With the Chinese government apparently blocking VPN use in China, should enterprises be concerned about sensitive business being performed there? Is there any way to get a workable VPN in China or at least a secure alternative, or is there no hope of working around the "Great Firewall?"
Ask the Expert!
Have questions about enterprise security? Send them via email today! (All questions are anonymous.)
Much has been made about the Great Firewall of China, the Internet network monitoring and filtering system implemented about 10 years ago by the Chinese government, and to say that it's a bit draconian is an understatement. The key component of a larger electronic surveillance project called Golden Shield, the Great Firewall prevents Internet users in China not only from visiting a vast and ever-changing list of websites, but also from using a variety of Internet services like DNS resolution, TCP/IP connections and, yes, security services like VPNs. Many enterprises rely on VPNs to enable employees to securely connect to remote networks, but in China, these restrictions make establishing that level of security difficult.
What the Chinese fail to see is something that security administrators in the U.S. found out a long time ago: The more restrictions you place on a network, the more the end user finds ways to subvert policy.
Now, it is possible to create a VPN into China, but you first have to register the VPN with the Ministry of Industry and Information Technology. However, I wouldn't trust that the Chinese government isn't able to sniff the contents of these so-called legal VPNs.
So, what to do? Reportedly, all encryption has been outlawed in China, so that rules out HTTPS/SSL traffic, and it also rules out any secure RDP or SSH traffic. Long story short, I would be worried about the leakage of sensitive information, i.e. financial, personal or otherwise, from any office or staff located in China. For all of the power moves that China has made over the years within the world of cybersecurity, I think it may have overreached on this one, and I also think that this may come back to bite them.
This was first published in July 2013