In this paper, the technique of secondary data is utilized for collecting authentic and relevant information and this technique is concerned with literature review. Creating a study and then relating it to the information that exists already in the field is a basic and foundational process of activities which are related to academic research. However, this process has become quite difficult and complex. For instance, within the field of Information and Technology, the process of knowledge expansion is significantly increasing but at the very same time, it also remains fragmented. Besides being fragmented, it is also interdisciplinary.

Figure: VPN architecture of BGP/MPLS

That is why the process of the literature review is recognized as an important method and has been chosen in this study for researching accurate information. This process can be described as a systematic method of finding and synthesizing information which has already been produced.

An effective process and technique of research create a strong base for simplifying the development of concepts and advancing the existing knowledge. And through the incorporation of findings and perspectives from existing studies, questions can be assessed and addressed with a capability that is not possessed by individual research.

In addition to it, it can help in offering a fundamental overview of different fields and areas in which the research is disparate. Other than just being a strong method of research, it is also an authentic process of collecting and synthesizing the key concepts and findings of research for providing evidence and revealing specific areas where more research is needed. This plays an important role in facilitating the development of different theoretic methods and conceptual processes.

However, it can be said that traditional methods of explaining and representing the studies normally lack explanation and clarity. And whenever clarity exists, thoroughness is not present. It results in a lack of information about what studies are explaining and what implications are being provided by them. Due to it, there is a strong likelihood that studies are created by authors on erroneous assumptions. Whenever researchers choose the research on which they are about to develop their research, ignoring studies which have other perspectives, can result in some serious issues.

Literature review, for all kinds and types and studies, has an important part in creating the foundation of researches. It serves as a basis for collecting information, providing evidence about a certain effect, and developing different guidelines for policy and practice. In addition to it, literature reviews help in building research which supports future studies and theories. For ensuring the authenticity and quality of studies reviewed in this paper, predetermined requirements were utilized. For instance, a certain time limit was set which enabled the selection of only recent studies which had up-to-date information [4, 7].

Additionally, only those studies were selected which were associated with VPNs, their utilization, and tools associated with it. Other than these specific studies, other researches were not analyzed and it helped in keeping the research as concise and relevant as possible.

VPN Security

            In general, VPN or Virtual Private Network enables a user to reach and access a private network. In addition to accessing a network, it also allows the sharing of data remotely through several public networks. Similar to how a firewall is responsible for protecting the information present on the computer, it is protected virtually by VPNs. And although a VPN is a WAN or Wide Area Network, the same functionality, appearance, and security are retained by the front end as a private network. 

 Meanwhile, VPN security includes all the collective measures which facilitate the security of data transmission and information within a connection of VPN. It normally includes security tools and methodologies which help in strengthening the confidentiality of communication, the integrity of the message, and user authentication within a VPN. Typically, VPN security is provided through tunnelling or networking protocols and such protocols ensure the integrity and security of data by the encryption of data when it is effectively transmitted over a path or tunnel of VPN. Once a packet of information reaches a specific node, it is converted back to its real and original state through decryption. Similarly, at the user level, the security of VPN functions by authenticating every user before the services of VPN is accessed by them.

 Some of the protocols which offer this security include SSTP or Secure Socket Tunneling Protocol, SSH or Secure Shell, DTLS or Datagram Transport Layer Security, SSL or Secure Sockets Layer, and IPSec or Internet Protocol Security. These protocols are generally implemented within a network to ensure that the security of information is not influenced or violated by any external factors. These protocols have to be managed to maintain the highest possible integrity and security because attacks can damage the protocol and it has to be managed again [1].

1.      Results and analysis of VPNs security

The virtual private network consists of public telecommunication infrastructure including internet, remote offices, and network of the organization. the VPN works by considering the shared public infrastructure by maintaining the secure network of the company. the working process of VPN depends on the shared public infrastructure through maintenance of security procedures and tunnelling protocols. The tunnelling protocols include layer two tunnelling protocol (L2TP) and IPSec (IPSec/LTP) [9, 10].

Table 1: Classification of VPN

In effect the protocol work with the encryption of data through the sending end and decryption of data on the receiving end. The data is sent through the tunnel of process. The additional level of security considers the encryption not only the data [3]. The business expands and grows through things by running effectively. To run things effectively, it is important to find the locations, reliable and secure ways. Also, to use the different methods it is important to measure the remote locations [7].

VPN work as a private network that uses the public network for having a connection with the remote sites and the users. VPN uses routed virtual connection by the internet services in the remote and business private networks. VPN ensures the business security in which anyone can intercept the encrypted data and it is not possible to read it [7, 4].

Figure: Remote Access VPNs

Based on the working process two types of VPN can be deployed including remote access VPNs, Site to Site VPNs, and other components. The remote access VPNs is also known as virtual private dial-up networks. The system consists of LAN-connections under different remote locations [8].

The remote access VPNs usually work under the service provider. The set up of ESP work with the NAS (network access server) and it also uses the remote users with the software. In the NAS system, the toll-free numbers are used, and third-party data encryption is considered for the secure connections between the private network and remote users [9]. 

Another type of VPNs is Site to site VPN that allows that office can use multiple fixed locations and it establishes secure connections for all the users' particularly public networks, for instance, the internet services. The site to site VPN further extends to the network of company and it provides services to the offices around the world.

The site to site VPN is further classified into two types including internet-based VPN and Extranet based VPN. In the case of internet-based VPN, the company has one or more remote locations and they can access the services from any private network. The intranet VPN is further connected to the separate LAN and the single WAN. The extranet based services have a close relationship with the partners, customers, and suppliers of the company. The services can be used to develop a secure and shared network and this system prevent the access of any separate intranets. 

Figure: Site to Site VPN system for Extranet based services

The components that are required to establish the VPN setup include authentication, tunnelling, and the Encryption process. The authentication considers secure VPN tunnel and user-created remote access. The security methods are different such as passwords, two-factor authentication, and the most important method of verification is through the biometrics. The network to network tunnel uses digital certificate and password [10, 5].

The tunnelling process is associated with the virtual private network technology and it involves maintaining and establishing the logical network connections. The connections between the VPN protocol format and packets are encapsulated in the base carrier. In the present work, it can be concluded that the VPN supports two different types of tunnelling including voluntary and compulsory.

2.      Limitations of VPNs

Although, there are some drawbacks associated with VPN which need to be considered by the users while planning to use it for their systems.

1.      First of all, VPN is not legally allowed in many countries, therefore, some chances using a VPN might be considered as an illegal activity in your country. Thus, before using a VPN, you need to make sure that it is not restricted in your area.

2.      The second disadvantage of VPN is its impact on the performance of a laptop and mobile phones [3].

3.      While using the private network on laptop and mobile phone with commonly available free VPN service, sometimes VPN causes security issues and cause to prevent a network from taking access to some particular websites.

4.      Moreover, another issue is it also reduces the speed of loading a website on a system.

5.      Thirdly, VPN services sometimes take control of users’ system and monitor activities and data usage history which is a threat against privacy and information stored in that particular system [11].

3.      Conclusion of Methodology of VPNs security

By summing up the entire discussion it has been concluded that the era of technologies introduces new innovative facilities to provide the conveniences to human life. Three kinds of the most important technologies are using in this era for accommodating several enterprises as well as individual personal life. These kinds are; web application, wireless network and VPN. The said study as particularly conducted to analyses the security aspects of VPNs. VPN means the virtual private network. This is a security technology that provides safety to the network and develops an encrypted connection. by using a public network named internet the virtual private network provide a way to extend the private network.

A VPN protocol is a design to provide better security on the public network related to its data and information. Traditional VPN connections need manually connectivity once they lost the first connection of VPN. Strong password policy must be enforced and choose to lessen the risk of unauthorized parties poking around the network.

On any private network, the receiving and sending of information on the VPN are occurring by using different computer and internet.

The research study is conducted by using the qualitative research method and the observation method is employed to analyses the security tools and aspects of VPN. The study of the last five years (2015 to 2019) is only used in this study. There are three particular security tools of the VPN. That is explored in the above section of the study are with its functions and feature. It has been concluded in this study that several workers are engaged in the utilization of public Wi-Fi to measure the data of the organization.

There are the more than one-third who are unaware from the use of the VPN for protecting their data even though there is two-third of these users who are keening for the security of the Wi-Fi according to the survey that is conducted by iPass. To secure the data viable options remains VPN and this data can be secured by transferring across the public WiFi.

There are the serval ways by which the VPN can be utilized in the organization; it includes remote access for a user for connecting the corporate networks from the various mobile devices ad home. The internet connections are also its important part; for instance branch offices, fixed locations and extranet connections along with business partners such as; buyers and suppliers.  It also includes the wide-area network and its replacements for the networks of geographically dispersed.

To improve the security of the VPNs as well as to address the risks, the enterprises must be features additional VPN security along with the products of the VPN.

These security features are referred to as for further studies.

·         To supporting the strong authentication

·         There must be algorithms for strong encryption

·         It must be support for the prevention tools, anti-virus software and intrusion detection.

·         It required strong security by default for the maintenance and administrations of the ports.

·         There must be support for the digital certificates.

·         It is required for the support of auditing and logging.

References of Methodology of VPNs security