Nine out of 10 VPNs 'not secure'

A three-year research project by security firm NTA Monitor has concluded that nine out of 10 virtual private networks have exploitable vulnerabilities.

Most of the companies that had their VPNs tested as part of the project thought that they were invulnerable to hackers, but researchers found the same types of flaw repeated across the whole product range.

The report stated that, in some cases, VPNs were actually the weakest security link in an organisation.

"VPNs are not the invulnerable systems that they are often believed to be," said Roy Hills, technical director at NTA Monitor and author of the report.

"They can actually be the weak link in a secure system. Some of these problems are new discoveries, while others are known limitations of the protocols which are exposed due to poor configuration."

The most widespread flaw involved the hacking of user names. Many VPNs give away useful information to someone guessing user names and, although NTA Monitor has warned these companies of this weakness, many have yet to fix the problem.

Other vulnerabilities centre around password cracking. The survey found that a text-based password could be broken in 16 minutes using a brute force attack, while a password containing a mixture of words and letters took two days.

VPNs are also a very tempting target for hackers. As they are considered to be secure, the most valuable data is often found by cracking such security measures.