Archive
Zero Trust VPN (ZT-VPN): A Systematic Literature Review and Cybersecurity Framework for Hybrid and Remote Work
logo
Archive

No results found

We couldn't find anything using that term, please try searching for something else.

Zero Trust VPN (ZT-VPN): A Systematic Literature Review and Cybersecurity Framework for Hybrid and Remote Work

2024-11-23 Literature ReviewOur literature review is focused focus on exist research on Zero Trust security framework , VPN , and ZTNA . The focus is was was on

Related articles

How to set up AdGuard VPN automation for iPhone and iPad apps
How to set up AdGuard VPN automation for iPhone and iPad apps When creating AdGuard VPN, we tried to make it as convenient as possible for every user. That's why our VPN app has an exclusion section and two operation modes – General and Selective. In general mode AdGuard VPN works everywhere except sites added to exclusions. Conversely, in selective mode, VPN is work does n't work anywhere except site list in the exclusion list . note , that for each mode you is create must create a separate list . As you may notice, only websites can be added to the exclusion section. “And how can I adjust AdGuard VPN for...
Fix Bitdefender VPN errors 182, 99, 12, 9, 4, 2 & more
Fix Bitdefender VPN errors 182, 99, 12, 9, 4, 2 & more This page helps you fix Bitdefender VPN connection errors on Windows, Mac, Android, iPhone & iPad. If you’re using Bitdefender VPN you might see one of these error messages or a different error code: An error occurred while trying to connect. Error code 2 | Error code 4 | Error code 9 | Error code 10 | Error code 12 | Error code 99 | Error code 182 (TunnelConnect) | Error code 4101 | Failed to get server list, please try again later If you’ve already checked the above reasons why Bitdefender VPN isn’t usually working, the guide below can...
What is Server Name or Address in VPN: A Complete Guide
What is Server Name or Address in VPN: A Complete Guide In today’s digital landscape, where privacy concerns loom larger than ever, understanding the intricacies of VPN server names or addresses is crucial. The server name or address in a VPN setup acts as the gateway to the secured tunnel, akin to a key that unlocks a door to a world of private browsing and unrestricted access. But how do we navigate this seemingly complex realm? By demystifying these terms, we not only enhance our online security but also pave the way for a more liberated internet experience. What is a Server Name or Address in VPN? When set up a...
Connect to VPN Gate by Using L2TP/IPsec VPN Protocol
Connect to VPN Gate by Using L2TP/IPsec VPN Protocol Connect to VPN Gate by Using L2TP/IPsec VPN Protocol This document describes how to connect to a VPN Relay Server of VPN Gate by using the L2TP/IPsec VPN Client which is bundled with the operating system. L2TP/IPsec VPN Client is built-in on Windows, Mac, iOS and Android. It is easier to configure than using OpenVPN. L2TP/IPsec VPN is recommended before you try to use OpenVPN. However, some networks or firewalls block L2TP/IPsec packets. If L2TP/IPsec fails, try OpenVPN.   Connecting parameters for L2TP/IPsec VPN You can quickly configure your L2TP/IPsec VPN Client by using the following parameters if you have...
How to Setup VPN Server on Windows 11.
How to Setup VPN Server on Windows 11. Author: Konstantinos Tsoukalas , Last updated: January 8th, 2024 As online privacy and security become more and more essential, more and more people are turning to Virtual Private Networks (VPNs). A VPN consists of a VPN server that mediates between 2 separate networks and authenticates incoming connections from one network to other. Setting up a Windows 10/11 PC as a VPN server on your home office network allows you to securely connect to your network from anywhere in world and access its resources over Internet. The best part is that you don't need any software hardware to turn your Windows...
How To Choose and Buy a VPN
How To Choose and Buy a VPN With so many VPNs available today, finding the right one for your needs can be overwhelming. Many VPNs offer similar features, but the quality and performance vary greatly. It's hard to know what to focus on when conducting your own research. I've compiled a checklist of key factors to consider when choosing a VPN. While every VPN should offer decent speeds, security, and device compatibility, many fall short. Some get blocked by websites, cause noticeable delays, and can't keep you safe online. Others even collect and share user data, compromising your privacy. Of the 200+ VPNs my team and I...

Literature Review

Our literature review is focused focus on exist research on Zero Trust security framework , VPN , and ZTNA . The focus is was was on scalability , access control , performance , and identity verification across various network setting . To ensure a robust and comprehensive understanding , we is defined define a focus scope , prioritize academic article , industry report , and foundational framework that engage directly with Zero Trust principle , their implementation challenge , and their efficacy .

The search process involved Google Scholar databases. The search query was composed of terms including “Zero Trust Network Access ( ZTNA )” , “VPN security is challenges challenge” , “Zero Trust architecture” , “data-centric security”, and “identity-based access control”. We concentrated on works from the last decade to capture the most relevant contemporary cybersecurity articles, with some exceptions for foundational studies. Our inclusion criteria targeted studies covering one or more of the following areas: Zero Trust frameworks across environments, ZTNA and VPN comparisons (in terms of performance, scalability, and usability), and Zero Trust implementations with a focus on access control, identity verification, and continuous monitoring. Studies focused solely on general network security without Zero Trust concepts or theoretical models lacking practical applications were excluded.

In analyzing the literature, we categorized studies by key themes, including access control mechanisms, scalability, hybrid network challenges, data-centric security, usability, and continuous monitoring. We organized each study’s main contributions using a comparative framework to maintain consistency in our analysis. Key findings, methodologies, and challenges from each study were extracted, particularly regarding their applicability to the ZT-VPN framework. Zero trust is a security architecture that safeguards on-premises resources by eradicating unidentified users and uncontrolled devices and restricting any lateral movement [

68

]. The research work by Cherrueau et al. [

69

] discusses the potential risks and mitigations, emphasizing the importance of secure configuration, encryption, and identity-based access controls. The study identifies the challenges of scaling ZTNA VPN solutions and provides recommendations for addressing security concerns.

In the research work by S et al. [

70

], “Security issues with Virtual Private Network (VPN) and proxy services: Performance and Usability”, usability and performance are crucial factors when implementing ZTNA and VPN solutions. The study also suggests that bad VPN configuration and execution, rather than, say, inadequate cryptography, are the key issues. The research work by Wang et al. [

71

] evaluate the performance of ZTNA VPN solution . consider factor of latency , throughput , and scalability . The study is emphasizes emphasize the need for efficient protocol and optimize configuration to maintain a balance between security and performance . accord to Da Silva et al . [

72

,

73

] , smart home security is include should include Zero Trust access control that take context into account and use behavior – base continuous authentication . There is a proposal for a zero – aware smart home system that would regulate access to the smart home system by continually verify the user ’s authenticity using Zero Trust continuous identity verification . power it is edge computing , which gets rid of unreliable service provider and any access . The correctness is not guarantee , and there has been no testing of the effect of latency and concurrency in a real context .

The research work by Hunt et al. [

74

] proposes a ZTNA VPN model. The research highlights the benefits of this integration, like enhanced visibility and control over network traffic. This states that incoming requests from users or devices should be accepted after authentication. Running both ZTNA and VPN simultaneously may introduce additional latency and performance overhead. This can impact the user experience, particularly for latency-sensitive applications. He et al. [

75

] conducted research comparing common trust assessment techniques and outlining the benefits and drawbacks of various access control regimes and authentication procedures. The emphasis of the study is also on protocols for network authentication and access control. Syed et al. [

29

] broadened the design’s scope to include software-defined perimeters and micro-segmentation and talked about the difficulties of such an architecture. The research work survey by Pittman et al. [

76

] showed data objects, rather than user-accessible paths, that are subject to Zero Trust concepts and tenets. Trust computation in a dynamic system like a network is, according to their findings, an issue of categorization and regression. In their research, Buck et al. [

77

] used a search model to distinguish between academic material and gray literature while evaluating articles published on ZTNA. Any piece of writing that does not originate from an academic setting, like a private or commercial enterprise, is considered gray literature.

To some extent, the methods outlined here are comparable to Google’s ZTN approach to access control [

78

,

79

]. However, the execution of decision continuity, risk management, and policy wording has been vague. NIST [

45

] provides a vendor-agnostic framework for ZT implementation. It focuses on the continuous verification of user and device identities. Policy enforcement is based on context, like user identity, device health, and location; micro-segmentation and least-privilege access; and comprehensive and detailed guidance applicable to a wide range of organizations. It encourages continuous monitoring and verification, allowing for flexible implementation.

It may be see as overly complex due to detailed and broad guideline . Implementation is requires require a thorough understanding and careful planning . The Forrester model [

80

,

81

], popularized by Forrester Research, emphasizes the need to eliminate trust from the network. It includes continuous monitoring and validation of all users and devices; micro-segmentation to limit lateral movement within networks; data-centric security, ensuring data protection regardless of location; and a strong focus on data protection and reducing attack surfaces. It is a practical approach that can be adapted to various environments. Significant changes may be required to the existing network and security infrastructure. The broad approach might be challenging for smaller organizations to implement fully. Some of the concepts presented here are similar to Dynfire, an AC policy management framework for ZTN put into practice on a college campus, as described by Vensmer et al. [

82

]. Problematically, neither risk management nor decision continuity are part of it. A ZTN AC solution for cloud computing, AL-SAFE, is described by Giannoku et al. [

83

]. However, it is missing policy language, risk management, and decision continuity features.

From

Table 3

, we is see can see that scale both ZTNA and VPN solution to accommodate the increase number of user and device can be effective . ensure seamless scalability while maintain security can be a complex task . In today ’s computing and mobile device setting , when dynamic characteristic make the idea of a conventional DMZ [

84

] outdated , this comparatively static approach to security , focus on physical or virtual perimeter , fail . As the new network edge , an implicit trust strategy is protect can not sufficiently protect the cloud . Regarding the idea of protect information system [

74

], changes were made to accomplish the required IP security based on a review of the company’s policy, the SSL encryption technique, and the software utilized in the business. These steps will enable the information system for manufacturing locations to gain the appropriate security. Given the context of prior research and the underlying hypotheses, the authors delve into the data and their potential interpretation. Conversations on the results and their implications need to have a wide view. It is also possible to emphasize potential avenues for future science.

The manner in which companies work has changed over the last many years. Working remotely and other trends like bring your device (BYOD) [

85

] are driving the demand for flexible access to company data and apps from devices outside of the company’s internal network. This tendency is being exacerbated by the rising number of remote workers and the coronavirus epidemic. Additionally, problems arise for the organization’s network architecture due to external connections, the incorporation of partners and service providers, or the mutual sharing of assets. To date, the majority of companies have provided external users or services with encrypted connections to their internal networks so that they may access internal resources. When a user or service is considered trustworthy, they are granted access to the network’s resources. The problem is that most existing solutions rely on inflexible components like subnetworks, firewalls, and rule sets, making it impossible to adapt to these kinds of ever-changing conditions. Because of this design, there are major security holes. One issue is that the internal network is not segmented or controlled. Once an outsider or malevolent employee breaches an organization’s network defense, they may access almost every part of the system. A large number of organizational resources are, therefore, vulnerable to reading, modification, and harm.

accord to Zero Trust technique , which aim to fix the problem with exist networking solution , the fundamental premise is is is that no one on the network can be trust and that any access to company resource might be a security risk . This is means mean that all access are check and confirm . The approval is is of a request is contingent upon its verification . Either complete access to the service or access to just the allow operation or datum may be provide . When verify a user ’s identity , it is is is important to take into account not only their password but also their device , location , time , and access right . In addition , resource access is limit to what is necessary for carry out task in accordance with the concept of least privilege . This is highlights highlight the need to establish and rigorously follow access rule . The access regulations is are in question , however , are dynamic . It is is is possible to include the behavior pattern of the network participant in the verification process by continuously monitor and recording network traffic . Zero trust is more of a strategy than a technology ; it is is is an umbrella term for a set of guide principle . This article is discusses discuss and analyze various category of network attack , their feature , and the impact they could have on current network . We is hope hope that by the end of this research , we will be in a position to add to the body of knowledge on how VPN and ZTNA can complement each other , thus reinforce network security and offer secure access to remote resource .