Corporate VPNs Are Flawed, Security Researchers Discover

No one wants their security measures to backfire. Business or corporate VPN is one of the means employed by corporations to protect their data from hacks and thefts. However, it has been revealed recently that corporate VPN might have certain security flaws that could put sensitive data at risk.

In this entry, we will give you a concise summary of what a VPN is, we will go through the flaws that were unearthed by security researchers, and then we will look at the differences between a corporate VPN and a consumer VPN. Finally, we will look at what you can do to mitigate those flaws and make your system safer.

What is a corporate VPN?

To put it simply, a corporate VPN is an application that allows encrypting business device connection. All the devices connected to the same network then can share data through a secured connection. A VPN application protects the corporate network from hackers, fake Wi-Fi services, and even advertisers. Some security researchers suggest that a VPN is a better solution than an antivirus program because it encrypts data within the network. Likewise, it makes data sharing safer, and you can even access your data on a cloud through VPN services.

Of course, if you want to implement a business VPN, you should definitely learn more about the service, its setup, and costs. It is important to choose the service that suits you and your business needs the best. Let’s not forget that you may need help with managing the security and operations of your VPN service. Yet, considering that information is the biggest commodity these days, the costs of managing a VPN service might be just a fraction of what you could lose if your network and your information aren’t protected. Hence, you have to make your choices wisely.

What are the corporate VPN flaws?

Since we’re talking about wise choices, we have to look at the corporate VPN flaws that were reported by several news outlets. Researchers Orange Tsai and Meh Change at Devcore have found fundamental flaws in several popular corporate VPN providers, including Fortinet, Pulse Secure, and Palo Alto Networks. Usually, companies issue usernames and passwords for their employees to access their VPN networks. However, unearthed flaws could easily allow hackers to access networks without authentication credentials. This is especially worrisome because a lot of corporate data could be at risk.

The flaws were found in the SSL VPN or the Secure Sockets Layer VPN. These networks use the SSL protocol (or sometimes the Transport Layer Security protocol) to ensure the remote access function. This security protocol employs the end-to-end encryption, which protects data that is shared between the server and the endpoint device. As a result, it gives users a convenient way to access important data remotely. To provide this access, the SSL VPN servers have to always be online, and this is what the security researchers are worried about.

They believe that the moment an SSL VPN server gets compromised, hackers could infiltrate the target network, and all the connections within the network could be taken over. As a result, the information would be stolen. The researchers claim that the infiltration is possible due to a remote code execution flaw (CVE-2019-1579) that happens to exist in the PAN SSL Gateway.

Software developers often take care of such vulnerabilities with software updates and patches, but researchers say that there are still companies that use outdated VPN app versions, thus turning themselves into perfect hacking targets. This means that you have to keep your VPN products up to date if you want to avoid malicious infiltrations.

Corporate VPN vs. Consumer VPN

If corporate VPN can become a hacker target, does that mean that consumer VPN could be attacked, too? What are the differences between corporate VPN vs. consumer VPN? Let’s take a closer look at the consumer VPN to make this comparison clearer.

Perhaps the biggest difference is that business VPN has multiple users while a personal service is designed for one user. Consumer VPN service gives full control to one user, where they can create their own usernames and passwords. Of course, this is a challenge because then the account security rests on user’s shoulders, but it is always possible to employ a password manager that would help create strong and unique passwords for personal accounts.

The next corporate VPN vs. consumer VPN point is servers. Personal VPN service does not have a solely dedicated server. The account would connect to any regularly available server that is intended for a private network. On the other hand, business VPN services have their own servers. This would mean that corporate users have a better connection and better service quality, but now we know that this may not always be true due to the flaws discovered in popular VPN apps.

Another important difference that we are going to mention here (there are definitely more, but that’s a story for another post) is the aspects of use. As we have mentioned at the beginning of this entry, business VPNs are used for business activities, to keep the corporate data secure and allow easy access, which ensures smooth business communication. Consumer VPN is more often used to access blocked websites or subscribe to services from other countries. For example, if some service is not available in your country, you might use a consumer VPN service to access that service through a virtual network.

To put it simply, whether you employ business VPN or consumer VPN, the security of such networks boils down to proper management and cybersecurity awareness. It is up to the VPN app developers to make their services as safe as possible. But you should also make sure that the software you use is updated to the latest version, and that your authentication tokens are strong and safe. For business VPN services, it would also be a good idea to employ a professional management team. It is definitely worth it if you want to ensure that your information is secured against malicious hacks.

By Foley
August 21, 2019
Tips
English
August 21, 2019
Tips

Popular Posts

As Fears of the Coronavirus Pandemic Spread, So Does...

4 years ago

Microsoft Warns State-Backed Threat Actors Are Using AI in...

4 days ago

Trojan Al11 Malware Detection & Removal - An Essential...

11 months ago

Pinaview is a Fully-Featured Adware App

10 months ago

"Your iCloud is Being Hacked" and "Your iPhone has Been...

7 months ago

What is Lucky Ransomware?

7 months ago

Related Posts

News

What Are the Differences Between Cyber Security and Information Security?

Any user who encounters information technologies every single day will have dealt with information and cyber security in one way or the other. It basically means that every one of us is exposed to these security... Read more

October 8, 2018
How To

How to Spot a Fraudulent Social Security Phone Call

In the past, we've warned you of scammers who are trying to steal your Social Security number (SSN). When that happens your SSN could be suspended. Sometimes, the scammers will need you to confirm your number to... Read more

June 21, 2019
News

Even Security Professionals Continue to Reuse Passwords, Study Finds

We can only imagine that being a security expert is not easy. You spend years trying to tell people that they should really start taking their online safety seriously, and yet, the constant barrage of successful... Read more

July 27, 2018
English
Loading...

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Home

Products

Cyclonis Backup Cyclonis Password Manager Cyclonis World Time

Support

Help Files FAQs Downloads Inquiries & Support

Company

About Us Contact Us Report Abuse

Legal (Post Merger)

EnigmaSoft Limited (fka Cyclonis Limited)

Cyclonis Backup's Terms of Service Cyclonis Password Manager's EULA Cyclonis World Time's Terms of Service Privacy Policy Cookie Policy Special Discount Offer Terms Additional Terms & Conditions SpyHunter EULA RegHunter EULA EnigmaSoft Privacy Policy & Cookie Policy ESG Privacy Policy & Cookie Policy EnigmaSoft Discount Offer Terms ESG Discount Offer Terms

© 2017-2024 Cyclonis Ltd. CYCLONIS is a trademark of EnigmaSoft Limited (Cyclonis was merged into EnigmaSoft Limited effective November 25, 2023.) All rights reserved.

Registered Office EnigmaSoft Limited: 1 Castle Street, 3rd Floor, Dublin 2 D02 XD82, Ireland.
EnigmaSoft Limited, Private Company Limited by shares, Company Registration Number 597114.

Windows is a trademark of Microsoft, registered in the U.S. and other countries.
Mac, iPhone, iPad and App Store are trademarks of Apple Inc., registered in the U.S. and other countries.
iOS is a registered trademark of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
Android and Google Play are trademarks of Google LLC.