'ecure 'hell/owever" there are still man! securit! related issues occurred in the Virtual Private Network (VPN). 5ach o the securit! issues will be discussed clearl! and relevant examples will be provided to support the discussion.
(#) any #uthentication ethod! are too weak to Provide #de$uate "ecurity for %o!tor&ani'ation!
As explained b!
H. Krawczk, M !e""are and #. $ane%%i (1997),
the irst securit! issues thathappened in the Virtual Private Network (VPN) is the authentication methods that been usedis too weak and easil! broken b! the unauthori#ed person. It is simpl! because there are man!organi#ations use authentication methods that expose their network to a variet! o securit!attacks. The most secure method o authentication is 5xtensible Authentication Protocol+Transport 3evel 'ecurit! (5AP+T3') when used in con6unction with smart cards. /owever"5AP+T3' and smart cards re0uire a public ke! inrastructure (P7I)" which can becomplicated to deplo!. Thereore" it will become a serious threat or the users o VirtualPrivate Network (VPN) in the oice.
() e%ote #cce!! #ccount *o&out can +eny Network acce!! to authori'ed u!er!.
#. Morris and K. Thompson (1979),
the authori#ed users might be blocked romaccess the network" It Is because i a malicious user attempts a dictionar! attack with thelogon name o an authori#ed user" both the malicious user and the authori#ed user are lockedout o the account until the account lockout threshold is reached. Thereore" it will cause ver!inconvenience or the authori#ed users especiall! when the! wish to access the Virtual Private Network (VPN) to get some data or resources. Thereore" it is a securit! related issue thathappens in the Virtual Private network (VPN).
(,) an-in-the-iddle #ttack!
As or the third securit! issues that occurred in the Virtual Private Network (VPN)" it is callman+in+the+middle attacks.
H. Krawczk, M !e""are and #. $ane%%i. (1997)
explained that thesecurit! issue happens when the Virtual Private Network (VPN) server is using I75Aggressive 4ode" and it is possible to determine a valid username and password" then an