researchHQ’s Key Takeaways:
- A virtual private network (VPN) is a private network that extends beyond on-premises hardware.
- VPNs allow companies to extend their endpoint security measures to remote users and cloud connections, thereby maintaining the visibility of various endpoints and adding a layer of security on devices.
- Despite the benefits, VPNs still suffer from exploitable vulnerabilities relating to authentication, endpoint security and network architecture.
- These risks can be mitigated by deploying VPNs through endpoint protection platforms (EPPs) which can prevent data loss prevention, simplify management, enforce authentication measures and assist in incident response.
Virtual private networks (VPNs) enable you to gain remote access to on-premise private networks, and connect remote private networks into a wide area network (WAN). A VPN typically establishes these connections by assigning users internal IP addresses.
On the one hand, VPNs enable you to expand visibility. Traffic is routed through the VPN, and you can reliably log, filter, and monitor traffic. You can also authorize and authenticate before granting users access to network assets. On the other hand, if these expanded visibility capabilities are exploited, threat actors can gain access to your network.
You can use a VPN to protect your endpoints, but you also need to secure your VPNs from known and unknown vulnerabilities. To secure VPNs, you can implement EDR practices, and minimize endpoint, authentication, and network architecture risks. Even better, you can use new Extended Detection and Response (XDR) solutions to enhance protections beyond those provided by EDR solutions.
In this article, you will learn:
- What is a VPN
- How VPNs affect endpoint security
- Critical VPN vulnerabilities
- Deploying a VPN through endpoint security
What Is a VPN?
A virtual private network (VPN) is a private network that extends beyond on-premises hardware. It is created from a combination of network tunneling and software controls, rather than dedicated connection lines.
VPNs enable users to remotely access on-premises private networks. These connections assign the user an internal IP address and enable them to access any assets they could if they were physically connected. Organizations can also use VPNs to connect two remote private networks into a wide area network (WAN).
How Do VPNs Affect Endpoint Security?
VPNs enable you to extend your endpoint security measures to remote users and cloud connections. Traffic is routed through the VPN before it accesses your network. This enables you to log, monitor, and filter traffic with the same reliability as a physical connection.
These capabilities are especially important for maintaining the visibility of your various endpoints. As more remote connections are made and cloud resources used, your network perimeter scales up. VPNs can scale with these endpoints, ensuring that security is evenly applied to every connection.
When using VPNs you are able to perform authorization and authentication before a user connects to your assets. This eliminates the need to rely on the security of the user’s Internet connection to verify identity. It also adds a layer on top of any security that is on the user device or network. This reduces the chance that devices stolen from legitimate users can be used to access your VPN.
While VPNs can grant greater security and visibility into remote connections, these tools are not free from vulnerabilities. Unfortunately, there are still loopholes that attackers can use to access sensitive data and systems.
These loopholes can be used against even the largest enterprises. For example, Airbus, a giant in the aerospace industry, was recently hit by a series of attacks focused on VPNs used by its suppliers. To ensure that your organization doesn’t fall victim to the same fate, it helps to understand where VPN vulnerabilities lie. Below are a few to watch out for.
Network architecture and topology
For many organizations, only a small number of users use VPN tunneling to connect to the primary network. This means that only a small, easy to manage pool of IP addresses is allocated for use. However, when organizations scale up the number of remote connections, for example during work from home restrictions, this number must increase.
Primarily remote workforces often require hundreds or even thousands of addresses, some of which may be reused from those formerly dedicated to local connections. This can create serious security issues if you do not carefully audit and reconfigure access controls assigned to those IPs.
Another issue is network latency. VPN connection points can only handle a set amount of traffic. The time it takes for requests and responses depends on a given point’s location in proximity to the user and the allocated bandwidth.
Trying to connect too many users to a single point can overextend these limitations, leading to slow connections or preventing connections entirely. These limits can be leveraged by attackers to block services from legitimate users in denial of service (DoS) attacks.
A large part of VPN security relies on strong authentication measures. Once a user gets past authentication, they have the same access as if they plugged directly into your network on-site.
This means that if you use weak measures, such as allowing short, simple passwords, you are at risk. Additionally, not changing default passwords or never requiring password changes allow attackers easy access.
Another issue is the accessibility of your login portals. If you allow login through public Internet sites you provide attackers easy access to try credentials and passwords.
Ideally, any devices connecting to your VPN are managed by your IT teams. This ensures that devices are up to date, that the appropriate security tooling is installed, and that permissions and access are suitably restricted. Remotely managed devices can be verified and secured by IT teams in the same way as local devices.
Realistically, however, at least some connecting devices are likely to be personal ones. More organizations are adopting bring your own device (BYOD) policies. This restricts securing device traffic and operations to operations inside the network.
Of particular concern is the connection of machines that are already infected with malware. For these machines, even installing VPN client software may not be enough to secure connections. Depending on the infection type, attackers may be able to hijack these agents. Or attackers may be able to take control of devices after legitimate connections are made.