our clients to upload any relevant information or sources that will help.
Complete the order form
Once we have all the information and instructions that we need, we select the most suitable writer for your assignment. While everything seems to be clear, the writer, who has complete knowledge of the subject, may need clarification from you. It is at that point that you would receive a call or email from us.
Writer’s assignment
As soon as the writer has finished, it will be delivered both to the website and to your email address so that you will not miss it. If your deadline is close at hand, we will place a call to you to make sure that you receive the paper on time.
Completing the order and download