This document discusses VPN security concerns and policy enforcement. It provides an overview of VPNs and how they allow secure tunnels for transmitting information over insecure networks. However, VPNs can be attractive targets if compromised as they provide full access to internal networks. The document outlines objectives to expose security vulnerabilities in VPNs and enforce policies to address them. It proposes researching attacks and policies through document reviews and analyzing IDS evasion techniques that hackers use when gaining VPN access.

1. VPN SECURITY CONCERNS AND POLICY ENFORCEMENT
ABSTRACT
VPN (Virtual Private Network) provides a way of protecting information being transmitted over
the internet, by allowing users to establish a virtual private “tunnel” to securely enter an internal
network, accessing resources, data and communication via an insecure network such as the
internet.
VPNs carry sensitive information over an insecure network.The users generally trust the VPN to
keep the information secure, which is understandable because that is what the VPN is designed
to do. Because of this trust, the users will transfer sensitive data without using additional
encryption, and use protocols that transmit authentication credentials in the clear.
This project provides a general overview of VPN and core VPN technologies. We discuss the
potential security risks as well as the security considerations that need to be taken into account
when implementing a virtual private network.
We will do documents review and take core research activities about some of the attacks and
security policies that need to be enforced regarding to VPN implementation.
BACKGROUND
Remote Access VPNs often allow full access to the internal network. Many organizations
configure their remote access VPNs to allow full access to the internal network for VPN users.
This means that if the VPN is compromised, then the attacker gets full access to the internal
network too.
Also upon some research which was taken in the context of this project, we found out that,
VPN traffic is often invisible to IDS(Intrusion Detection System) monitoring.If the IDS probe is
outside the VPN server, as is often the case, then the IDS cannot see the traffic within the VPN
tunnel because it is encrypted. Therefore if a hacker gains access to the VPN, he can attack the
internal systems without being picked up by the IDS
We discuss the potential security risks as well as the security considerations that need to be taken
into account when implementing a virtual private network.
1

2. PROBLEM STATEMENT
VPNs are Attractive Targets
VPNs are Attractive Targets in the sense that once VPN is established, it allows full access to the
internal network. Many companies and organizations configure their VPNs to allow full access
to the internal network for VPN users. Therefore if the VPN is compromised, then the attacker
gets full access to the internal network and its resources.
There are lots of security flaws in the VPN, but here is the case where people build much trust in
the VPN technology without considering these security flaws.
OBJECTIVES
 To expose the security vulnerabilities associated in deploying a virtual private network
 Security considerations to take when implementing VPN’s.
 To enforce security policies on VPN implementation.
JUSTIFICATION
VPN provides secured connection for remote areas and devices, therefore it is vital for every
student of interest to investigate and explore to get the understanding of the concept. By
accomplishing the set up objectives of this project, it will contribute to the needs of the
community in the context of establishing connections to their organizations in remote areas.
Much knowledge on security in this context will be acquired as we dive deep into the security
flaws and the security policy enforcement in VPN implementation and usage.
SCOPE
Virtual private network provide users with good and secured services. In this project, we
emphasize on the security threat vulnerabilities in VPN and proceed by providing security
measures that needs to be taken when implementing VPN in an organization. This project
accentuate the security aspect of VPN, thus it covers only the security flaws and security policy
enforcement in VPNs.
2

3. METHODOLOGY
Relevant information needed to get the project done will be obtained through investigations,
documents review, research analysis and use of diagram representations.
SCHEDULE
The project is intended to achieve the setup objectives which are: exposing the security flaws in
VPNs and the security measures needed to be taken in VPN implementation. The project is
scheduled to start when approved by the Head of Department (Computer Science Department).
REFERENCES
R. Hills, “NTA Monitor UDP Backoff Pattern Fingerprinting White Paper”,
http://www.nta-monitor .com/ike-scan/whitepaper .pdf, January 2003.
R. Hills, “Firewall-1 Vendor ID Fingerprinting”, http://www.nta-
monitor .com/news/checkpoint2004/index.htm,May 2004.
3