VPNs are remarkable tools for enhancing security, but they are not a panacea. Like all technology, VPNs are vulnerable to exploits by hackers. Here we divide the attacks into client-side (for example, the remote user ), and server-side (for example, the enterprise network). However, this distinction is merely a simplification for the purpose of this chapter. In reality, the same exploits also apply to other VPN configurations, such as server-to-server.
Remote clients are the Achilles heel of VPN security. Imagine spending millions of dollars to purchase the finest firewalls and IDS systems for your enterprise network. Next, you painstakingly set up VPN access for employees to obtain wireless access. However, suppose a hacker targets and then backdoors an employee's PDA. The hacker has now easily bypassed your fortifications.
Worse, he now has a fully encrypted tunnel into the heart of your corporate network. Because VPNs tunnel, they automatically bypass most of your perimeter defenses. In addition, because VPNs encrypt their tunnels, you might have foiled your own signature-based IDS systems. The hacker has turned your own weapons against you, and now has the keys to the kingdom. Suddenly, all the IT department's effort and money is flushed down the toilet . For this reason, user education is key in maintaining the integrity of your VPN.
VPN servers are vulnerable to the same attacks from which all networked machines suffer. This includes attacks ranging from denial-of-service, session hijacking, and even buffer overflows.
In addition, because of ludicrous export restrictions on cryptography, VPNs might also be vulnerable to cryptographic attacks. For example, if your VPN is deployed worldwide, U.S. law might prohibit you from exporting the strong version of cryptography to your foreign subsidiaries. Theoretically, when you interface VPNs of varying cryptographic strength, you introduce weaknesses. A chain is only as strong as the weakest link. For example, it might not help to use 128-bit encryption if your enterprise allows full access from remote machines that are limited to 40-bit encryption.