Discuss about the various difficulties and drawbacks of using a legacy VPN and why such VPN is becoming obsolete in this age.
A virtual private network or VPN is needed when a user wishes to create a highly secure connection between the user’s client machine and a private network that is in most cases the private network of an organization over the public domains of the Internet [1]. A VPN can help in connecting an employee’s personal computer to its company network or it can even help in connecting two offices of the same company located at different locations. The mechanism is quite simple. Every IP packets are sent through a secure virtual network, also known as a tunnel. These packets are encrypted and further encapsulated inside a different IP packet. The outer IP packet has two addresses designated to it, the source and the destination IP addresses of the designated end-points of the VPN tunnel. These addresses are different from the addresses designated to the actual IP packets. Different companies for internal communication mostly used a VLAN network. A VLAN network is faster than a VPN network but the high levels of encryption makes a VPN network more secure. The different IP addressing system makes a VPN network universally usable across different networks. A legacy VPN suffers from various problems such as congestion of traffic, high latency, packet loss and many other issues. These issues deem a traditional VPN unable to perform to the required standards. In this digital age, network speed is of utmost priority. Various software and applications have a very high network requirement. Companies use different software for real-time communication. Thus, if a VPN will work as an intermediary between the communications of the two users, they will encounter huge amount of lags in their conversation. VPN has high latency issues due to the encryption and the encapsulation steps. There are different software that used by an enterprise collectively known as enterprise application software (EAS). The EAS requires a high-speed network. Thus, using traditional VPN for such purposes will produce negative results, as fast operations are more desirable than security for most corporations. The report also discusses the troubleshooting problems of a legacy VPN. Routing traffic is more complex in a virtual network [2]. The traffic is encrypted for security purposes but such traffic can never be compressed for high distance transfer. Traditional VPN also lacks pattern-repeating capabilities. This ability is also required for high distance exchange of network traffic. Various technologies are also being developed that are acting as alternative to the legacy VPN. Evidence is also provided regarding the bandwidth-intensive feature of a traditional VPN. A legacy VPN is more focussed around providing security and privacy to the data to be transferred rather than maintaining the quality and integrity of the actual data to be transferred. In order to ensure a good connection to a VPN server high availability of free nodes are needed that are ready for connection. In the event that the private network of an organization has less number of nodes and more employees then they will face difficulty to log in to the organization’s network. This report elaborates on alternatives to VPN such as Microsoft DirectAccess, SoftEther VPN, Celestix SecureAccess and many more. These alternative solutions offer the data security and the desired privacy that the traditional VPN provided but none of the drawbacks. Microsoft DirectAccess has a Remote Access Always On technology that provides an instant connection to the private network of the company hosting its servers as soon as a user belonging to the company connects to the Internet. Even DirectAccess suffers from various drawbacks that are rectified and the service is further improved in Celestix SecureAccess. Small Enterprises can support themselves by only using only Celestix SecureAccess but it is recommended for vast organizations that they maintain a client-based VPN for back up purposes.
Many years of research had been conducted on virtual private network (VPN) and the multi-protocol label switching (MPLS). Research has proved that VPN by itself suffers many issues and that most of these issues are resolved when used together with MPLS. The research summary is provided in this literature review. VPN and MPLS technology are used together to aid different kinds of traffic that flows through a network that consists of a number of routers of different types located in either layer 2 or layer 3 networks.
VPN and MPLS Services
Various situations demand the use of multi-protocol label switching and virtual private network together. MPLS supports different services such as Broadcast TV, ATM networks and Public Switched Telephone Network. MPLS thus provides a strong platform that helps these networks to maintain proper and effective management and a huge reduction in cost of operation. Multi-protocol label switching technology working together with virtual private network and traffic engineering to provide assured services focussing on the bandwidth requirement of the user. A virtual path is created between two routers that would provide dedicated service for any communication between them [3]. Virtual private networks supporting multiprotocol label switching network is primarily used for providing connectivity between nodes that are not directly connected and an external appearance is created as if the sites are actually connected. Different services of one server can be applied and utilized by users located at different parts of the world all connecting under one domain. These services could be easily implemented by using multiprotocol label switching network that creates a level 2 and level 3 virtual private network depending on the needs of the users. Multiprotocol Label Switching is actually a protocol that is mainly used to send data packets that are marked by IP address specific labels in the header of the packet. Taking into consideration a single system performing autonomously, MPLS based VPN was successful in delivering better performance of scalability of the system as it nullified the use of overlaying mesh structure of an IP network. The only requirement for this system to work is to apply slight tweaks to the user end routers. No other changes to the encryption and decryption modules or any Network Address Translation is required.
Img. 1: VPN Connection
(Source: [4])
Private networks are primarily used by organizations where any access by an outsider is prohibited. An employee of the organization can access its networks from anywhere in the world with the help of a server set up in a virtual private network environment. They can login and access the entire network that would otherwise be restricted while maintain a highly secure transmission [5]. Thus, these systems find their use in supporting and improving the overall IT security of an organization.
Privacy and Security in VPN
The number of Internet users is rising rapidly every day yet very few know about the different privacy and security risks that they expose themselves to by visiting non-secure websites [6]. Many hackers and information phishers patiently wait to steal identities of users and hack their systems. A hacker can listen to the conversation between a user and a website, if the website does not have ‘https’ certificate. Thus, various systems were developed such as the VPN that would provide the necessary security to its users. Here, the emphasis of security is put on the network that the user is connected to rather than on the user. A virtual private network thus provides more security while browsing on unsecure websites. Outside access to the network and viewing traffic between a VPN user and a website is completely negated.
The Scalability MPLS VPN over Traditional VPN Approaches
A comparison between the traditional approaches of VPN like VPN based on IPSec is provided in this literature review. There are different limitations and weakness to the uses of traditional VPNs. The Internet’s growth was rapid in the past few years and networks were deployed on a widespread level, which were built focussing on the Internet protocol [7]. This created different new capabilities and uses of the IP networks. Virtual private networks based on the IP technology is helping develop Internet services for the future digital market that will be easily and cheaply available to individual consumers as well as different Industries. VPN services of high performance delivering capabilities are being developed by applying two unique architectures, which are:
The strengths of using the above-mentioned technologies being used together along with its weaknesses were thoroughly researched and tested before implementing those technologies to the optical backbones of the future with high performance capabilities. More research also proved that the use of MPLS along with Broader Gateway Protocol models would be beneficial in providing better VPN services on the future optical backbones with Giga-speed bandwidth and thus much higher transfer capabilities [8].
Legacy VPN and its drawbacks
There are various drawbacks of legacy VPNs, thus many virtual networks have become obsolete, and many more will be in the coming years. VPN cannot be used in the era of high network requiring applications to deliver faster performances. The drawbacks are that made VPN obsolete in many organizations are as follows:
The encryption and then encapsulation of data packets takes a lot of time and thus the time required for sending one packet of data from one terminal to another takes more time than sending the same data packet without using the VPN [9]. The congestions of traffic is very common in VPN due to limited number of nodes available for connection. A company might have four hundred registered VPN nodes and seven hundred employees. Not all the employees might need remote access to the company’s private server at the same time but there might be times where more than four hundred people needed to connect at the same time. In such a scenario, there will be congestion of traffic and the company’s server would overload. Latency is also an issue in legacy VPNs. The performance of real-time communication is slowed down if a VPN is used alongside it. It is evident that the transfer speeds of data is quite slow over a virtual network but a real-time communication tool such as those used for video conferencing, needs high network speeds to work properly and efficiently [10]. The users will face lag issues and thus incoherent speech. Encapsulation of individual packets of data needs to be properly addressed from the source to the destination of the virtual network. Failing to do so will corrupt parts of the data the user is trying to either send or receive. Packet loss is a major drawback of VPN and slow networks increase the problem. Thus, the transferred data might be fragmented because of packet loss. Many small and medium sized enterprises cannot afford very fast Internet. Thus, they normally opt for data transfer without using any VPN and compromising their data security.
The virtual private networks might run into problems from time to time. IT personnel who are not well versed in the deep and complex working of VPN will run into severe problems while troubleshooting network problems. A client-based VPN might not be compatible with the operating system used in the computers of the users. Other network related issues like a slow Internet connection at the user’s terminal that can hinder the remote access capabilities of the VPN.
Huge amounts of data when sent between geographically long distances are compressed for faster transfer and with minimum packet loss. In a VPN, the data packets are encrypted for security and privacy purposes. This heavy encryption method hinders the use of data compression methods required for long distance data transfers.
There is no pattern repeating in a VPN. Sampling and regenerating of data is a commonly used method used to handle packet loss. The core functions of a VPN does not include regenerating the lost parts of the transferred data. As discussed in the earlier parts of the report, a traditional VPN faces packet loss issues. Packet loss amounts to transfer of fragmented data. This primarily happens, as there is no pattern repetition.
Legacy VPN uses up most of the network bandwidth available. Thus, other network reliant functions, applications and software are deeply affected. VPN mainly focusses on the security of the transferred data rather than the quality of the data transferred. The more bandwidth a VPN uses, the quality of the data transferred is degraded further.
In order to achieve good connectivity through a VPN, it is of utmost importance that there is a high availability of the connecting nodes. An employee might be trying to again remote access to its company’s servers but due to high traffic in the virtual network of the company, the employee might have to wait for the connection to get through or try again after some time. Connection through a VPN is thus slow and affects the productivity of a business where a slight delay in decision-making can cost the business in millions.
Microsoft DirectAccess
Microsoft DirectAccess is the solution created by the company Microsoft as a replacement to the client-based VPN. DirectAccess uses an Always-On technology [11]. Here it is always ready for connection as soon as the user connects an Internet supply to the computer. The user has no control over DirectAccess at the tunnelling part of the VPN. Thus, different security updates and patches are automatically added to the system and the user does not have the power to either allow or disable it. This provides a huge advantage for the security issues as the users sometimes forget to apply the security patch updates that are provided by the OEMs of their computers. This is evident from the ransomware incident that happened a couple of years ago where most of the affected users were the ones who did not apply the patch updates of the Windows OS. DirectAccess offers easy implementation of digital certificates that occupies a portion of the authentication process. Thus, this authentication process is secure and very strong. The only major problem faced by a network using DirectAccess is the expiration of the SSL certificates.
DirectAccess faces a disadvantageous scenario when it has to be implemented in systems not running Windows OS. It supports neither the Mac OS nor the Linux OS. Users might not always have access to systems running on Windows OS. Thus, remote log in to a private server might not be possible at times.
Img 2: Microsoft DirectAccess
(Source: [12])
Celestix SecureAccess
Microsoft DirectAccess cannot be used in systems running anything other than Windows OS. Thus, Celestix SecureAccess has been developed to reduce the complexity of the process while maintaining the data security aspect that was provided by DirectAccess. It can be used in systems running Windows OS, Mac OS and Linux OS. Administrators are easily able to configure the various aspects of the network such as the IP address, default gateway, subnet mask and different static routes in very little time. The new web user interface, Cornet 2.0 is included in Secure Access. A centralized administration is one of the many features provided in the web UI. This helps in achieving administrative efficiency and save costs on the total productive hours of the IT department. The chances of a successful hacking attempt is significantly reduced by engineering and developing the applications and services that are necessary for connectivity and security. The company Celestix boasts on its years of experience in network security and that the hardware they manufacture can withstand almost any cyber-attack. Every organization is different in size and they may have applied different security protocols depending on the level of the IT expert they have hired. Remote access exposes the network of a company to external threats and thus better screening of the ac cess pattern is achieved through SecureAccess. Strategies have been implemented that support the case of multiple access strategies [13]. The administrator can monitor any number of devices connected to the private network through SecureAccess and can freely manipulate and stop access to the virtual network in case any security issue arises.
Conclusion
Thus, to conclude this report, legacy VPN is becoming obsolete and the use of alternatives like Microsoft DirectAccess and Celestix SecureAccess is rapidly increasing. The security and simplicity that they provide is paramount and the IT staff of various organizations prefer to use them instead of VPN. There are various disadvantages of using a traditional VPN and it is fairly evident that switching to an alternative solution is important as there might be performance and productivity issues when using a VPN. Data integrity had been an issue of the past with legacy VPN as long distance transfers often resulted in the exchange of fragmented data. The various successful hacking incidents all over the world safely suggests that organizations need better IT security. This security can be provided to the networks of these organizations by implementing either DirectAccess or SecureAccess. It can also be concluded that the user might not always be aware of the network security issues and that sometimes it is their careless mistake that helps a hacker to get through the network’s firewalls. The complex security structure and protocols thus must be applied to the network directly by IT professionals who deeply understands the need for proper security. All the systems that are connected to the network can be properly monitored and managed by the administrator thus providing complete control over the system that access the network. Reduction in operating costs is always a favourable condition for enterprises. DirectAccess or SecureAccess helps in the cost reduction while maintaining the security and privacy level that is fundamentally desirable.
Various future enhancements are being researched on for Celestix SecureAccess. Updates for the remote access platform and the web interface platform that is the Comet UI are being developed. Various enhancement and updates include:
New features are thus developed and implemented from time to time that provides a return on investment (ROI) to the organizations implementing Microsoft DirectAccess or Celestix SecureAccess
References
Fischer et al., “Virtual network embedding: A survey”, IEEE Communications Surveys & Tutorials, vol. 14, no. 4, pp. 1888–1906, 2013.
Mir et al., COMPARISON OF PACKET-SWITCHING AND LABEL-SWITCHING FOR ROUTING IN VPN-BASED NETWORKS. IASTED, 2013, pp. 1–1.
Kompella et al., Detecting Multiprotocol Label Switched (MPLS) Data-Plane Failures. 2017.
“DirectAccess with NAP Architecture Overview”, Technet.microsoft.com, 2018. [Online]. Available: https://technet.microsoft.com/fr-fr/library/ff528481(v=ws.10).aspx. [Accessed: 02- Jan- 2018].
Opatrny, Justin and Ness and Carl, “Virtual Private Networks and Secure Remote Access”, Computer Security Handbook, vol. 6, pp. 32–1, 2014.
Kang, Ruogu and Dabbish, Laura and Fruchter, Nathaniel and Kiesler and Sara, Symposium on Usable Privacy and Security (SOUPS). CA: USENIX Association Berkeley, 2015, pp. 39–52.
Vidal, Santiago and Amaro, Jorge Rodrigo and Viotti, Emiliano and Giachino, Martin and Grampin and Eduardo, Proceedings of the 2016 workshop on Fostering Latin-American Research in Data Communication Networks. ACM, 2016, pp. 25–27.
Gulrajani, Sameer and Green, Andy and Asif, Saud and Zhang, Jeffrey and Jain, Pradeep, MPLS/BGP Layer 3 VPN Multicast Management Information Base. 2013.
Rhodes-Ousley, Mark, Information security: the complete reference. McGraw Hill Education, 2013.
Ashraf, Abbas and Wasim, Muhammad and Sattar, Ahsan Raza, “Efficient Implementation of VoIP Over VPN wrt Packet Delay and Data Security.”, International Journal of Multidisciplinary Approach & Studies, vol. 3, no. 5, 2016.
Krause, Jordan, Microsoft DirectAccess Best Practices and Troubleshooting. Packt Publishing Ltd, 2013.
“DirectAccess with NAP Architecture Overview”, Technet.microsoft.com, 2018. [Online]. Available: https://technet.microsoft.com/fr-fr/library/ff528481(v=ws.10).aspx. [Accessed: 02- Jan- 2018].
Dasgupta, Dipankar and Roy, Arunava and Nag, Abhijit, Advances in User Authentication. Springer, 2017, pp. 185-233.
Essay Writing Service Features
Our Experience
No matter how complex your assignment is, we can find the right professional for your specific task. Contact Essay is an essay writing company that hires only the smartest minds to help you with your projects. Our expertise allows us to provide students with high-quality academic writing, editing & proofreading services.
Free Features
Free revision policy
$10Free bibliography & reference
$8Free title page
$8Free formatting
$8How Our Essay Writing Service Works
First, you will need to complete an order form. It's not difficult but, in case there is anything you find not to be clear, you may always call us so that we can guide you through it. On the order form, you will need to include some basic information concerning your order: subject, topic, number of pages, etc. We also encourage our clients to upload any relevant information or sources that will help.
Complete the order form
Once we have all the information and instructions that we need, we select the most suitable writer for your assignment. While everything seems to be clear, the writer, who has complete knowledge of the subject, may need clarification from you. It is at that point that you would receive a call or email from us.
Writer’s assignment
As soon as the writer has finished, it will be delivered both to the website and to your email address so that you will not miss it. If your deadline is close at hand, we will place a call to you to make sure that you receive the paper on time.
Completing the order and download
