1(630)802-8605 Ravi.das@bn-inc.net

There is no doubt that there are a lot of security based tools and technologies that are out  there which can be used  to fortify the defense perimeters  of a business or a corporation.  They all range from hardware based solutions to software based solutions.

In fact, there are so many of them out there, it can be quite confusing for a small business owner to decide which ones to procure.  But not to worry, this is where the role of the Cyber security consultant comes into play (and make a nice living doing it as well).

But, there is one security tool that every business  should  be implementing, and that is called the “Virtual Private Network”, or “VPN” for short.  Here is the technical definition of it:

“A virtual private network, or VPN, is an encrypted connection over the Internet from a device to a network. The encrypted connection helps ensure that sensitive data is safely transmitted. It prevents unauthorized people from eavesdropping on the traffic and allows the user to conduct work remotely.”

(SOURCE:  https://www.cisco.com/c/en/us/products/security/vpn-endpoint-security-clients/what-is-vpn.html).

Imagine this example:  Suppose you are an employee, working for Company ABC, and are working remotely today.  You’ve got your laptop in front of you, and are about to start the normal login procedures.

More than likely, you will establish a secure connection with an RAS token (this is one of those gadgets where the numbers  keep changing every couple of minutes), and once this connection has been established, you can then enter your username and password to access all of  the shared resources that you need to  conduct your daily job tasks on the server located at Company ABC.

To you, this may seem like there is just network connection that is actually taking place.  But in reality, there are two of them.  First, you make use of a public network connection (such as one provided by Comcast) in order to establish the connection using your RAS token.

Once this has been established, a second line of network communications is then open in which you can transmit your username and password in a safe and secure manner.

But, the key here is that it is the second connection that is invisible to the outside world.  It is across this channel that all login information, all shared resources, and corporate files are sent from the server at Company ABC to your laptop and vice versa.

In other words, you use the public Internet to make that first connection, and then a second one is established so that nobody else can see it, not even a Cyber attacker.

This is the basic premise of a Virtual Private Network, in that the second connection is literally layered  just below the first  one.  Obviously,  the exact technical details of this is much more complex, and I will further explore this in a weekend blog.

This whole concept is thus called “Tunneling”.  While it has proven as one of the most effective means in order to thwart off the Cyber attacker, this too now is becoming vulnerable.

This is best exemplified by work conducted by a Cyber security firm known as “Vectra”. They  discovered 23 hidden hidden (exfiltration) tunnels disguised as encrypted web traffic for every 10,000 devices in the financial services sector.  This is in stark comparison to the 11 tunnels per 10,000 in other industries segments.

Also, Vectra discovered an increase in the number of hidden (exfiltration) tunnels posing as unencrypted web traffic 7 per 10,000 devices to 16 per 10,000 devices.  Even surprising yet, was this finding:

“Attackers mimic and blend in with behaviors related to users, applications and business models identified and profiled by different industries . . . It’s not the behavior that surprises me . . . but it’s the frequency of that behavior.”  (SOURCE:  https://www.scmagazine.com/cyberattackers-use-hidden-tunnels-to-pilfer-data-from-financial-services-firm/article/774734/).

From what best I can tell, it is not the actual VPN technology that is being broken into – rather it is the kind of traffic that is being sent across  it, as it was described in the above quote.  Meaning, it is not the actual VPN connection that is being hacked into.

Rather, the Cyber attacker is finding a particular vulnerability at one of the endpoints of the VPN (such as the employee’s laptop, or where the VPN connections at the level of the corporate server at Company ABC).

It is from there, that they can then penetrate into the VPN line, literally imitate the Internet actions of a legitimate employee, and from  there, attempt to access any sensitive information and data.  This is a perfect example of Social Engineering at the technical level – not at the  human level which we hear so often about.

My thoughts on this?  This is the first time I have heard anything about this.  Many organizations spend lots of time and money just fortifying lines of defense and the network communications paths.  It is the endpoint, or the terminal point of these various connections that are so very  often overlooked, and thus are a huge vulnerability.  The Cyber attacker is fully aware of this, and thus, is now taking full advantage of it.

In fact, this is a new area that is now opening up in the field of Cyber security:  Endpoint Security.  It is still growing, but will be hot in demand in very soon.  So, what is a business entity to do?  The best advice I can give is to be alert for any sorts of anomalies in your network traffic, and make sure that all of the data packets that are traversing across your network medium are legitimate ones.

Cyber attackers will always leave 1% crumb behind of their trails – there is no such thing as one in which absolutely no clues are left behind.  Perhaps the best technologies to use here are Artificial Intelligence, Machine Learning, and even Neural Network based tools.

But these too can be complex and cost prohibitive, so hopefully one day they will be become hosted offerings in the Cloud, which will make then that much more affordable to the small  business owner.