A client machine may become a target of attack, or a staging point for an attack, from within the connecting network. An intruder could exploit vulnerabilities or mis-configuration in a client machine, or use other types of hacking tools to launch an attack. These can include VPN hijacking or man-in-the-middle attacks:
VPN hijacking is the unauthorised take-over of an established VPN connection from a remote client, and impersonating that client on the connecting network.
Man-in-the-middle attacks affect traffic being sent between communicating parties, and can include interception, insertion, deletion, and modification of messages, reflecting messages back at the sender, replaying old messages and redirecting messages.
By default VPN does not provide / enforce hardening user authentication. A VPN connection should only be established by an authenticated user. If the authentication is not strong enough to restrict unauthorised access, an unauthorised party could access the connected network and its resources. Most VPN implementations provide limited authentication methods. For example, PAP, used in PPTP, transports both user name and password in clear text. A third party could capture this information and use it to gain subsequent access to the network.
Client Side Risks
The VPN client machines of, say, home users may be connected to the Internet via a standard broadband connection while at the same time holding a VPN connection to a private network, using split tunnelling. This may pose a risk to the private network being connected to.
A client machine may also be shared with other parties who are not fully aware of the security implications. In addition, a laptop used by a mobile user may be connected to the Internet, a wireless LAN at a hotel, airport or on other foreign networks. However, the security protection in most of these public connection points is inadequate for VPN access. If the VPN client machine is compromised, either before or during the connection, this poses a risk to the connecting network.
A connecting network can be compromised if the client side is infected with a malware. If a malware infects a client machine, there is chance that the password for the VPN connection might be leaked to an attacker. In the case of an intranet or extranet VPN connection, if one network is infected by a malware, that malware can be spread quickly to other networks if anti-malware protection systems are ineffective.
Incorrect Network Access Rights
Some client and/or connecting networks may have been granted more access rights than is actually needed.
Interoperability is also a concern. For example, IPsec compliant software from two different vendors may not always be able to work together.