Virtual Private Network allows you to connect one or more computers to a private network most of the time via the internet. Even though this approach is not new, in recent years this has become more relevant mainly due to the new trends in the way companies work & more people want a greater level of online privacy.

Why one should care about VPN?

VPN allows you to connect to a private network securely and remotely. You can even link to different networks and servers in a secure way. It allows you to surf safely in a public wifi network, also helps prevent Man-In-The-Middle attack.

VPN - explained

VPN tunneling ensures secure communication between systems. As the connection is encrypted, no one along the VPN tunnel can intercept, monitor, or alter your communications.

Where are the vulnerabilities?

It is said that no software is immune to vulnerabilities. Ordinarily when you connect to any website from your computer then that website can see your IP address but when you are using a VPN your data is not directly sent to the website you are visiting instead your IP address is first sent to one of the VPN servers. So the website you are visiting does not see your IP address they see the IP address of the VPN server. It means no one sees your IP address not your internet service provider, the government, or hackers so you become untraceable. No one can trace back to you. In short, the whole idea of achieving the web security of you and your organization using a VPN is keeping your IP address hidden.

But it is bothersome when you hear some news like Several privacy-busting bugs found in popular VPN services Or Authentication Bypass Bug Hits Top Enterprise VPNs.
Though this was not good news such vulnerabilities occur every time in the cyber world. What’s important is how we identify and tackle such things.

Some VPN providers embrace your data

While it is also important that VPN provider should maintain full transparency because it is found that some VPN providers also hold onto your data. Most of the VPN providers claim that they do not maintain a log of your online session neither they maintain the logs for your IP addresses or servers used, websites visited or files downloaded but “no log” claim differ from one VPN provider to another.

There’s malware detected in certain VPN mobile apps

One study also found that some VPN mobile apps do have malware in it. This study was conducted by the Commonwealth Scientific and Industrial Research Organisation and they found that 38% of VPN android apps were infected by some type of malware.
Also, some mobile apps requested access to sensitive personal data such as account details and messaging.

Cloud VPN is more vulnerable

Today cloud technologies have given a huge amount of collaboration and convenience to the organizations but it has also brought security challenges for them. While using Cloud VPN solutions companies exposes themselves and due to this, any hacker can gain access to their private data.

Credentials phishing

Credentials phishing is one rapidly growing attack in the cyber world, where a hacker steals credentials such as userID and password. Hacker displays himself as an authority and by the means of email or any communication channel he gets to know your credentials. If a hacker gets the credentials he can use it to get the sensitive info out.

How Multi-factor authentication helps secure your VPN?

Multi-factor authentication validates user identity with passwords and an additional layer of authentication (e.g. OTP over SMS/Email). That is why it is called multi-factor authentication. This provides greater identity assurance of a user who is accessing any resource via VPN. So with multi-factor enabled on your system, it prevents the hacker from accessing the resources even they know your username and password. As you have an additional layer of authentication hacker has to pass that layer which is not possible. However, we need to understand that not all MFA are the same and provide greater assurance of security. Many MFA solutions are slow or complicated and therefore inefficient.

miniOrange can be of great value here by providing 2-factor Authentication on top of VPN Authentication. This secures the access to protected resources instead of relying on only the VPN username/password.

miniOrange uses the Remote Authentication Dial-In User Service (RADIUS) protocol. Communication between the client and RADIUS server are authenticated and a shared secret is used, which is never sent over the network.

MFA for VPN - RADIUS Flow

Here the RADIUS client is nothing but the VPN. If you take a look at the steps then you can get an idea of how Two-Factor authentication is used with VPN.

  1. The user enters the login credentials to the VPN.
  2. RADIUS Clients sends the login details to miniOrange RADIUS server.
  3. User details are checked with Active Directory.
  4. When the AD finds the user it sends the response to miniOrange RADIUS server. First-factor authentication is completed here.
  5. A challenge response is sent to RADIUS clients for second Factor Authentication.
  6. RADIUS client prompts the user with 2FA challenge. (e.g.OTP over SMS/Email).
  7. When the user validates himself with 2FA. The authentication response is sent to miniOrange RADIUS server.
  8. After checking the response RADIUS server grants access to the user.

This way miniOrange ensures that no unauthorized person gets access to the VPN. miniOrange acts as a RADIUS server that takes username/password from the user and validates it with Active Directory (AD). After checking with the AD it prompts the user for Two-Factor authentication. If the user successfully completes the 2FA then the server grants the access.

Conclusion

These days organizations have become fully aware of the use of Multi-Factor Authentication for an extra layer of security along with VPN. Unauthorized access to your VPN is likely to cause more harm to the business. Multi-factor authentication plays a key role in securing your network, data & resources.

miniOrange has succeeded in dealing with Identity and access management problems and we ensure you have a safe and secure access to your resources. Our 2-FA authentication adds a 2nd layer of authentication when you are gaining access to protected resources through a VPN.

Further Reading

  1. Hi, Thanks for your recommendation. I have a question regarding VPN. Is it possible to choose one location that will not be changed again and again? or It will give one IP that will not be changed again and again?

    • Yes, it is possible.
      You basically require a VPN vendor that has the capability to provide you with a Dedicated IP address.

      We can provide more information if we know the VPN you are using?

        • Hello Sarah, many browser-based VPNs do provide static IP functionality. Browsec VPN does not list static IP as functionality in their free as well as premium features. You could try contacting the Browsec VPN team for further clarification.
          If you do have any other concerns related to VPN, you could drop us a query at info@xecurify.com. We have dedicated engineers who are equipped with the proper resources to answer all your questions.

Leave a Reply

Your email address will not be published. Required fields are marked *