Story image

VPN and BYOD: what are the risks?

09 Feb 2016

As employees become more technologically savvy, organisations need to think about what risks there are as those employees access corporate networks.

According to NETSCOUT’s Fluke Networks, the technology behind VPNs has become less expensive, and tech savvy employees are able to set up their own consumer-grade VPN. This creates security issues.

Virtual private networks (VPNs) began as a way for large companies to communicate with remote offices securely.

“The problem is, most workers and enterprises don’t realise that the private, inexpensive VPN alternatives offered to most consumers are not adequate for business use,” says Amit Rao, APAC director, NETSCOUT’s Fluke Networks Enterprise Solutions.

“If you have remote workers accessing your secure systems via a personal VPN and unsecure Wi-Fi, you have security issues you didn't even realise.”

The reason many private VPNs are not secure is because of a vulnerability known as IPv6 (Internet Protocol version 6) leakage, Rao says.

This leakage can expose a user's information as they use the internet, including the websites they visit and the actual content of their private communications.

The vulnerability is evident in computers as well as mobile devices.

It occurs when network operators deploy IPv6 while VPN providers are only providing protection for IPv4 traffic.

“The vulnerability doesn't necessarily leak information unless there is an active attack,” says Rao.

“Plus, the information is not leaked as long as the user is accessing Internet content protected by HTTPS as opposed to non-secure pages, which only use HTTP.”

Organisations can make sure this VPN vulnerability is not a threat to systems and networks by providing workers who need to use insecure public Wi-Fi with an enterprise-grade VPN. Business-level VPNs are not subject to this particular vulnerability.

“There are other steps that the IT department can take that will make workers’ internet use and communications even more secure,” says Rao: 

  • Consider switching to Linux operating systems on machines that access the most sensitive data and systems on your network. There are fewer instances of malware targeted at Linux systems, and some of the Linux distributions are designed to offer a high level of security, such as Ubuntu and Mint.
  • Avoid using Tor 'onion routing' for anonymity and privacy online. Tor comes with some serious risks that could outweigh any benefits of keeping data away from prying eyes.

“Privacy and security for remote workers is critical, so it is important that organisations consider all the alternatives to mitigate the risk,” says Rao.

Attacks targeting Cisco Webex extension explode in popularity - WatchGuard
WatchGuard's Internet Security Report for Q4 2018 also finds growing use of a new sextortion phishing malware customised to individual victims.
SAS partners with NVIDIA on deep learning and computer vision
“By partnering with NVIDIA, we combine our strengths to augment human intelligence and realise the true potential of AI.” 
Why businesses must embrace automation to ensure success
“For many younger workers, the traditional view of a steady job at one company, perhaps for life, simply doesn’t reflect reality."
TYAN unveils new inference-optimised GPU platforms with NVIDIA T4 accelerators
“TYAN servers with NVIDIA T4 GPUs are designed to excel at all accelerated workloads, including machine learning, deep learning, and virtual desktops.”
Worldwide spending on security to reach $103.1bil in 2019 - IDC
Managed security services will be the largest technology category in 2019.
Microsoft appoints new commercial and partner business director
Bowden already has almost a decade of Microsoft relationship management experience under her belt, having joined the business in 2010.
How Cognata and NVIDIA enable autonomous vehicle simulation
“Cognata and NVIDIA are creating a robust solution that will efficiently and safely accelerate autonomous vehicles’ market entry."
Kinetica launches a new active analytics platform
"With the platform now powered by NVIDIA DGX-2, customers can build smart analytical applications that combine historical data analytics and ML-powered analytics."