Gamified Intelligent Cyber Aptitude and Skills Training (GICAST)
Gamified Intelligent Cyber Aptitude and Skills Training (GICAST)

Start this free course now. Just create an account and sign in. Enrol and complete the course for a free statement of participation or digital badge if available.

Free course

Gamified Intelligent Cyber Aptitude and Skills Training (GICAST)

2.2 Security risks of VPN

This section is part of the amber and green pathways.

VPNs might sound like a panacea to a number of problems as they can extend, in our example, a corporate network across a wide geographic area via the internet. However, in doing so, they raise a number of new problems.

Security of remote machines

When a remote machine is part of a VPN it effectively creates a new frontier between the ‘secure’ corporate network and the internet. This remote machine now offers a direct route into a corporate network. Previously, it had been relatively simple to secure machines within a corporate network; now the remote user might be using their own computer, network connection, operating system and software – none of which are controlled by the organisation. Worse still, they might be sharing the machine with a number of other users, some of which might not be employed by the organisation. Perhaps the same PC is used to manage corporate documents, as well as downloading pirated music from the internet and playing video games!

The remote machines must themselves be secured from abuse. That may mean enforcing certain minimum standards with regards to operating system, antivirus software, firewalls and so on. Employers may have to stipulate that antivirus software is kept up to date, and that all patches and service packs are installed.

Security of the VPN implementation

As you learned earlier, the security of various VPN implementations has come under scrutiny. Protocols themselves might be well designed and apparently secure, but the method of implementation, where programmers have taken shortcuts or offered ‘additional convenience’ to the user, may compromise the protection offered.

For instance, there are no major problems with the PPTP protocol, but Microsoft’s implementation of PPTP was found to have a number of serious defects. Microsoft’s implementation of PPTP was introduced in 1996, and hacker software exploiting weaknesses began circulating the following year. Papers describing the weaknesses appeared in 1998 – it was only after publication that Microsoft addressed the most serious weaknesses in PPTP by releasing a patch (DUN 1.3), and even then some issues remained unresolved.

In addition to errors in protocol implementations, security vulnerabilities can be introduced if the design or configuration of the overall VPN solution is done incorrectly.

In the next section you are invited to find out more about VPN and share your findings.


Take your learning further

Making the decision to study can be a big step, which is why you'll want a trusted University. The Open University has 50 years’ experience delivering flexible learning and 170,000 students are studying with us right now. Take a look at all Open University courses.

If you are new to University-level study, we offer two introductory routes to our qualifications. You could either choose to start with an Access module, or a module which allows you to count your previous learning towards an Open University qualification. Read our guide on Where to take your learning next for more information.

Not ready for formal University study? Then browse over 1000 free courses on OpenLearn and sign up to our newsletter to hear about new free courses as they are released.

Every year, thousands of students decide to study with The Open University. With over 120 qualifications, we’ve got the right course for you.

Request an Open University prospectus371