research on network security of vpn technology

• DOI: 10.1109/ICISE51755.2020.00121
• Corpus ID: 233989979

Research on network security of VPN technology

• Zhiwei Xu , Jie Ni
• Published in International Conference on… 1 December 2020
• Computer Science, Engineering
• 2020 International Conference on Information Science and Education (ICISE-IE)

8 Citations

Virtual private network: a study of its various aspects, safesearch: obfuscated vpn server using raspberry pi for secure network, virtual private network—firewall integration for wireless local area network improvement against jammers, lpmlp-based framework for secure ipsec vpn cloud gateway with advanced network monitoring and issue resolution, the secure computing architecture for dual hard disk and dual system switching, student's awareness of privacy and security during online classes, lpmlp-based framework for ipsec vpn cloud gateway with advanced network monitoring and issue resolution, essent: an arithmetic optimization algorithm with enhanced scatter search strategy for automated test case generation, related papers.

Showing 1 through 3 of 0 Related Papers

• Advanced Search

Research on High Performance IPSec VPN Technology Based on National Cryptographic Algorithms

New citation alert added.

This alert has been successfully added and will be sent to:

You will be notified whenever a record that you have chosen has been cited.

To manage your alert preferences, click on the button below.

New Citation Alert!

Please log in to your account

Information & Contributors

Bibliometrics & citations, index terms.

Security and privacy

Cryptography

Public key (asymmetric) techniques

Systems security

Recommendations

Ipsec vpn design, ipsec/vpn security policy correctness and assurance.

With IPsec/VPN policies being widely deployed, how to correctly specify and configure them is critical in enforcing security requirements, especially among different administrative domains across the Internet. Under current practice, IPsec/VPN policies ...

Making the Gigabit IPsec VPN Architecture Secure

Avirtual private network uses IPsec to achieve its security. IPsec provides VPNs with confidentiality, data integrity, and end point authentication. Additionally, the VPN provides fordata compression, which increases Internet performance between sites. ...

Information

Published in.

Association for Computing Machinery

New York, NY, United States

Publication History

Permissions, check for updates.

• Research-article
• Refereed limited

Contributors

Other metrics, bibliometrics, article metrics.

• 0 Total Citations
• 17 Total Downloads
• Downloads (Last 12 months) 17
• Downloads (Last 6 weeks) 4

View Options

Login options.

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

View options.

View or Download as a PDF file.

View online with eReader .

HTML Format

View this article in HTML Format.

Share this Publication link

Copying failed.

Share on social media

Affiliations, export citations.

• Please download or close your previous search result export first before starting a new bulk export. Preview is not available. By clicking download, a status dialog will open to start the export process. The process may take a few minutes but once it finishes a file will be downloadable from your browser. You may continue to browse the DL while the export process is in progress. Download
• Download citation
• Copy citation

We are preparing your search results for download ...

We will inform you here when the file is ready.

Your file of search results citations is now ready.

Your search export query has expired. Please try again.

Research on network security of VPN technology

Z Xu ， J Ni

展开 

with the wide adoption of Internet, it has become a tool that we can use to work and learn at any time anywhere as we wish. Internet has made it possible to have video conferences, take online courses and shop online. Despite the convenience it provides, Internet is an open platform on which personal data can be easily accessed and stolen. Thus, it is important to protect the network security. Network security technologies involve many aspects, and this study explores how to ensure Internet security from the use of VPN. The main function of VPN (virtual private network) is to set up a private network on the public network and encrypt the communication. The essence of VPN is to build a network tunnel in the public network using relevant encryption technology, which can conduct the data transmission safely and prevent others from sniffing. IPSec VPN, as can be seen from the literal, is a VPN that realizes remote access through the IPSec protocol. It provides a tunnel over a public network for two private networks to transmit data. This tunnel is encrypted to ensure security. The advantage of IPSec.VPN is that it is a net-to-network networking method, which can establish multilevel networking. Fixed networking mode, suitable for inter-institutional networking; Users can have transparent access and do not need to log in.

Protocols Linux Tools Logic gates Throughput Virtual private networks Delays

10.1109/ICISE51755.2020.00121

通过 文献互助 平台发起求助，成功后即可免费获取论文全文。

我们已与文献出版商建立了直接购买合作。

你可以通过身份认证进行实名认证，认证成功后本次下载的费用将由您所在的图书馆支付

您可以直接购买此文献，1~5分钟即可下载全文，部分资源由于网络原因可能需要更长时间，请您耐心等待哦~

百度学术集成海量学术资源，融合人工智能、深度学习、大数据分析等技术，为科研工作者提供全面快捷的学术服务。在这里我们保持学习的态度，不忘初心，砥砺前行。 了解更多>>

©2024 Baidu 百度学术声明 使用百度前必读

What Makes a VPN Secure?

Evaluating the security of corporate vpn solutions, common threats to vpn security, best practices for vpn safety and security, are vpns enough for enterprise security, vpn security faqs, vpn security: are vpns safe and secure.

• 1. What Makes a VPN Secure?
• 2. Evaluating the Security of Corporate VPN Solutions
• 3. Common Threats to VPN Security
• 4. Best Practices for VPN Safety and Security
• 5. Are VPNs Enough for Enterprise Security?
• 6. VPN Security FAQs

VPNs are generally safe for transmitting data over the internet but aren’t 100% secure. A VPN doesn’t constitute a complete cybersecurity strategy.

VPNs protect data in transit, preventing unauthorized access and data breaches. But VPNs can have vulnerabilities and don’t address all security risks. While they’re a critical part of enterprise security, VPNs should be integrated into a layered defense strategy.

A virtual private network (VPN) serves as a secure channel for transmitting data over the internet. A VPN works by establishing an encrypted tunnel between a user's device and a remote server. It then masks the user's IP address, which enhances privacy and protects data from interception.

VPN security depends on encryption and tunneling protocols. Encryption transforms readable data into encoded information that can only be deciphered with a correct key. Advanced Encryption Standard (AES) is widely adopted for its strength and efficiency in protecting data.

VPNs employ various tunneling protocols, such as Layer 2 Tunneling Protocol (L2TP) and Internet Protocol Security (IPsec), which establish and maintain secure network connections. These protocols are fundamental in preventing data leaks and safeguarding information as it traverses shared or public networks.

What Is a VPN ?

Corporate VPNs integrate robust security measures to ensure the confidentiality, integrity, and availability of data. This includes strong encryption, secure tunneling protocols, and advanced authentication methods. Such measures mitigate the risks of data interception and unauthorized access.

VPNs impact an enterprise’s security posture by extending its secure environment beyond physical offices. They create a controlled, encrypted network space that allows secure remote access and compliance with stringent data protection laws. VPNs also enable enterprises to monitor and manage network access, which is key for detecting and responding to security threats in a timely manner.

Understanding both the strengths and limitations of VPNs allows businesses to make informed decisions about network security strategies and choose solutions that balance performance with protection.

The Advantages of Using a VPN in Enterprises

The deployment of VPNs within businesses provides a shield against data breaches. By encrypting data in transit, VPNs prevent unauthorized entities from accessing sensitive information.

Secure remote access is another significant benefit, as VPNs allow employees to connect to the enterprise network from any location without compromising security.

VPNs are instrumental in ensuring businesses meet various compliance requirements by maintaining high data protection standards.

The Cons of Using a VPN in Enterprises

Despite their advantages, VPNs are not without potential drawbacks.

VPN protocols may have vulnerabilities that cyberattackers could exploit. VPN infrastructure management can be complex, requiring dedicated resources and expertise.

Additionally, VPNs can introduce latency and bandwidth challenges, particularly when the number of remote users is large. This can impact the speed and efficiency of network connections, leading to delays in data transmission.

VPNs can face various security threats that can compromise data integrity and confidentiality.

One prevalent threat is man-in-the-middle or meddler-in-the-middle (MitM) attacks, where an unauthorized actor intercepts communications between a user’s device and the VPN server. In such instances, attackers can potentially capture and manipulate data.

Additionally, malware over VPNs poses a significant risk. Even with encrypted connections, if a device is compromised, malware can traverse through the VPN tunnel, leading to possible infiltration of the enterprise network.

Select a Reliable VPN Service

When choosing a VPN, consider a service that provides VPN encrypted communication with a proven track record of reliability and customer support. A good VPN should offer a comprehensive level of security, featuring advanced encryption to protect data effectively.

Use Strong Authentication Methods

To enhance VPN security, implementing strong authentication methods is critical. This means moving beyond basic password protection and employing multifactor authentication (MFA). MFA requires users to present two or more pieces of evidence, or factors, to gain access. This adds a layer of security by ensuring that only authorized VPN users gain access.

These factors can include something you know (like a password), something you have (like a mobile device), or something you are (like a fingerprint). Multifactor authentication is recommended for verifying user identities before they can connect to a VPN.

Ensure Encryption Standards Are Robust

Encryption is the cornerstone of VPN security, obscuring data to prevent unauthorized reading. Enterprises should use the most current and robust encryption standards, like the Advanced Encryption Standard (AES) with 256-bit keys. This level of encryption is considered highly secure, making it a suitable choice for protecting sensitive enterprise data as it traverses the VPN tunnel.

Keep VPN Clients and Systems Updated

Regular updates to VPN clients and associated systems are vital for closing security gaps. Developers often release patches and updates to address vulnerabilities as they are discovered. By keeping VPN software up to date, enterprises can protect themselves against known exploits that cyberattackers might use to gain access to network traffic or bypass security measures.

Implement Secure Tunneling Protocols

Choosing secure tunneling protocols is essential for a safe VPN. Protocols like IPsec and OpenVPN provide strong security features that are necessary for protecting data in transit. It is important to select protocols that support high levels of encryption and can effectively prevent data leaks and exposure.

Conduct Regular Security Audits and Monitoring

Regular security audits and consistent monitoring help detect potential security incidents early. Audits can reveal vulnerabilities, ensure policy adherence, and validate that the VPN configuration meets security requirements. Continuous monitoring allows for the immediate detection of suspicious activities, enabling rapid response to threats.

Virtual private networks (VPNs) are critical in today’s enterprise cybersecurity landscape. They create secure connections over public networks, ensuring that data remains encrypted and inaccessible to unauthorized parties. VPNs are crucial for safeguarding data in transit, particularly for remote workers accessing corporate resources from various locations.

However, the threat landscape is evolving, and reliance on VPNs alone is not sufficient. Cyberthreats have become more sophisticated, and attackers often target multiple layers of an organization's infrastructure. While VPNs protect data on the move, they do not inherently secure endpoints from malware or intercept advanced persistent threats within the network.

Beyond VPNs, additional measures such as secure web gateways (SWG), secure access service edge (SASE), and software-defined wide area networks (SD-WAN) have become integral to a comprehensive security posture.

SWGs, for instance, protect users from online threats by enforcing company policies and filtering unwanted software from user-initiated web traffic.

SD-WAN technology allows organizations to route traffic efficiently across wide area networks, while also providing enhanced security features. It simplifies the management and operation of a WAN by decoupling the networking hardware from its control mechanism. This improves performance and enhances security by allowing for centralized policy management. SD-WAN also integrates services directly into the network fabric.

SASE combines network security functions with WAN capabilities to support the dynamic, secure access needs of organizations. It converges network and security point solutions into a unified, global cloud-native service. SASE is tailored to address the security challenges of the modern enterprise. It provides secure network access from any location and on any device.

In scenarios where employees are accessing the network from various devices and locations, a VPN may serve as the first line of defense in online security. However, additional layers, like those provided by SASE, are required to manage access, protect user identities, control cloud usage, and secure web gateways.

As part of a broader cybersecurity strategy, it’s essential to position VPNs alongside these additional security measures. A comprehensive approach is key to protecting against the varied threats that enterprises face today. The goal is to create a security ecosystem that is adaptable, integrated, and complete. This ensures the privacy of data in transit and the overall security of the network and its resources.

What is a VPN and why do I need it?

How private are vpns, how effective is a vpn, what does vpn security mean, what is the risk of using a vpn.

Related Content

VPN alternatives for secure remote access, sometimes referred to as VPN replacements, are methods other than traditional virtual private networks (VPNs) employed to ensure secure c...

GlobalProtect is more than a VPN. It provides flexible, secure remote access for all users everywhere.

SASE breaks down barriers and streamlines processes, empowering organizations to securely accelerate their digital transformations.

A CIO’S Guide to Planning and Implementation.

Get the latest news, invites to events, and threat alerts

By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement .

Products and Services

• Network Security Platform
• CLOUD DELIVERED SECURITY SERVICES
• Advanced Threat Prevention
• DNS Security
• Data Loss Prevention
• IoT Security
• Next-Generation Firewalls
• Hardware Firewalls
• Strata Cloud Manager
• SECURE ACCESS SERVICE EDGE
• Prisma Access
• Prisma SD-WAN
• Autonomous Digital Experience Management
• Cloud Access Security Broker
• Zero Trust Network Access
• Code to Cloud Platform
• Prisma Cloud
• Cloud-Native Application Protection Platform
• AI-Driven Security Operations Platform
• Cortex XSOAR
• Cortex Xpanse
• Cortex XSIAM
• External Attack Surface Protection
• Security Automation
• Threat Prevention, Detection & Response
• Threat Intel and Incident Response Services
• Proactive Assessments
• Incident Response
• Transform Your Security Strategy
• Discover Threat Intelligence
• Corporate Responsiblity
• Investor Relations

Popular Links

• Communities
• Content Library
• Event Center
• Manage Email Preferences
• Products A-Z
• Product Certifications
• Report a Vulnerability
• Do Not Sell or Share My Personal Information

• Technology & Telecommunications ›

IT Services

VPNs - statistics & facts

Why is a vpn important to security, potentially frustrating disadvantages do not overcome the benefits, key insights.

Detailed statistics

Total revenue global information security market 2011-2023

Global VPN market revenue 2022-2032

Editor’s Picks Current statistics on this topic

Outsourcing & Managed Services

Best VPNs worldwide 2024, by test score

Global network security equipment spending 2016-2024

Global virtual private network market size 2023, by country

Further recommended statistics

• Premium Statistic Total revenue global information security market 2011-2023
• Premium Statistic Total spending on global information security market 2017-2024, by segment
• Premium Statistic Cybersecurity: forecast global market revenue 2024, by segment
• Basic Statistic Global VPN market revenue 2022-2032
• Premium Statistic Global virtual private network market size 2023, by country

Information security products and services market revenue worldwide from 2011 to 2023 (in billion U.S. dollars)

Total spending on global information security market 2017-2024, by segment

Information security spending worldwide from 2017 to 2024, by segment (in million U.S. dollars)

Cybersecurity: forecast global market revenue 2024, by segment

Forecast cybersecurity market revenue worldwide in 2024, by segment (in billion U.S. dollars)

Revenue generated by the virtual private network (VPN) market worldwide from in 2022 versus 2032 (in billion U.S. dollars)

Virtual private network (VPN) market worldwide in 2023, by country (in billion U.S. dollars)

VPN adoption

• Premium Statistic Global network security equipment spending 2016-2024
• Premium Statistic VPN market share worldwide 2023, by technology
• Premium Statistic Companies' network security deployment status worldwide 2024, by technology
• Premium Statistic Software-defined networking market revenue worldwide 2021-2028
• Premium Statistic Market share of top 10 network management technologies worldwide 2023

Network security equipment spending worldwide from 2016 to 2024 (in million U.S. dollars)

VPN market share worldwide 2023, by technology

Leading technologies' share in the virtual private networks (VPN) software market worldwide in 2023

Companies' network security deployment status worldwide 2024, by technology

Which of the following network security technologies are currently in use or planned for acquisition (within 12 months) by your organization?

Software-defined networking market revenue worldwide 2021-2028

Software-defined networking (SDN) market size worldwide from 2021 to 2028 (in billion U.S. dollars)

Market share of top 10 network management technologies worldwide 2023

Top 10 network management technologies worldwide in 2023, by market share

Solutions and services

• Premium Statistic Best VPNs worldwide 2024, by test score
• Premium Statistic Average VPNs monthly price worldwide 2023
• Premium Statistic Global VPN comparison 2024, by average upload and download speeds
• Premium Statistic Global VPN comparison 2024, by download and upload latency
• Premium Statistic Network security software market share worldwide 2024, by vendor
• Premium Statistic Countries where usage of VPNs is limited 2023

Best Virtual Private Network (VPN) worldwide in 2024, by test score

Average VPNs monthly price worldwide 2023

Average monthly price for virtual private networks in 2023 (in U.S. dollars)

Global VPN comparison 2024, by average upload and download speeds

Fastest Virtual Private Networks (VPNs) worldwide in 2024, by average upload and download speeds (in megabytes per second)

Global VPN comparison 2024, by download and upload latency

Fastest Virtual Private Networks (VPNs) worldwide in 2024, by download and upload latency (in milliseconds)

Network security software market share worldwide 2024, by vendor

Leading vendors' share in the network security software market worldwide in 2024

Countries where usage of VPNs is limited 2023

Countries where VPN usage is limited in 2023

Consumption

• Premium Statistic Reasons for VPNs usage worldwide 2023
• Premium Statistic Major VPN challenges worldwide 2023
• Premium Statistic Use of VPN and password manager by organizations in the United States 2024
• Premium Statistic Concerns about VPNs' threats to a secure IT environment worldwide 2023

Reasons for VPNs usage worldwide 2023

Main reasons for Virtual Private Networks (VPN) usage worldwide in 2023

Major VPN challenges worldwide 2023

Most important Virtual Private Network (VPN) challenges worldwide in 2023

Use of VPN and password manager by organizations in the United States 2024

Does your organization use a VPN or a password manager?

Concerns about VPNs' threats to a secure IT environment worldwide 2023

How concerned are you that VPN may jeopardize the ability to keep your IT environment secure?

Special focus: VPN usage in the United States

• Premium Statistic VPN usage in the United States 2023
• Premium Statistic Most popular VPNs in the United States 2024
• Premium Statistic Most important reasons for using a VPN in the United States 2023
• Premium Statistic Main reasons for not using a VPN in the United States 2023
• Premium Statistic Technical issues encountered on free VPNs in the United States 2023

VPN usage in the United States 2023

Virtual Private Network (VPN) usage in the United States in 2023

Most popular VPNs in the United States 2024

Most popular Virtual Private Network (VPN) in the United States in 2024

Most important reasons for using a VPN in the United States 2023

Most important reasons for using a Virtual Private Network (VPN) in the United States from 2021 to 2023

Main reasons for not using a VPN in the United States 2023

Main reasons for not using a Virtual Private Network (VPN) for personal use in the United States in 2023

Technical issues encountered on free VPNs in the United States 2023

Technical issues encountered on free Virtual Private Networks (VPN) in the United States in 2023

Further reports

Get the best reports to understand your industry.

Mon - Fri, 9am - 6pm (EST)

Mon - Fri, 9am - 5pm (SGT)

Mon - Fri, 10:00am - 6:00pm (JST)

Mon - Fri, 9:30am - 5pm (GMT)

Construction of Campus Network Security System Based on VPN Technology

• Conference paper
• First Online: 01 January 2022
• pp 2429–2435
• Cite this conference paper

• Liang Zhao 37  

Part of the book series: Lecture Notes in Electrical Engineering ((LNEE,volume 747))

Included in the following conference series:

• International Conference on Frontier Computing

46 Accesses

According to the current situation of campus network security, this paper analyzes three kinds of more common security systems, including network firewall, network intrusion detection and network isolation technology, expounds their principles and applications, as well as the shortcomings in campus network, and combines VPN technology to find the way to build campus network security. In addition, based on VPN technology, this paper describes the types and key technologies of VPN and studies the construction of campus network security system based on VPN technology.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save.

• Get 10 units per month
• Download Article/Chapter or Ebook
• 1 Unit = 1 Article or 1 Chapter
• Cancel anytime
• Available as PDF
• Read on any device
• Instant download
• Own it forever
• Available as EPUB and PDF
• Compact, lightweight edition
• Dispatched in 3 to 5 business days
• Free shipping worldwide - see info
• Durable hardcover edition

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Network Security Issues in Universities and Exploration of Defense System

Research on the Development Trend and Protective Measures of Campus Network Security in Colleges and Universities

The Research on Building of a New Safe Campus Network

Xu, Yingxin. 2009. Application of VPN technology in campus network security architecture . Nanchang University.

Google Scholar  

Dien, Aimin. 2009. Security research and improvement of mainstream VPN technology . Nanjing University of Technology.

Zheng, Chang. 2005. Design and practice of VPN technology in E-government extranet . Sichuan University.

Li, Panrong, and Wannian Mao. 2010. Multi campus network security based on VPN. Computer Knowledge and Technology , (36).

Wei, Nianzhong. 2007. Research on network security of multi campus based on VPN Technology. Microelectronics and Computer , (10).

Download references

Author information

Authors and affiliations.

Ji Lin Justice Officer Academy, JilinChangchun, 130062, China

You can also search for this author in PubMed   Google Scholar

Corresponding author

Correspondence to Liang Zhao .

Editor information

Editors and affiliations.

Department of Computer Science and Information Engineering, National Taichung University of Science and Technology, Taichung, Taiwan

Jia-Wei Chang

School of Computer Science and Engineering, The University of Aizu, Aizu-Wakamatsu, Japan

Jason C. Hung

Rights and permissions

Reprints and permissions

Copyright information

© 2021 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.

About this paper

Cite this paper.

Zhao, L. (2021). Construction of Campus Network Security System Based on VPN Technology. In: Chang, JW., Yen, N., Hung, J.C. (eds) Frontier Computing. FC 2020. Lecture Notes in Electrical Engineering, vol 747. Springer, Singapore. https://doi.org/10.1007/978-981-16-0115-6_302

Download citation

DOI : https://doi.org/10.1007/978-981-16-0115-6_302

Published : 01 January 2022

Publisher Name : Springer, Singapore

Print ISBN : 978-981-16-0114-9

Online ISBN : 978-981-16-0115-6

eBook Packages : Computer Science Computer Science (R0)

Share this paper

Anyone you share the following link with will be able to read this content:

Sorry, a shareable link is not currently available for this article.

Provided by the Springer Nature SharedIt content-sharing initiative

• Publish with us

Policies and ethics

• Find a journal
• Track your research

Back to News

Vulnerabilities in VPNs Paper presented at the Privacy Enhancing Technologies Symposium 2024

On July 16, former Citizen Lab Open Technology Fund (OTF) Information Controls Fellowship Program fellow Benjamin Mixon-Baca will be presenting “Attacking Connection Tracking Frameworks as used by Virtual Private Networks”, whose co-authors include Citizen Lab researcher Jeffrey Knockel. In this study, the authors explore the connection tracking frameworks used in major operating systems and identify a unique exploit technique known as port shadow, making a user less secure and vulnerable to attackers outside their normal administrative boundaries.

The authors also have recommendations for VPN servers and service providers. They suggest that VPN providers randomize source port selection, prevent clients from using the VPN server’s listening port as a source port, and limit concurrent VPN connections. From a user perspective, they should connect to private VPN servers to which only they have access, or use a non-vulnerable encryption protocol.

More details on the event can be found on the symposium website and the paper is available for download here . The authors of the paper have produced an accompanying FAQ which is available below.

Explainer: Attacking Connection Tracking Frameworks as used by Virtual Private Networks

By Benjamin Mixon-Baca (Arizona State University/Breakpointing Bad), Jeffrey Knockel (The Citizen Lab, University of Toronto), Diwen Xue (University of Michigan), Tarun Ayyagari (Arizona State University) , Deepak Kapur (University of New Mexico), Roya Ensafi (University of Michigan), and Jedidiah R. Crandall (Arizona State University)

Key findings

• VPN software (OpenVPN, WireGuard, OpenConnect) underlying most VPN services can actually make you less secure, allowing an attacker to act as an in-path router between you and the VPN server, deanonymize your connection, redirect your DNS requests, or port scan you.
• In a newly published paper, we have identified a new vulnerability, which we call a port shadow , that can extend the range of attackers to targets in countries outside their normal administrative boundaries and launch machine-in-the-middle attacks.
• This vulnerability affects OpenVPN, WireGuard, and OpenConnect running on Linux or FreeBSD. FreeBSD is less vulnerable, but the most serious attacks are still possible.
• We disclosed this vulnerability to the VPN software developers, Linux, and FreeBSD, but, because of the way the vulnerability works, the mitigation strategy is limited to using specific firewalls rules as opposed to a code fix.
• We recommend that VPN developers/providers ensure that source port selection is randomized, block VPN clients from selecting the listening port of the VPN server as a source port, and limit the number of concurrent VPN connections by a single user. For end users, the most foolproof mitigation is to connect to private VPN servers to which only they have access or to switch to non-vulnerable protocols such as Shadowsocks or Tor instead of OpenVPN or WireGuard.

What is a VPN?

A VPN, or virtual private network, is a software system originally designed to access private resources on another network, such as office file servers and other remote resources from home. Modern VPNs have been repurposed to circumvent censorship and obfuscate a person’s identity online. VPNs accomplish this by using encryption and by using a proxy (an intermediary device) to manage their online activity. Unfortunately, we found that, counter to users’ intentions behind using VPNs, common VPN software has multiple weaknesses that can severely compromise the confidentiality, integrity, and availability of VPN client connections, particularly if the attack is targeted and the attacker is well resourced.

What is your new discovery?

Our investigation uncovered a new attack method called a port shadow, which leverages vulnerabilities in VPN software that can extend the range of an attacker and permit them to act as a network router, even if they are nowhere near the target. This attack represents a new threat model that VPN users and security experts who advocate for the use of VPNs need to consider.

How does a “port shadow” attack work?

If you share a WiFi connection with an attacker at a coffee shop, for example, there are certain attacks they can execute to see the unencrypted parts of your Internet communications (e.g., the domain names of the websites you visit) and interfere with your communications to carry out other advanced attacks against you. Typically, security experts recommend the use of a VPN to protect against attackers with whom you share a WiFi connection. Our research reveals that using a VPN opens you up to similar attacks from other VPN users with whom you share your VPN server. In the same way that the WiFi radio signal is a shared resource that makes users vulnerable to attacks, there is a shared resource on VPN servers called a port (each connection through the VPN server is assigned to a port). By carefully crafting packets from within the attacker’s own connection to the VPN server and from a remote Internet location controlled by the attacker, it is possible to carry out attacks on other VPN users who are using the same VPN server in a manner that is very similar to the attacks that could be carried out on shared WiFi. We call this attack primitive a port shadow because the attacker shadows their own information on a victim’s port as a shared resource, and this attack primitive can lead to snooping of unencrypted data, port scans, or connection hijacking.

What VPNs were analyzed in the study and how were they selected?

VPN services (e.g., NordVPN, ExpressVPN, and Surfshark) offer a range of protocols (e.g., OpenVPN and WireGuard ) to connect to their service. Their VPN servers are typically deployed on Linux. Instead of focusing on particular VPN services (e.g., Nord, ExpressVPN, etc.), we chose to analyze the underlying protocol implementations upon which these services are built and how they interact with the operating system on which they typically run. We did this for two reasons. First, it allowed us to focus on common issues with VPN services without having to analyze each one independently, and services’ popularity can change with time. Second, the attacks can affect other VPN clients’ connections and, without informed consent, we were not comfortable performing tests directly on VPN services (though we did identify candidates passively using VPNAlyzer data). Instead our analysis focuses on the popular open source implementations of OpenVPN and WireGuard on GNU/Linux ( Netfilter ) and FreeBSD ( IPFILTER , PF , IPFW , NATD ).

We selected this set of VPNs and operating systems (OS) for our analysis because they facilitate identity obfuscation at a low level in the OS by using the OS’s connection tracking framework .

What is a connection tracking framework?

The connection tracking framework is the engine that drives the identity obfuscation and facilitates the VPN client application’s ability to forward a user’s transmissions to the VPN server. It also facilitates the VPN server’s ability to transmit users’ requests to the website and trick the website into thinking the VPN server sent the transmission instead of you, and transmit the website’s responses back to you.

The diagram below depicts a typical interaction between two VPN clients and a VPN server. Initially both Clients A and B are not connected to the VPN server. In Step 1, Client A connects to the VPN server. In Step 2, Client B connects to the VPN server. When the VPN server receives a packet from Client A in Step 3, the VPN server decrypts Client A’s packet, and sends the packet to the Web Server. When this happens, the VPN server’s connection tracking framework (the green boxes at the bottom) stores the source and destination IP and port numbers Client A selected for the connection to the Web Server. The connection tracking framework changes the IP of Client A’s packet and then sends it to the Web Server, in Step 4. The connection tracking framework has a lot of control over how the VPN server sends and receives packets. More importantly, it is shared by all VPN clients connected to the VPN server and can be modified by any VPN client. This makes it possible for a malicious client to force the VPN server to reroute packets in various ways.

We did not consider VPN protocols like Shadowsocks or HTTP proxies because they perform identity obfuscation in a different way and do not depend on the connection tracking framework like OpenVPN and WireGuard or other low-level VPNs. Finally, we did not perform a security analysis of specific VPN applications or encryption because we are focused on the lower level details of the connection tracking framework and how it operates in concert with these other components.

What vulnerabilities were identified in the VPN apps you analyzed?

An attacker can abuse the connection tracking framework using the vulnerability, i.e. , the port shadow, in a variety of ways to subvert the privacy and security of VPN clients connected to VPN servers that use OpenVPN, WireGuard, or OpenConnect if they do not take proper precautions. Specifically, an attacker can use the port shadow to cause a victim’s packets to be rerouted to the attacker (including their VPN connection request), escalate from adjacent to in-path between the target and VPN server, inject DNS packets into the target, deanonymize their connections, cause denial-of-service, or port scan the target through the VPN server.

We found that Linux/Netfilter + (OpenVPN and WireGuard), which a large fraction of VPN services use, has the highest susceptibility to these attacks regardless of client platform (PC, Android, and iOS). FreeBSD is less susceptible to some of the attacks, but remains vulnerable to the worst of them.

What are the implications for the vulnerabilities discovered?

A VPN can actually make the user less secure in specific situations. For instance, an attacker can eavesdrop on or even hijack your connection to another server. As an example, if you are part of a targeted group, such as the Tibetan diaspora living abroad and using a VPN service, it might be possible for a hostile actor to take control over your connections, and cause a denial of server, snoop against your connections, or redirect you to an attacker controlled server.

Suppose you are a journalist critical of the Saudi Kingdom living in the United States and are using a VPN server in New York. If the server is vulnerable to the port shadow, then a hostile actor who is able to connect to the same VPN server as you can escalate privileges from adjacent (as another VPN client) to in-path between you and the VPN server. From this in-path position, the attacker can then leverage an additional attack to inject DNS responses into your connection and/or redirect you to an attacker-controlled website.

The attacker can also port scan you, redirect your packets in various ways, or spy on your connections.

What are your recommendations?

We tested different mitigation strategies using a two-pronged approach. First, we built a formal model to test different mitigation strategies and ensure that mitigations did not introduce new or unintended weaknesses. Then we tested the mitigations against real systems in a test environment. Most of the mitigations require action on the part of the VPN server and service provider. There are some mitigations that a client can use and/or that the VPN client application developers can implement to protect their user base.

The easiest option for users is to use a protocol such as ShadowSocks or Tor. The attacks we found do not affect those systems because ShadowSocks servers and Tor routers do not rely on the problematic connection tracking framework of the host operating system.

Recommendations for VPN server operators

The VPN service provider can implement firewall rules on VPN servers that prevent the attack from working. On Linux the following IPtables command will work:

On FreeBSD, configuring the firewall to restrict source ports your VPN clients can use will prevent these attacks.

For OpenVPN, the “ifconfig-pool-persist” configuration option can make the port scan attacks more difficult. For WireGuard, restricting/statically assigning the private IP addresses your clients use will mitigate the port scanning attacks.

Limiting the number of concurrent connections per client will make the eviction reroute attack more expensive for the attacker because they will require a large number of unique accounts to facilitate the attack.

To prevent the port scanning attack, the VPN server can remove stale entries from the connection tracking framework whenever a client disconnects from the VPN server. On Linux, the following command can be used:

Finally, if the VPN server has multiple IP addresses, the server can be configured to use both as follows:

Recommendations for VPN client developers

OpenVPN clients can use network name spaces, such as namespaced-openvpn , to increase their security when using an OpenVPN client on a Linux PC. This is only a partial mitigation and the user remains vulnerable to the most severe consequences. This is because the vulnerability primarily impacts the VPN server rather than the client software used by potential targets.

Recommendations for VPN end users

Since the vulnerabilities we discovered exist on the VPN server, not the VPN client. The easiest option for users is to use a protocol such as ShadowSocks or Tor. Furthermore, we found that some VPN services operating over OpenVPN or WireGuard protocols are not susceptible to CVE-2021-3773, including NordVPN, ExpressVPN, and Surfshark. However, we do not have a comprehensive list of VPN services that are not vulnerable. Finally, since this attack method requires the attacker to have access to the same server as the victim, users can protect themselves by using VPN servers that are only used by others who are trusted.

While the best thing a user can do is pick a VPN service or protocol that is not vulnerable, there are additional safety measures users can employ to safeguard connections. Port scanning, for instance, can be partially mitigated on Linux desktops using network namespaces .

Have you reported the vulnerabilities? What was the response?

We privately disclosed the vulnerability to the developers of OpenVPN and WireGuard, as well as the Linux security mailing list, over 45 days before publicly disclosing the vulnerability, following recommended disclosure guidelines for US-CERT. Both teams responded quickly to our inquiry. Because the vulnerability is not part of the OpenVPN or WireGuard software stacks, their developers have little recourse regarding mitigations. Upon disclosing the vulnerability to the Linux kernel mailing list and disclosing to the NVD, the vulnerability was assigned CVE-2021-3773 with CVSSv2 and CVSSv3 scores of 7.5 and 9.8, respectively.

Have the vulnerabilities been fixed?

The vulnerabilities appear to remain exploitable against the most recent version of Linux. Netfilter did commit and then revert a mitigation because it affected backwards compatibility with other use cases, offering an nftables rule as an alternative. The shared resources that give rise to this side channel vulnerability are shared by design. When one connects to a privacy enhancing VPN server used by other users, one shares a public IP and ports with other users to anonymize one’s communications. Such resource sharing is by design but also makes the attacks possible. If the VPN server were not shared with other VPN users, then the attacks would not be possible.

Privacy Policy

Unless otherwise noted this site and its contents are licensed under a Creative Commons Attribution 2.5 Canada license.

Content has been added to your Folio

ZTNA vs VPN: Secure Remote Work and Access

Explore the drivers behind switching from VPN to Zero Trust Network Access (ZTNA) for any device access from anywhere.

By: Trend Micro March 14, 2023 Read time:  ( words)

Save to Folio

Learn more about zero trust:

• A Secure Access Service Edge (SASE) Guide for Leaders
• What is Secure Web Gateway’s (SWG) Role in Zero Trust?
• Reduce SaaS App Risks with Cloud Security Broker & Zero Trust
• Data Exfiltration Prevention with Zero Trust

Modern businesses require a modern approach to network security and access control solutions that deliver centralized control and unified visibility across hybrid and remote environments.

It used to make sense to route every network connection through a central data center since it hosted all your business applications. But now, most of your apps live in the cloud—or multiple clouds.

VPNs, which were designed for traditional network architectures, can no longer provide the protection needed when working and building in a hybrid- or multi-cloud environments. In addition, they add unnecessary complexity, impact performance, waste resources, and are costly to maintain.

Continuing our deep dive into Secure Access Service Edge ( SASE ), this article looks at why 63% of organizations are making the move from Virtual Private Network (VPN) to Zero Trust Network Access (ZTNA) to reduce cyber risk across the attack surface as a part of a broader zero trust strategy .

What is ZTNA?

Zero Trust Network Access is a user and app-centric technology that secures remote access between specific applications and identities based on granular, defined access control polices both in the cloud and on-premises. With ZTNA, authorized users are granted seamless, secure connectivity without being placed on the network or exposing apps to the internet, which improves network security and the user experience.

What is zero trust?

Zero trust is a security model that assumes all devices and users, including those inside the network perimeter, should be untrusted and therefore must be verified before being granted access to resources.

SASE and zero trust can work together to secure and optimize network connections for users and devices. This is because of zero trust’s is ability to authenticate and authorize access to resources based on the principle of "never trust, always verify." This combination of SASE and zero trust provides a more comprehensive and secure network architecture that can protect against both external and internal threats.

ZTNA and SASE

SASE architecture restricts access of resources, including mobile users , sites, cloud applications, and data centers. One of the key elements is ZTNA, which on its own protects one part of the network “plumbing” that is used within a business. But when used in a SASE architecture, it provides extended security services for a user’s contextual identity (including location and device security posture) to dictate policy controls for data movement.

For example, as modern businesses migrate to SaaS applications and cloud services, they need to control data movement for their remote workers who are accessing cloud applications hosted in private and public networks. This requires granular policy controls enabled by adopting ZTNA and SASE capabilities to get the right data to the right people.

ZTNA vs. VPN

While VPNs served their purpose in a strictly on-premises world, the accelerated migration to the cloud has revealed its limitations and new technologies are being ushered in. Amongst those, ZTNA is largely considered the evolution of VPN remote access due to several factors:

Reducing the attack surface VPNs extend the network fabric across multiple differently located sites, which now includes notoriously insecure home offices. This expands the organization’s attack surface by connecting secure and unsecured networks together , including home networks.

So, while a remote employee may be only accessing legitimate work apps, other users/devices could spread malware through an unsecured machine connected to the VPN. Considering that 82% of data breaches involved a human element, the more devices and users with access to an organization’s entire network, the higher the cyber risk.

On the other hand, ZTNA allows more granular control over who can access what. It operates on the principle of least privilege, thereby only establishing specific application-to-user connections—creating a more defined perimeter for the attack surface.

Furthermore, unlike a VPN, which exposes an application’s backend to the connected user, ZTNA continuously verifies the trust of users and devices, and only grants access to the web-portal frontend. Thus, even if a user is compromised, the cybercriminal won’t have access needed to leapfrog their attack across the attack surface.

Minimizes cyber risk VPNs approach authentication as “one and done”, meaning after a user is granted access to the network, they can remain connected for a long (or indefinite) amount of time so long as your credentials are valid. In theory, someone could steal your laptop and have immediate access to the organization’s network.

ZTNA goes beyond just confirming credentials by:

• Validating access at a point-in-time by checking that patches are installed, the endpoint is domain-connected, etc.
• Authenticating the user’s identity via multi-factor authentication (MFA)
• Checking what they’re authorized to use and other user behavior markers like: what time do they usually work between, what location do they usually work from, etc.
• Utilizes the pillars of zero trust, as seen below:

After the connection is granted, ZTNA continuously assesses the risk by running user identity checks as well as monitoring the health of the device in line with configured security policies. For example, if a device used by an account is suddenly dumping memory files using PowerShell, the risk score will increase, and the connection will be severed. Similarly, if malware if detected and there’s a change in the device’s security posture, access will be terminated instantly.

Improved scalability Since VPNs provide a user with access to everything, businesses needed a certain bandwidth to function without impacting workflows. Legacy VPN technology that connects traffic to an on-premises VPN firewall or concentrator aren’t equipped to scale or deliver the user experience needed in an increasingly agile business world.

With ZTNA, the specific application-to-user connection doesn’t require the bandwidth that VPNs do. It is designed for rapid scale while maintaining high-performance availability and consistent delivery needed for modern security solutions without negatively impacting user experience.

Tips for evaluating ZTNA technology

Swapping out VPN for ZTNA can seem overwhelming, especially considering the sheer number of apps, devices, and users that businesses must contend with. Here are three tips for evaluating ZTNA technology:

VPN replacement is a journey We strongly advise against the rip-and-replace approach. Think of updating your remote access solution as a journey, like that of migrating apps from on-prem to the cloud. Start by migrating low-risk apps to the ZTNA solution to identify any issues and then ramping up (at rate your business can handle) until the VPN can be retired.

Leverage automation Manual configuration can seem like a Herculean task for security teams of any size given each app needs to be inputted. Look for a ZTNA solution that leverages automatic app discovery, which can look at network traffic and identify where the app is hosted and how it can be accessed. It can also surface any pesky shadow IT that may have gone unnoticed while using a VPN.

Check the bottom line Lastly, beware of “hidden” costs that can spiral out of control. Many ZTNA suppliers have adopted the same pricing model as the VPN but worse; not only do you have to pay for each user, but also for each app, and if you’re working in the cloud, you’re charged a transfer fee as well. Look for a vendor with consumption-based billing that only charges for the identity, regardless of if a user is connecting with multiple devices.

Modernizing the SOC with ZTNA

Part of SOC modernization is the ability to provide insights into what’s happening across the IT infrastructure. Since VPNs grant access to everything, the lack of context around risky user, device, and application behavior leads to poor quality, unactionable information.

A ZTNA solution can serve up more granular information because it’s directly connected to the endpoint and the app and continuously inspecting all traffic. This helps security operations teams establish a baseline for risk, further minimizing any potential damage from unauthorized access.

Convergence is key for stronger security. While ZTNA can run independently, it’s stronger when applied to the SASE architecture, working in combination of a zero trust strategy. Integrating ZTNA with secure web gateways (SWG) and cloud access security brokers (CASB) leads to more streamlined, powerful security across the attack surface.

Trend Micro

Research, News, and Perspectives

Related Articles

• The Potential Impact of the OpenSSH Vulnerabilities CVE-2024–6387 and CVE-2024-6409
• An In-Depth Look at Crypto-Crime in 2023 Part 2
• Teaming up with IBM to secure critical SAP workloads

Try our services free for 30 days

• Start your free trial today
• --> --> -->
• Threat Reports
• DevOps Resource Center
• CISO Resource Center
• Find a Partner
• Business Support Portal
• Free Trials

About Trend

• Upcoming Events
• Trust Center

Country Headquarters

Trend Micro - United States (US)

225 East John Carpenter Freeway Suite 1500 Irving, Texas 75062

Phone: +1 (817) 569-8900

Select a country / region

The Americas

• United States

Middle East & Africa

• South Africa
• Middle East and North Africa
• België (Belgium)
• Česká Republika
• Deutschland, Österreich Schweiz
• Norge (Norway)
• Polska (Poland)
• Suomi (Finland)
• Sverige (Sweden)
• Türkiye (Turkey)
• United Kingdom

Special Features

Vendor voice.

RADIUS networking protocol blasted into submission through MD5-based flaw

If someone can do a little mitm'ing and hash cracking, they can log in with no valid password needed.

Cybersecurity experts at universities and Big Tech have disclosed a vulnerability in a common client-server networking protocol that allows snoops to potentially bypass user authentication via man-in-the-middle (MITM) attacks.

If the vulnerability, rated 7.5 out of 10 on the CVSS severity scale and tracked as CVE-2024-3596 , is exploited – and it's not that easy to pull off – attackers could theoretically access to network devices and services without needing to obtain any credentials. It does require, on a practical level, MITM'ing someone's network traffic and performing some rapid hash cracking.

Dubbed Blast RADIUS by researchers at Cloudflare, Microsoft, UC San Diego, CWI Amsterdam, and BastionZero, you can probably guess it affects the RADIUS networking protocol. Essentially, the flaw allows someone to log into a client device that relies on a remote RADIUS server to perform the authentication check – without the correct credentials.

If you're wondering how this affects you, the team notes that:

Our attack requires the adversary to have network access to act as a man-in-the-middle attacker on the connection between the victim device’s RADIUS client and RADIUS server. When there are proxies, the attack can occur between any hop. Our attacker will need to be able to act as a full network man-in-the-middle who can read, intercept, block, and modify inbound and outbound network packets.

They go on to say it's not all plain sailing, though: "Such access to RADIUS traffic may happen through different mechanisms. Although sending RADIUS/UDP over the open internet is discouraged, this is still known to happen in practice. For internal network traffic, the attacker might initially compromise part of an enterprise network.

"Even if RADIUS traffic is confined to a protected part of an internal network, configuration or routing mistakes might unintentionally expose this traffic. An attacker with partial network access may be able to exploit DHCP or other mechanisms to cause victim devices to send traffic outside of a dedicated VPN."

The Remote Authentication Dial-In User Service ( RADIUS ) protocol was drummed up in the 1990s and is still used in networks today. The Blast RADIUS flaw is understood to affect RADIUS deployments that use PAP, CHAP, MS-CHAPv2, and other non-EAP authentication methods. IPSec, TLS, 802.1x, Eduroam, and OpenRoaming are all considered safe.

"The RADIUS protocol is a foundational element of most network access systems worldwide. As of July 9, nearly all of these systems are no longer secure," Alan DeKok, CEO of InkBridge Networks, claimed. 

"The discovery of the Blast RADIUS issue means that network technicians must install firmware upgrades on every device involved in network security, identity, and authentication. We believe that internet service providers, enterprises, and most cloud identity providers are likely to be affected by this issue."

Blast RADIUS hinges on the way RADIUS clients and servers handle authentication requests, and involves performing collision attacks against the MD5 hashing function. MD5 has been demonstrably broken since the 2000s, though the Blast RADIUS team say their abuse of the algorithm to exploit the RADIUS protocol vulnerability "is more complex than simply applying an old MD5 collision attack." They say their approach is better in terms of speed and scale.

As we indicated, a successful Blast RADIUS attack involves someone manipulating a victim's client-server RADIUS traffic to authenticate themselves to one of the target's clients - such as a router - to cause further mischief and mayhem, all without the need for a valid password . Given the hurdles involved, this sort of attack is largely of use to someone who already has a presence in a network and wants to drill in deeper.

How Blast RADIUS works

This will be a simplified explanation, and for those who want the full story, a technical paper [PDF] is available from the vulnerability's branded website .

Blast RADIUS exploitation begins with an attacker trying to authenticate themselves to a client using whatever username and password combo they want – it doesn't matter, it doesn't need to work.

The client then contacts its RADIUS server over the network to perform the actual authentication using an Access-Request message. If the server determines the presented credentials are correct, it sends back an Access-Accept packet to the client, signaling the user should be allowed to login. Of course, in this instance, the server won't do so because the creds are wrong – it will instead return an Access-Denied packet.

To somewhat protect the communications between the client and server from impersonation, they have a shared secret. When the client sends its Access-Request to the server, the client includes a 16-byte random value called the Request Authenticator, and when the server responds, the server includes a Response Authenticator value that is computed using the client's random Request Authenticator, the shared secret, and other data in the reply.

Thus when the client receives the server's response, the client can use its Request Authenticator value and the shared secret and data in the reply to check that the server computed and sent the correct Response Authenticator with its response. If someone tries to impersonate the server and doesn't know the secret, they can't send the right response, and the client can ignore it. This should ideally undermine MITM attacks.

From the technical paper ... Illustrated guide to exploitation. Click to enlarge

Let's rewind to the client trying to authenticate someone who doesn't know the correct credentials. Here's where the Blast RADIUS MITM happens.

The snoop can intercept the client's Access-Request and its random Request Authenticator value and manipulate its data so that when this altered message is sent by the attacker to the server, the server replies with an Access-Denied message that the attacker can again intercept and tamper with to convert the server response into a valid forged Access-Accept message for the client.

This is done using an MD5 chosen-prefix hash collision attack based on earlier work by Marc Stevens et al , and exploiting the fact that carefully crafted garbage data added to a proxy configuration attribute in the Access-Request message to the server by the attacker is included in the server's Access-Denied reply. With a little cryptographic dance, it's possible to create a forged Access-Accept response that is valid for the client's Request Authenticator value but without knowing the shared secret.

This double interception and manipulation is needed because the attacker doesn't know the secret but can control the contents of the message payloads and thus, through the collision attack, the hashes so that what the attacker sends the client matches the client's expectations.

As far as the client is concerned, it receives a valid Access-Accept response from its server, and grants access to the attacker.

• 2002: New RADIUS vulns exposed
• 2014: Crypto collision used to hijack Windows Update goes mainstream
• 2016: The sloth is coming! Quick, get MD5 out of our internet protocols
• 2023: Months after NSA disclosed Microsoft cert bug, datacenters remain unpatched

According to Cloudflare's write-up , typically the attack has to be carried out in under five minutes to work on most RADIUS kit in the field, accounting for the standard client timeout tolerance. Most devices tolerate timeouts of between 30 and 60 seconds, and theoretically, well-resourced attackers could make use of cloud computing platforms to speed up exploitation.

Mitigation strategies

We're told by the team behind the research that the makers of RADIUS authentication stacks have developed updates to thwart exploitation of this protocol-level weakness – which was apparently uncovered in February though folks have known for a while the security pitfalls of Access-Request exchanges.

Judging by the boffins' note as follows, you should look out for and install updates for your deployments:

Our recommended short-term mitigation for implementers and vendors is to mandate that clients and servers always send and require Message-Authenticator attributes for all requests and responses. For Access-Accept or Access-Reject responses, the Message-Authenticator should be included as the first attribute. Patches implementing this mitigation have been implemented by all RADIUS implementations that we are aware of. This guidance is being put into an upcoming RADIUS RFC.

The best mitigation for client-server RADIUS deployments, we're told, is to implement RADIUS over TLS (RadSec) to protect RADIUS packets in a strongly encrypted stream from miscreants. See the vuln's website for more details and mitigations. ®

• Cybersecurity
• Vulnerability

Narrower topics

• Cellular network
• Dynamic Host Configuration Protocol
• Network interface card
• Network switch
• Radio Access Network
• RSA Conference
• Software-defined network
• Streaming video
• Submarine cable
• Systems Approach
• World Wide Web
• Zero Day Initiative

Broader topics

Send us news

Other stories you might like

No rest for the wiry as cisco nexus switches flip out over latest zero-day, latest ghostscript vulnerability haunts experts as the next big breach enabler, traeger security bugs bad news for grillers with neighborly beef, why sustainability matters more than ever to telcos.

CISA broke into a US federal agency, and no one noticed for a full 5 months

Nasty regresshion bug in openssh puts roughly 700k linux boxes at risk, juniper networks flings out emergency patches for perfect 10 router vuln, europol says mobile roaming tech is making its job too hard, fcc: us telcos a long way off, several billions short of removing chinese kit, china pushes for network upgrade blitz as ipv6 adoption slows, alibaba cloud reveals its datacenter design, homebrew network used for llm training, i spy another mspy breach: millions more stalkerware buyers exposed.

• Advertise with us

Our Websites

• The Next Platform
• Blocks and Files

Your Privacy

• Cookies Policy
• Privacy Policy
• Ts & Cs

Copyright. All rights reserved © 1998–2024

IEEE Account

• Change Username/Password
• Update Address

Purchase Details

• Payment Options
• Order History
• View Purchased Documents

Profile Information

• Communications Preferences
• Profession and Education
• Technical Interests
• US & Canada: +1 800 678 4333
• Worldwide: +1 732 981 0060
• Contact & Support
• About IEEE Xplore
• Accessibility
• Terms of Use
• Nondiscrimination Policy
• Privacy & Opting Out of Cookies

A not-for-profit organization, IEEE is the world's largest technical professional organization dedicated to advancing technology for the benefit of humanity. © Copyright 2024 IEEE - All rights reserved. Use of this web site signifies your agreement to the terms and conditions.