Story image

VPN and BYOD: what are the risks?

09 Feb 16

As employees become more technologically savvy, organisations need to think about what risks there are as those employees access corporate networks.

According to NETSCOUT’s Fluke Networks, the technology behind VPNs has become less expensive, and tech savvy employees are able to set up their own consumer-grade VPN. This creates security issues.

Virtual private networks (VPNs) began as a way for large companies to communicate with remote offices securely.

“The problem is, most workers and enterprises don’t realise that the private, inexpensive VPN alternatives offered to most consumers are not adequate for business use,” says Amit Rao, APAC director, NETSCOUT’s Fluke Networks Enterprise Solutions.

“If you have remote workers accessing your secure systems via a personal VPN and unsecure Wi-Fi, you have security issues you didn't even realise.”

The reason many private VPNs are not secure is because of a vulnerability known as IPv6 (Internet Protocol version 6) leakage, Rao says.

This leakage can expose a user's information as they use the internet, including the websites they visit and the actual content of their private communications.

The vulnerability is evident in computers as well as mobile devices.

It occurs when network operators deploy IPv6 while VPN providers are only providing protection for IPv4 traffic.

“The vulnerability doesn't necessarily leak information unless there is an active attack,” says Rao.

“Plus, the information is not leaked as long as the user is accessing Internet content protected by HTTPS as opposed to non-secure pages, which only use HTTP.”

Organisations can make sure this VPN vulnerability is not a threat to systems and networks by providing workers who need to use insecure public Wi-Fi with an enterprise-grade VPN. Business-level VPNs are not subject to this particular vulnerability.

“There are other steps that the IT department can take that will make workers’ internet use and communications even more secure,” says Rao: 

  • Consider switching to Linux operating systems on machines that access the most sensitive data and systems on your network. There are fewer instances of malware targeted at Linux systems, and some of the Linux distributions are designed to offer a high level of security, such as Ubuntu and Mint.
  • Avoid using Tor 'onion routing' for anonymity and privacy online. Tor comes with some serious risks that could outweigh any benefits of keeping data away from prying eyes.

“Privacy and security for remote workers is critical, so it is important that organisations consider all the alternatives to mitigate the risk,” says Rao.

Telesmart to deliver Cloud Calling for Microsoft Teams
The integration will allow Telesmart’s Cloud Calling for Microsoft Teams to natively enable external voice connectivity from within Teams collaborative workflow environment.
Jade Software & Ambit take chatbots to next level of AI
“Conversation Agents present a huge opportunity to increase customer and employee engagement in a cost-effective manner."
How to keep network infrastructure secure and available
Two OVH executives have weighed in on how network infrastructure and the challenges in that space will be evolving in the coming year.
White box losing out to brands in 100 GE switching market
H3C, Cisco and Huawei have all gained share in the growing competition in the data centre switching market.
Gartner names newcomer Exabeam a leader in SIEM
The vendor landscape for SIEM is evolving, with recent entrants bringing technologies optimised for analytics use cases.
52mil users affected by Google+’s second data breach
Google+ APIs will be shut down within the next 90 days, and the consumer platform will be disabled in April 2019 instead of August 2019 as originally planned.
How Fujitsu aims to tackle digitalisation and the data that comes with it
Fujitsu CELSIUS workstations aim to be the ideal platform for accelerating innovation and data-rich design.
Genesys PureCloud generates triple-digit revenue growth year on year
In Australia and New Zealand, the company boosted PureCloud revenue by nearly 100%.