Site-to-site VPNs establish secure, encrypted connections between two networks over the internet,
typically used to link corporate networks with remote sites or a service provider's network. However,
while these VPNs secure data transmission, they introduce specific risks.
The primary risk associated with a site-to-site VPN with a service provider is the loss of visibility into
user behavior. Here’s why:
Limited Monitoring: Since the traffic is encrypted and routed through the VPN tunnel, the
organization may lose visibility over user activities within the service provider's network.
Blind Spots in Traffic Analysis: Security monitoring tools (like IDS/IPS) that rely on inspecting
unencrypted data may be ineffective once data enters the VPN tunnel.
User Behavior Analytics (UBA) Issues: It becomes challenging to track insider threats or compromised
accounts due to the encapsulation and encryption of network traffic.
Vendor Dependency: The organization might depend on the service provider’s security measures to
detect malicious activity, which may not align with the organization’s security standards.
Other options analysis:
A . Loss of data integrity: VPNs generally ensure data integrity using protocols like IPsec, which
validates packet integrity.
C . Data exfiltration: While data exfiltration can occur, it is typically a consequence of compromised
credentials or insider threats, not a direct result of VPN usage.
D . Denial of service (DoS) attacks: While VPN endpoints can be targeted in a DoS attack, it is not the
primary risk specific to VPN use with a service provider.
CCOA Official Review Manual, 1st Edition Reference:
Chapter 4: Network Security Operations: Discusses risks related to VPNs, including reduced visibility.
Chapter 7: Security Monitoring and Incident Detection: Highlights the importance of maintaining
visibility even when using encrypted connections.
Chapter 8: Incident Response and Recovery: Addresses challenges related to VPN monitoring during
incidents.
