Caveats for VPN users in public Wi-Fi hotspot networks
Network World - Using non-secured public Wi-Fi hotspots can leave you vulnerable to identity theft, data theft, snooping, impersonation and malware infection. That's why so many people rely on public virtual private network services, but VPNs are no panacea. Here are five potential gotchas.
1. Vulnerability to Wi-Fi based attacks: Since VPN services can be enabled only after a user is connected to public Wi-Fi and allowed to access the Internet, there is a sufficient window for the hackers to attack public Wi-Fi users. Also, VPN services do not provide protection against Layer 2 attacks, such as ARP poisoning, which can cause denial of service (DoS) for the attacked user, potentially preventing them from connecting to his/her VPN. The prevention can further be exploited by a motivated attacker to force users to disable the use of VPN altogether, leaving users vulnerable to other breaches.
2. Vulnerability to VPN-based attacks: VPN services, although intended to secure all communications, are found to have protocol and implementation level vulnerability. For instance, certain SSL-based VPN services A are prone to man-in-the-middle attacks, which can be easily set up by a hacker on a public Wi-Fi network using readily available software and equipment. Also, with the MS-CHAPv2 exploit, demonstrated at the recent DefCon 20 conference, the insecurity of VPN services based on PPTP using MS-CHAPv2 was exposed to the extent that freely available tools and cracking sites are available to crack such services. Since, most VPN service providers use PPTP, the security of hotspot users relying on their services is questionable.
3. Additional cost: Although certain free VPN services are available for public Wi-Fi users, these may not offer expected Internet reliability/quality and often impose time and/or bandwidth limitations. Hence, for quality and reliability, users need to subscribe to paid VPN services, with the costs varying by vendor and the quality and support available. The cost and periodic renewals can be a potential burden for users.
4. Hindrance to online experience: With VPN services all online traffic originating or targeted at a user's mobile device is sent thru the VPN tunnel to a central VPN server, the other endpoint of the tunnel. Therefore, the VPN server acts as a proxy for serving all Internet applications, including browsing, online media, email and chats, etc. But the overhead can cause significant latency and jitter, hampering the online experience. This can be annoying at times, forcing users to access public Wi-Fi without the VPN thereby risking security breaches.
6. Configuration and operational issues: Some VPN technologies available today require special settings/capabilities (like opening of certain ports, firewall tweaks, VPN pass-through, etc.) to work properly for hotspot users. However, such special settings/capabilities can differ from hotspot to hotspot, rendering the VPN service useless at certain spots. Also, when users are at home or in the office, they do not require full-fledged public VPN services, meaning they need to manually start or stop the service according to their location. That means they may forget to turn the VPN back on when accessing a public Wi-Fi service, making them susceptible to a host of attacks. Further, since the support of some VPN technologies is limited to certain operating system only, users opting for a public VPN service need to ensure that the service is suitable to all mobile devices they would use in public Wi-Fi hotspots.
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- What Datapipe customers need to know about the new PCI DSS 3.0 compliance standard This handy quick reference outlines what PCI DSS 3.0 is, who needs to be compliant and how Alert Logic solutions address the new...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- The Critical Role of Support in Your Enterprise Mobility Management Strategy Most business leaders underestimate the importance of tech support when they choose an EMM solution. Here's what to put on your checklist.
- Separating Work and Personal at the Platform Level: How BlackBerry Balance Works BlackBerry® Balance™ separates work from personal on the same mobile device, right at a platform level. Find out how it can work for...
- Live Webcast Best Practices for the Hyperconverged Enterprise Network To the Age of Constant Connectivity and Information overload
- Getting Ready for BlackBerry Enterprise Service 10.2 Find out how BlackBerry® Enterprise Service 10 helps organizations address the full spectrum of EMM challenges, while balancing the needs of both the...
- Containerization Options: How to Choose the Best DLP Solution for Your Organization This webcast outlines a framework for making the right choice when it comes to containerization approaches, along with the pros and cons of... All Networking White Papers | Webcasts