Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Cybersecurity of remote work migration: A study on the VPN security landscape post covid-19 outbreak
Blekinge Institute of Technology, Faculty of Computing, Department of Computer Science.
Blekinge Institute of Technology, Faculty of Computing, Department of Computer Science.
2023 (English)Independent thesis Basic level (degree of Bachelor), 12 credits / 18 HE creditsStudent thesis
Abstract [en]

Background. The pandemic outbreak commenced a large migration of employees from all kinds of industries from previously working in an industrial or office environment to working from home. The remote migration allowed many kinds of work to continue as usual even during a pandemic. A common tool to use when working remotely is a Virtual Private Network (VPN) that allows remote workers to connect to a Local Area Network (LAN) at the company office. Which further grants the remote worker secure access to organizations resources and services. This remote work setup has increased the complexity of the company networks and therefore also magnified the attack surface for cyber threat actors.

Objectives. The objective of this thesis involves studying how the VPN security landscape looks like after the pandemic outbreak. Answering questions related to how the attacks on VPNs changed in numbers, which techniques and tactics the adversaries use against VPN security systems and then, for the thesis to “bite itself in the tail”, investigate countermeasures that can further improve the VPN security.

Methods. One research method is used in two different fashions to satisfy the objectives. The research method is a Systematic Literature Review (SLR). The first SLR involves research on secondary data reports, published by cyber companies, cyber experts, or cyber departments of large IT organizations. The second SLR involves qualitative research by reading research papers related to how VPN security can be improved. 

Results. In direct consequence of the remote work migration the number of VPN attacks have increased. The vulnerabilities found in VPN systems have been used extensively where even national cybersecurity organizations have urged companies to patch systems. Advanced Persistent Threat (APT) groups have leveraged the published vulnerabilities by exploiting unpatched systems and established persistent and defense-evasive access to networks that remote workers connect to with VPNs. To counter these threats and to harden the VPN systems and private networks, there are recommendations involving countermeasures such as enforced Multi Factor Authentication (MFA) and adding multiple defense layers in private networks.

Conclusions. This thesis concludes that the covid-19 pandemic outbreak was the root cause to the huge remote work transition which in turn caught 99% of all organizations and home networks off guard when it comes to VPN security for remote workers. This caused huge opportunities for threat actors and state sponsored adversaries which is the main reason for the increased number of cyberattacks post covid-19 outbreak. Cyber adversaries exploited every vulnerability, bug, and misconfiguration they could find by conducting tactics and techniques like phishing, ransomware, exploiting VPN vulnerabilities and performing DDoS-attacks to the best of their abilities. This caused huge damage to organizations, governments, healthcare, and militaries all around the world. In order to increase VPN security for remote workers, small, medium or big organizations, we have developed a new VPN hardening framework.

Place, publisher, year, edition, pages
2023. , p. 44
Keywords [en]
Cybersecurity, Remote work, VPN, Exploit, Hardening
National Category
Computer Sciences
Identifiers
URN: urn:nbn:se:bth-24984OAI: oai:DiVA.org:bth-24984DiVA, id: diva2:1778036
External cooperation
Midcon AB
Subject / course
DV1583 Degree Project for Bachelor of Science in Engineering Computer Science
Educational program
Bachelor of Science in Engineering: Computer Security
Supervisors
Examiners
Available from: 2023-06-30 Created: 2023-06-30 Last updated: 2023-06-30Bibliographically approved

Open Access in DiVA

Cybersecurity of remote work migration: A study on the VPN security landscape post covid-19 outbreak(695 kB)1687 downloads
File information
File name FULLTEXT03.pdfFile size 695 kBChecksum SHA-512
73ab8c1aacecb7f2e51d14781adf44238909a9223c01a2bb29c9d1ed5368f1a7b9881f85a6efd4be22480a45f7fa90119ace103347f297432c1cd11366775bf7
Type fulltextMimetype application/pdf

Search in DiVA

By author/editor
Einler Larsson, LukasQollakaj, Kushtrim
By organisation
Department of Computer Science
Computer Sciences

Search outside of DiVA

GoogleGoogle Scholar
Total: 1688 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

urn-nbn

Altmetric score

urn-nbn
Total: 6251 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf