Q report on MN610 Virtual Private Networks- used to access devices in other networks remotely&a path to exchange data Home, - MN610 Virtual Private Networks MN610 Virtual Private Networks Abstract—The study has shown that VPN is used to establish security in public network such as the internet. It is used by individuals and organisation for their work. It can be also used to access devices in other networks remotely. Over the year, with the increase in technology various type of VPN also developed. It was first developed by Microsoft in 1996 and named as PPTP. It is necessary to have a deep knowledge about VPN setup since an improper setup can make the network open to more vulnerability. VPN encrypts the data that flows within the connection by various encryption techniques. The ISP should have proper speed in order to match the encryption technique used by the VPN. Due to its affordable price, from small to large it is used in all type of organisations for their data security. I. INTRODUCTION Virtual Private Network acts as a path to exchange data anonymously and securely over the internet and it exists in both private and shared network. The VPN server is encrypted and as a result, information travelling between two connected devices gets benefited from security, functionality, and strength of the private network. Generally, as a public network, a home network is not secure. A hacker can easily break into a public network in order to steal and manipulate the information. Therefore, extra security is needed to mask their IP address; this can be achieved with the use of VPN. VPN masks the IP address like an onion, changes location of the device, encrypts the data travelling and gives access to some banned websites like Torrent. Not only for home purposes but it is also widely used in the organisation. In this paper, various positive and negative effects of VPN will be discussed. A. Abbreviations and Acronyms VPN: Virtual Private Network ISP: Internet Service Provider PPTP: Peer to Peer Tunnel Protocol SSTP: Secure Socket Tunnel Protocol L2TP: Layer 2 Tunnel Protocol IKEv2: Internet Key Exchange version 2 SSL-VPN: Secure Sockets Layer VPN DNS: Domain Name System II. LITERATURE REVIEW History and background With the increase in technology, VPN has developed a lot from 1996 by increasing its security protocols. Initially, it was used by organisations to complete their task successfully and keep their data secure, but gradually general people also started to adopt this technology for their personal use. The government used to ban various websites so that they become inaccessible by their citizen, one of the common examples is torrent websites. It has been banned because of piracy and other adult contents. People often use VPN to access Torrent websites and access deep and dark web using Tor browser. They do this so that they remain anonymous and their IP address and location cannot get tracked by the government or any other vendor. There is various type of VPN developed over the years, they are as follows: PPTP: In 1996, a Microsoft employee developed Peer to Peer Tunnel Protocol and was used in the system with Windows 95. It is old technology but still, its setup process is easy and less secure to security breaches and hackers. SSTP: Secure Socket Tunnel Protocol was also developed by Microsoft and it is more secure than PPTP. It is able to bypass firewalls and uses v3 and SSL and it is configured to use AES encryption. L2TP: Layer 2 Tunnel Protocol does not provide encryption rather it creates the tunnel information to travel through and IPsec handles the secure encryption. The encryption technique is effective but at the same time, it is slow because traffic has to be converted to L2TP from with encryption. Open VPN: It uses OpenSSL encryption library and SSLv3/TLSv1 protocols; it is one of the safest options and can be easily configurable in the web. IKEv2: Internet Key Exchange is a response/request pair protocol and it uses X.509 certificates for authentication with a shared secret. Concerned issues with legacy VPN and solutions Cisco Legacy AnyConnect, OpenVPN and SSL-VPN are some of the examples of legacy VPN. They have several issues and as a result, they were replaced by other VPN’s over the year. • It is expensive to setup and manage VPN’s like Cisco, Juniper or another hardware-based IPsec VPNs. The usability and compatibility of these VPN’s with a firewall are poor. SoftEther VPN has replaced these VPN’s because of the presence of the L2TP/IPsec VPN function. • SoftEther VPN has also successfully replaced OpenVPN as it has more ability and better performance than OpenVPN. It is GUI based management tool, therefore, it is easy to configure. With the use of OpenVPN Server Clone Function in SoftEther VPN which gives access to other OpenVPN clients to establish a connection with SoftEther VPN easily. • IKEv2 is one of the most secure types of VPN in the current world so, it is preferable to use an IKEv2 VPN and avoid using PPTP and SSTP. III. MAIN BODY With encryption technique, VPN brings security to the public network for transmission of data via the internet, it is also necessary to select a proper VPN provider. With passive monitoring attack, a hacker can simply collect unencrypted information of the user and can hijack the DNS. The user’s request gets redirected to a controlled browser to a Web server by pretending that they are accessing popular and safe website like google. It is often seen that many VPN providers leak their user’s accessed data to the hackers. In a contemporary organisation, employees have the power to make decisions since they do not follow the top-down model. The manager of a contemporary organisation needs to instruct their employees not to use VPN to remotely connect their office device to their home servers 5]. Since a home network is unknown for an organisation and if any hacker is interested in that home network then it can also get access to the organisation’s network. Private Internet Access, Mullvad and VyprVPN are the three VPN vendors that are secure to use because they use outdated tunnelling protocols such as PPTP which can be easily broken (pcworld.com, 2015). In the case of mobile devices VPN is secure when used in iOS but at the same time, it is vulnerable to leakage when using Android devices. Therefore, before implementing any VPN, the user should have deep knowledge about the protocols used in that VPN. Concerns and security issues Implementation of VPN in an organisation can bring security issues and the organisation should be concerned about those issues. First of all, it is a complex task to setup a VPN therefore in an organisation the team which is responsible to setup should have detailed knowledge of network security issues so that their network gets full protection. The performance of a VPN depends upon the ISP therefore; an organisation needs to select proper ISP for their used VPN. The VPN vendor should provide a document of their policy and security protocols to their users in order to maintain their trust. It is recommended by Cisco that security policies come before deployment of security technology6]. Implementation of remote access VPN in an organisation’s network enables access of foreign untrusted host in the secure intranet. VPN’s security is limited for a secure connection between the client device and business network excluding personal security features to the individual or any protection from the internet. Employees should be instructed not to open a VPN session to their organisation’s network and leaving the connection established due to the always-on nature of a corporate connection. A business always needs to use paid VPN services as they provide more security features than a free VPN. Solutions VPN limitations As discussed above a VPN have several issues that are needed to be resolved in order to establish a secure connection. These are the following solutions to use a VPN securely: • First of all, it is necessary to use proper ISP so that they have the capability to support VPN with complex security protocol. • An organisation needs to use a VPN with minimum 256-bit encryption and the ISP should have the capability to support this type of strong VPN. • With upgrading security policies there are various forms of VPN available, it is recommended to use VPN of type Open VPN and IKEv2, as they are latest and offers more security than PPTP and SSTP. • The team responsible for setting up the VPN in an organisation should have the detailed knowledge of network security issues. Since an improper setup connection is more vulnerable to risk. Role of VPN in different organisations Business sector: Reduces the risk of security breaches and cyber attack In the banking sector, it is essential to keep their consumer data safe. In order to achieve these safety banking sectors, use VPN and keep their system secure from cyber-attack and security breaches. Client feels secure Using a VPN at the banking sector makes their client secure in order to achieve safe transaction from their personal devices IT sector: VPN’s are affordable As VPN is affordable therefore from small to large scale, every organisation uses VPN to make their connection secure. While travelling abroad As an IT employee often required travelling abroad for official purposes therefore with the help of VPN, they can securely complete their official work even when they are travelling. IV. Conclusion Based on the above study it can be concluded that VPN has a huge number of benefits and can be used by various individuals and organisations. As the public and home networks are not secure therefore in order to protect them VPN is used. It is used to establish extra privacy and security in the era of mass surveillance. Over the years there are a various number of VPN types developed and added more security to their protocol. A company is needed to implement a proper VPN for their work, to select a VPN vendor first they need to go through their security policy document. As the policy documents come before security protocols, therefore, it is one of the most important tasks. The organisation should have skilled employees who can set up their VPN properly because an improper setup can cause a more serious issue. They need to select VPN with minimum 256-bit encryption and their ISP should have that amount of speed to process the encryption. It is recommended to use VPN of IKEv2 type as it is more updated than PPTP and SSTP. The employees of an organisation should not connect their office system with their home network by remote VPN because it increases chances of a cyber-attack. As it is affordable therefore from small to large, it is implemented in different size of organisations. With the help of VPN, a corporate person can easily complete their task securely while travelling even if they are in abroad. V. Future Works It can be seen that there is a huge development in the VPN market over the past 10 years as it has become a major concern for most of the individuals and organisations to protect their data. With the increase in technology advancement, the ability of hackers to break a network is also increasing. It is also seen that hackers break various system that uses VPN for security. Therefore, it is recommended to update the security protocols of VPN vendors in order to provide more security. An organisation like the banking sector should use the VPN with the latest security patches because if their system gets hacked then a huge amount of people will lose their money. Government use the latest encryption protocol VPN so that their data remain confidential and safe. As the days are passing people are getting addicted to implement VPN in their system to access illegal web contents like deep web, dark web and torrent sites. The future of VPN, encryption and privacy are dark since with their increased security protocols will challenge hackers to break their complex encryption method. At the same time, it is challenging for the VPN vendors to introduce more security in their protocols and keep the trust of their users. Therefore, the race between the VPN and the security breaches will be continued. Thus, VPN is greatly of significance in the current era where technology has reached to a great height. It is important to deliver a proper way out for the technology due to which organisations are being benefited largely. With the advent of VPN, several organisations have used it in its work properly thereby, enhancing its work level greatly. However, there are some of the adverse impacts when it is used by the hackers to fulfil their worst motives. This has to be reduced by enhancing the security level largely.