VPNs are critical pieces of the security infrastructure, but they can be vulnerable, hackable, and weaponized against you. Here are seven things to be aware of before you ignore your VPN.
September 21, 2019
VPNs are critical pieces of the enterprise cybersecurity infrastructure. When it comes to protecting data in motion, there's really no good substitute. And that's why it can be so devastating to learn that this mandatory tool can carry vulnerabilities.
Before going any further, it's important to note that nothing here is intended to suggest that your organization ditch its VPNs. Networking with VPNs is vastly more secure than networking without them. With that said, there's no part of the enterprise IT infrastructure that qualifies as "set it and forget it," and VPNs are not exceptions to this rule.
The dangers represented in this article fall into two broad categories; first are the vulnerabilities that are "designed in," featuring problems with the logic, installation, or basic features of the VPN's client or server.
Vulnerabilities in the second group are "classic" vulnerabilities — inadvertent errors in the code running on one side or other of the VPN, an issue with how a protocol is implemented, or something similar.
A number of the vulnerabilities listed in this article have been patched in recent versions of the software, illustrating once again the importance of keeping software updated and fully patched. More than that, the vulnerabilities listed here are a reminder that cybersecurity means looking at every piece of the IT infrastructure, whether it's provided by the business or brought in by the employee. That goes for services as much as for products, and for security services as much as personal productivity applications.
(Image: Bits and Splits via Adobe Stock)
Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's top story: "Poll Results: Maybe Not Burned Out, but Definitely 'Well Done'."
Read more about:
2019About the Author(s)
You May Also Like
Securing Code in the Age of AI
April 24, 2024Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024