VPN Security Vulnerabilities Exposed

VPN Security Vulnerabilities Exposed

Introduction

A virtual private network (VPN), offers anonymity and online privacy by creating a secure connection to another internet network (Movsarova et al., 2019). VPNs hides IP (internet protocol) address; therefore, an individual’s online activities become virtually undetectable. Most importantly, VPN services create encrypted and secure connections to offer greater privacy than a protected Wi-Fi hotspot. Nowadays, the VPN is famous for various reasons. Initially, they were used to securely connect a company’s networks or allow an individual to access the company’s network from home. Making transactions or surfing the web on an unprotected Wi-Fi network can expose one’s browsing habits and private information. As such, everyone concerned about their privacy and security should consider using a VPN.

Sobh and Aly (2011) claim that a VPN’s functioning resembles that of WAN (wide area network). When two devices on different networks are connected through a VPN, the VPN creates an illusion that the devices are on the same network. All the network traffic is transferred to the VPN over a secured connection. This allows an individual to securely access local network resources even when they are in various parts of the world. When an individual surf the internet while connected to a VPN, the device being used communicates with the website through the encoded connection. The VPN sends an individual’s request and sends back the website feedback through the protected connection.

According to Elezi and Raufi (2015), a well-developed VPN offers the following benefits:

• Unlimited connections across different geographic regions without leasing a line
• Enhanced security for sharing data
• Flexibility for employees and offices in remote areas to utilize a company’s intranet over the current internet connection
• Savings in expense and time for workers who commute to work as they can work from anywhere
• Enhanced productivity for employees in remote areas

Types of VPN

There are different types of virtual private networks, including point-to-point tunneling protocol (PPTP VPN), site-to-site VPN, layer to tunneling protocol (L2TP), and Internet Security Protocol (IPsec).

In PPTP VPN, the PPTP client creates a ‘tunnel’ or connection to the PPTP server to transport organizations traffic and data and using encryption to secure it (Kleidermacher & Mike, 2012). PPTP encapsulates data on the network and places it into an IP envelope, and during, every network device will treat it as an IP packet. Once the PPTP server receives the encapsulated data, it will forward it to the destination device. The PPTP tunnel creates a communication with the peer through TCP port 1723.

Site-to-Site VPN is sometimes referred to as ‘router-to-router VPN ‘and is mainly used by corporates operating in different locations to establish connections between the head office and office branches in different regions. Primarily, site-to-site VPN extends the enterprise network, making company resources in one place available to all the employees in different locations. This type of VPN best suits companies that are growing and setting up pilot offices in different areas. According to Perez (2017), site-to-site VPN uses two techniques; multiprotocol layered switching (MPLS) and internet VPN method.

L2TP VPN uses an authentication protocol typically to provide strong authentication and encryption, giving it an ultimate edge over other VPN solutions. L2TP VPN uses UDP port 17-01 to establish connections. Double authentication is applied to the data transmitted over L2TP VPN with every data packet transmitted through the tunnel integrates L2TP headers. As a result, the data is de-multiplexed by the server. The aspect of double authentication may slow down the solution’s performance but ensure the highest level of security.

IPsec is a VPN method that is used to secure internet communication between IP networks. IPsec is a collection of protocols that are applied together to set up encrypted connections between different devices. It ensures that data sent over public networks is secure and works by encrypting IP packets and authentication of the source of the packets.

VPN Security Vulnerabilities

According to Bui et al. (2019), a VPN vulnerability is a defect in design or code that compromises a network’s security or an endpoint. Computer users and network personnel can protect their devices from vulnerabilities by frequently updating their software’s security patches. These patches can solve security holes or flaws present in the initial release. Besides, computer users and network personnel should be aware of the current software vulnerabilities they utilize and find ways to stay secured against them (Jang-Jaccard & Nepal, 2014).

The following are some of the common VPN vulnerabilities:

• Weak passwords
• Missing data encryption
• SQL injection
• Missing authorization
• Redirection of URL to suspicious sites
• Lack of authentication for the essential functions
• Reliance on questionable inputs in a security decision
• Lack of integrity checks when downloading codes
• Bugs
• Use of corrupted applications
• Buffer overflow
• Utilization of incomplete algorithms
• Unrestrained upload of harmful documents
• Cross-site forgery and scripting

Causes and impact of VPN vulnerabilities

Computer vulnerabilities occur as a result of the failure of programmers to comprehend the inner programs fully. While programming and designing, programmers fail to consider all computer system aspects, and as a result, the computer system becomes open to attacks. Some programmers carry out their programming activity incorrectly and unsafely, which deteriorates computer system vulnerability.

Computer system vulnerability causes harm in multiple aspects; for instance, the spread of internet virus, revelation of sensitive data, and hacker invasion can cause immense economic loss to individual and business users. With the continuous enhancement of information degree, very harsh computer system vulnerabilities can threaten national security in industrial, military, and political aspects. Computer security vulnerabilities are harmful to system securities: reliability, entirety, undeniableness, confidentiality, and usability.

Vulnerabilities occur in various SSL (Secure Sockets Layer) VPN products that permit an attacker to access random documents, including those with verification identifications. An attacker can connect to the VPN using the stolen credentials and connect to internet infrastructure or change configuration settings. Unapproved VPN connection could also offer an attacker with the opportunity required to carry out secondary exploits intended to access a root shell.

Nowadays, attackers are targeting VPN platforms. Some are focusing on software, telecommunications, and defense industries. Their C & C (command-and-control) server conceal public social profiles containing configuration strings of malware, making it very hard to identify jeopardized systems. Once attackers access the VPN by stealing the password, they use RDP (remote desktop protocol) to move further inside the network. PWDump, Mimikatz, and WDgest credential harvesting are also used to make a lateral movement.

The vulnerabilities allow attackers to access documents through RCE (remote code execution). The acquired credentials are then used by an attacker to connect to the VPN. SSL VPN is utilized in enterprise networks, and corporates deem it very reliable. The SSL vendors dominating the market are very few and are usually outdated in remote locations. According to the National Cyber Security Center (2019), the following are the top security vulnerabilities prevalent in business VPN solutions:

Pulse Connect Secure

CVE-2019-11510:

• Random reading of a file without authorization: An unauthorized remote attacker can deceit and share a URI (uniform resource identifier) to read documents.
• CVE-2019-11539: injection of command after authorization is given. The admin web interface authenticates an attacker to inject and run commands.

Fortinet Fortigate

• CVE-2018-13379: random reading of a file without authentication. Unauthorized attackers use the SSL VPN web portal to create a path traversal vulnerability giving them the ability to download system documents through designed HTTP resource requests.
• CVE-2018-13382: permits an unauthorized attacker to modify the user’s password of an SSL VPN web portal through specially designed HTTP requests.
• CVE-2018-13383: overflow of the heap after authentication is given. An attacker acquires a router’s shell. A buffer overflow of the load in the SSL VPN web portal can dismiss web service of SSL VPN for users who are logged in due to the inability to handle JavaScript data when delegating web pages appropriately.

Palo Alto

• CVE-2019-1579: unauthorized remote attack might be allowed by RCE to run random code.

Detecting Exploitation

Users of these products of VPN should examine their logs for compromise proof, mainly if there was no application of patches immediately after their publication. Besides, administrators should inspect for evidence of jeopardized accounts in active use such as irregular IP times or location.

Pulse Connect Secure

The efficient way to identify exploitation attempts is to look for connection evidence to vulnerable URLs on a gadget. Logging of Pulse Secure is highly modifiable. Therefore, the HTTP request should be directly made to the web interface and not through the VPN to examine if web requests are logged. Once the logging is identified to be working, the URLs below should be searched. Hits before the application of a patch may suggest a compromise and require further examination.

Fortigate

Fortigate devices do not log web requests by default. Nevertheless, if a gadget is modified to write firewall connection logs or Netflow or firewall logs can be accessed from another device in front of it, exploitation can be detected. When CVE-2018-13379 is under exploitation, an attacker may download a web session of SSL VPN, which comprise of passwords and usernames of active users. Searching Netflow or firewall logs, from the device’s web interface port of SSL VPN for transmission control protocol (TCP) sessions with 200,000 to 250,000 bytes to the client, and a maximum of 2,000 bytes from the client suggest the occurrence of exploitation.

Palo Alto

The versions below may be vulnerable to attack:

• Palo Alto GlobalProtect SSL VPN 8.0.x < 8.0.12
• Palo Alto GlobalProtect SSL VPN 7.1.x < 7.1.19
• Palo Alto GlobalProtect SSL VPN 8.1.x < 8.1.3

It may be challenging to identify past logs’ exploitation. However, unsuccessful exploit trials may bring about a crash, which can be detected in records.

Mitigation of VPN Vulnerabilities

As Kang and Balitanas (2018) stated, not all VPN applications provide security to the enterprise network and resources because sometimes adopting VPN solutions attract more risks. This section will discuss recommendations on how to minimize VPN vulnerabilities, including:

Watson (2009) recommends that it is essential to continually review VPN log files to determine if the user account is compromised. It should also identify active connections during odd hours and other abnormal activities that require more investigation, make sure that remote access is maintained and patched with security updates by enabling features such as multifactor authentication. Also, end-user license agreements should be reviewed and evaluated before implementing a VPN solution. Users should also be trained and educated on the best practices to use VPN applications properly. Prompt application of security patches as this is one of the simplest ways of protecting the organization from vulnerabilities.

Suppose a breach or compromise has been suspected of having occurred. In that case, even if there is no proof, the possibility should not be ruled out, and the affected accounts revoked to allow for an investigation to avoid any incidence that may cost the organization (National Security Agency Central Security Service, 2019). Also, authentication credentials should be reset for all other users to ensure that no unauthorized access to the organization’s systems. Besides ensure that all the VPN configuration options are enabled to prevent any authorized changes, including command set run on connecting clients, new iptables rules, and SSH authorized key files. Additionally, having a backup of the configuration settings is crucial to be restored in case of a breach.

Future on VPN

Sarvepalli (2019) asserts that VPN technology will remain vital to protecting organizations, users, and data. According to the industry experts, what is changing is the level of intelligence and automation in the technology of VPN. Besides, the degree to which VPN’s functionality exists in users is less and more on the network back end. This will also change. Nevertheless, the internet of things and cloud services are continually growing; secure VPN connectivity will still be necessary. Additionally, VPN revenue is expected to surpass $54 billion by 2024 (National Cyber Security Center, 2019).

How the deployment of VPN technology is carried out is expected to change. Besides, access functions and authorization are expected to be included in the network itself, and users will see them. Virtualization and software-defined perimeter will substitute the traditional VPNs making user connections more automatic and secure. Besides, software-defined networking, some hybrid of tunneling and encryption are expected to emerge.

Conclusion

Virtual private networks have proven to be very useful to many organizations and business enterprises. VPN’s primary purpose is to provide a secure connection between two devices sharing confidential data over a network. However, VPNs may also have vulnerabilities that may lead to data breaches and manipulation, including weak passwords, missing data encryption, and SQL injection. Others include missing authorization, redirection of URL to suspicious sites, lack of authentication for essential function, and reliance on questionable inputs in a security decision. The paper has also proposed several mitigation strategies that can be implemented to address different vulnerabilities.

References

Bui, T., Rao, S., Antikainen, M., & Aura, T. (2019). Client-Side Vulnerabilities in Commercial VPNs. Secure IT Systems, 103-119. https://doi.org/10.1007/978-3-030-35055-0_7

Elezi, M., & Raufi, B. (2015). Conception of Virtual Private Networks Using IPsec Suite of Protocols, Comparative Analysis of Distributed Database Queries Using Different IPsec Modes of Encryption. Procedia – Social and Behavioral Sciences, 195, 1938-1948. https://doi.org/10.1016/j.sbspro.2015.06.206

Jang-Jaccard, J., & Nepal, S. (2014). A survey of emerging threats in cybersecurity. Journal of Computer and System Sciences, 80(5), 973-993. https://doi.org/10.1016/j.jcss.2014.02.005

Kang, B., & Balitanas, M. (2018). Vulnerabilities of VPN using IPSec and Defensive Measures. International Journal of Advanced Science and Technology. Retrieved 25 August 2020, from.

Kleidermacher, D., & Mike, K. (2012). Data Protection Protocols for Embedded Systems. Embedded Systems Security, 289-347. https://doi.org/10.1016/b978-0-12-386886-2.00005-9

Movsarova, P., Vizirova, H., Bijsultanova, M., Gazieva, I., & Daudov, I. (2019). Cryptographic methods of information protection and VPN in IP networks. SCIENTIFIC DEVELOPMENT TRENDS AND EDUCATION. https://doi.org/10.18411/lj-11-2019-38

National Cyber Security Center. (2019). Vulnerabilities exploited in VPN products used worldwide. Ncsc.gov.uk. Retrieved 25 August 2020, from https://www.ncsc.gov.uk/news/alert-vpn-vulnerabilities.

National Security Agency Central Security Service. (2019). Cybersecurity Advisory: Mitigating VPN Vulnerabilities. National Security Agency Central Security Service. Retrieved 25 August 2020, from https://www.nsa.gov/news-features/press-room/Article/1982717/cybersecurity-advisory-mitigating-vpn-vulnerabilities/.

Perez, A. (2017). Transport Network MPLS-VPN Technology. Implementing IP And Ethernet On The 4G Mobile Network, 65-86. https://doi.org/10.1016/b978-1-78548-238-0.50004-2

Sarvepalli, V. (2019). VPN – A Gateway for Vulnerabilities. Insights.sei.cmu.edu. Retrieved 25 August 2020, from https://insights.sei.cmu.edu/cert/2019/11/vpn—a-gateway-for-vulnerabilities.html.

Sobh, T., & Aly, Y. (2011). Effective and Extensive Virtual Private Network. Journal of Information Security, 02(01), 39-49. https://doi.org/10.4236/jis.2011.21004

Watson, R. (2009). Security Considerations. Fixed/Mobile Convergence and Beyond, 171-183. https://doi.org/10.1016/b978-0-7506-8759-1.00011-2