Story image

VPN and BYOD: what are the risks?

09 Feb 2016

As employees become more technologically savvy, organisations need to think about what risks there are as those employees access corporate networks.

According to NETSCOUT’s Fluke Networks, the technology behind VPNs has become less expensive, and tech savvy employees are able to set up their own consumer-grade VPN. This creates security issues.

Virtual private networks (VPNs) began as a way for large companies to communicate with remote offices securely.

“The problem is, most workers and enterprises don’t realise that the private, inexpensive VPN alternatives offered to most consumers are not adequate for business use,” says Amit Rao, APAC director, NETSCOUT’s Fluke Networks Enterprise Solutions.

“If you have remote workers accessing your secure systems via a personal VPN and unsecure Wi-Fi, you have security issues you didn't even realise.”

The reason many private VPNs are not secure is because of a vulnerability known as IPv6 (Internet Protocol version 6) leakage, Rao says.

This leakage can expose a user's information as they use the internet, including the websites they visit and the actual content of their private communications.

The vulnerability is evident in computers as well as mobile devices.

It occurs when network operators deploy IPv6 while VPN providers are only providing protection for IPv4 traffic.

“The vulnerability doesn't necessarily leak information unless there is an active attack,” says Rao.

“Plus, the information is not leaked as long as the user is accessing Internet content protected by HTTPS as opposed to non-secure pages, which only use HTTP.”

Organisations can make sure this VPN vulnerability is not a threat to systems and networks by providing workers who need to use insecure public Wi-Fi with an enterprise-grade VPN. Business-level VPNs are not subject to this particular vulnerability.

“There are other steps that the IT department can take that will make workers’ internet use and communications even more secure,” says Rao: 

  • Consider switching to Linux operating systems on machines that access the most sensitive data and systems on your network. There are fewer instances of malware targeted at Linux systems, and some of the Linux distributions are designed to offer a high level of security, such as Ubuntu and Mint.
  • Avoid using Tor 'onion routing' for anonymity and privacy online. Tor comes with some serious risks that could outweigh any benefits of keeping data away from prying eyes.

“Privacy and security for remote workers is critical, so it is important that organisations consider all the alternatives to mitigate the risk,” says Rao.

Red Hat expands integration product capabilities
Adds end-to-end API lifecycle support and new capabilities for agile integration across hybrid architectures.
Oracle updates enterprise blockchain platform
Oracle’s enterprise blockchain has been updated to include more capabilities to enhance development, integration, and deployment of customers’ new blockchain applications.
BMC adds IBM Cloud, Watson to Helix solution
BMC Helix with IBM Watson delivers cognitive insights across structured and unstructured federated knowledgebases.
Hyundai works with IBM to create a new blockchain-based platform
The network for commercial financing will supposedly provide participants with a single view of all the transactions happening in the network.
Why businesses should invest in energy automation
In industrial applications digital transformation allows businesses to do more with less.
NZ Cricket ups data analytics game with Qrious
The Black Caps and White Ferns have implemented a data and analytics solution from Qrious to monitor and improve game strategy and player performance.
Gartner: Smartphone biometrics coming to the workplace
Gartner predicts increased adoption of mobile-centric biometric authentication and SaaS-delivered IAM.
IDC: A/NZ second highest APAC IoT spenders per capita
New IDC forecast expects the Internet of Things spending in Asia/Pacific excluding Japan to reach US$381.8 Billion by 2022.