Thursday, 16 April 2020

Checking Your VPN for Data Leaks

EC-Council Study Materials, EC-Council Guides, EC-Council Tutorial and Materials

It’s hard to travel far online without running into an article or advertisement for a virtual private network (VPN). As internet security concerns have grown, so has the demand for tools and services to fight back against hackers and their malware attacks.

While coming up with hard numbers is difficult, thanks to the VPN industry’s reluctance to share stats, it appears that about one in four people use this service presently and that number is expected to rise.

One of the big advantages of VPNs is the anonymity provided. Normally, when you connect to the internet from your home or office internet service provider (ISP), your device will be assigned a unique internet protocol (IP) address for managing all incoming and outgoing traffic.

Although IP addresses may seem like random sequences of numbers, they are actually easy to look up and correlate to your geographic location. In contrast, a VPN client operates its own separate network and distributes anonymous IP addresses, which are harder for external entities to track.

But how can you be sure that your VPN service is actually anonymous? Experts have discovered that some tools and providers actually have leaks that may allow your local IP address to be exposed, which sort of defeats the whole concept of privacy.

Read on to learn more about this issue and how to handle it.

Basics of VPN


EC-Council Study Materials, EC-Council Guides, EC-Council Tutorial and Materials

A complete VPN solution requires two parts: the endpoint server and the client application. The VPN provider is responsible for running the endpoint server, which is typically cloud-based and hosted across virtualized infrastructure. The client application is a software tool that individual users can install on all types of devices, including PCs and smartphones.

After installing the client application, a user will initiate the connection to the endpoint server and be prompted for authentication. At that point, the user’s device is assigned a new IP address by the endpoint server and a secure tunnel is formed between the two locations.

Winning the geolocation game: Outgoing requests to the internet will still originate with your ISP, but because your IP address is being managed by the VPN provider, your traffic will be anonymous. In a corporate environment, your VPN’s IP address will usually match the company’s local network.

If someone does try to look up your IP address, it will likely show as being linked to the VPN provider and that company’s hosting location. Some individuals use VPN clients to specifically route their internet traffic through a different country or geographic location for the purpose of downloading or streaming content.

All data passed between the client application and the endpoint server will be encrypted, which means that only the VPN provider is capable of decoding the traffic. Even if you are connected to a public Wi-Fi network, hackers will be unable to infiltrate the router and intercept your data.

WebRTC Leaks


Most modern web browsers, including Google Chrome and Mozilla Firefox, come preinstalled with a feature known as real-time communication (RTC). RTC is the protocol that allows websites to display dynamic content and update a page without the visitor needing to manually reload it.

For example, social networks such as Facebook and Twitter make heavy use of the RTC protocol. That’s how they are able to show you updates on posts and comments without you needing to navigate to a different web address. Your browser maintains a consistent connection with the site.

Unfortunately, a bug was discovered with RTC in 2015 that can affect how your IP address is handled by the web browser. Developers discovered that when using browsers with RTC enabled, the original IP address from your ISP will be visible even if you are authenticated with a VPN client.

DNS Hijacking


EC-Council Study Materials, EC-Council Guides, EC-Council Tutorial and Materials

As a result of WebRTC Leaks, there’s a potential risks for hackers being able to infiltrate your local network and reroute your internet traffic. This type of attack is known as domain name system (DNS) hijacking and has become more and more common since the WebRTC bug was first found.

The DNS database contains information about all the website addresses available on the internet. When you navigate to a .com or .net address in your browser, the application first talks to DNS to determine how to route your traffic. But because DNS is based on IP addresses, it is vulnerable to manipulation behind the scenes.

If a hacker is able to hijack your local DNS settings through a VPN leak, then they may be able to reroute your web requests to a malicious webpage. For example, you might click on a familiar bookmark link but actually land on a hacker-built suspicious web page looking to steal private information.

Tools for Protection


You should be aware that not all VPN providers are susceptible to the issues with WebRTC Leaks. Therefore, it is important to research the best VPNs and find one that can guarantee your IP address will remain anonymous. Note that free VPN tools typically have major security holes and should be avoided.

Chrome extension: If you are concerned that your VPN client may be leaking your true IP address, then you should install a third-party extension like WebRTC Control for Google Chrome. With this tool, you will be able to see what IP address is being shared through RTC compared to the address being used for other web protocols.

When you find a disparity between your IP addresses in the tool, you should use the extension option to automatically disable all RTC-based components in your browser. Once that is complete, you can refresh the page and you should receive confirmation that your VPN address is being used for all requests.

To check for potential DNS hijacking, use a website like DNSLeak.com to pull up a record of the current DNS database that your device is using. In most cases, the DNS database should be linked to your ISP or the VPN provider. If you do not recognize the owner of the DNS database, it could be a sign that your device is compromised and is rerouting your network traffic.

The Bottom Line


While the average internet user might not want to spend time and effort considering the data leak issue, there’s not much point in using a VPN unless it functions as advertised and creates actual online anonymity for you. Reread the issues and solutions we’ve just discussed and then roll up your sleeves and get to work frustrating as many hackers as possible.

Source: eccouncil.org

Related Posts

0 comments:

Post a Comment