How to Avoid VPN Security Vulnerabilities (1)

 

For remote Wan users, the virtual private network (VPN) should be a secure connection, but many enterprises question the security of VPN due to many obvious vulnerabilities. Rainer Enders is the CTO of NCP engineering responsible for VPN security in the Americas. In this article, we will learn how a VPN security vulnerability is generated, how to eliminate this risk.

What are common VPN security vulnerabilities?

Rainer Enders: Although VPN is known as a secure technology, I think many methods will undermine its security.

A common method is man-in-the-middle attacks, mainly when people access wireless or wired LAN (or wide area network. Hackers can snoop a connection and collect information about the connection through internal access. At the same time, if he can obtain a license, he can also use it to initiate an attack.

The second potential vulnerability may come from physical access or listening to devices that support VPN. If someone loses their laptop or mobile devices and these devices support VPN, this may happen. The VPN Client may be configured as a non-optimal mode, saving the License book on the device's local device. All hackers need to do is to click "Connect ", you can even open the VPN channel without entering the password.

Obtaining the Security Information of a VPN is the third method that may compromise the security of the VPN. The Security Information includes the IP address, configuration parameters, and user license of the VPN terminal. The way to obtain this information may come from insiders who know the specific situation of VPN, such as those who leave or are expelled from the company. Most networks do not change frequently, and the VPN connection remains in a state for a long time. Therefore, people who leave the company have many opportunities to learn how to access the VPN. In addition, this security information can be obtained through other social engineering methods, such as using malicious emails or phone calls to provide information to users. Similar situations have already occurred many times.

The fourth way to undermine VPN security is to exploit the vulnerabilities or defects of the Identity Authentication System. Firmware defects, or some other defects of the authentication system, may be exploited, such as malicious spoofing Or redo SSL authorization authentication. Hackers may even use known vulnerabilities on the VPN concentrator to crash the authentication system and intrude into the target system.

Why do hackers want to destroy the VPN? What information do they usually look?

Enders: hackers generally fall into four categories:

Internal Personnel-former company members who leave because they are angry with the company, they want to cause losses to the company.

Financial information-people interested in information that can be used for bank transfers, such as credit card numbers or bank accounts.

People with political intentions-they just want to express their political stance in some form.

Hackers, known as "script Teenagers", are the most popular among them. They primarily use VPN vulnerabilities to satisfy their curiosity, test a theory or validate a concept. What's more, we just want to figure out something to prove that a vulnerability exists or a system can be cracked.

All in all, there are many bad messages that can damage the VPN system, but the good news is that hackers generally do not aim to steal information. Financial information is the most likely target if it is for the purpose of stealing information. For example, you can steal credit card information for network spoofing transactions.

What type of VPN (such as SSL and IPsec) is the most vulnerable to security damage?

Enders: There is no 100% secure VPN technology. Each technology faces a specific challenge. However, for the two popular VPN technologies-SSL and IPsec, I think IPsec is more secure, which is determined by their technical nature.

As a standard of IETF, IPsec has a secure kernel and the technology is relatively mature. In addition, specific clients control and associate IPsec connections in specific applications. In contrast, SSL control and association are only implemented through a web browser. As we all know, Web browsers have many vulnerabilities and many attack vectors specifically target these vulnerabilities. Therefore, the SSL security model is quite questionable. In addition, the three key features of VPN include confidentiality, integrity, and reliability. Due to lax identity authentication control, the reliability of SSL is also questioned.

This article introduces four VPN attack methods and hackers. "How to Avoid VPN Security Vulnerabilities (ii)" describes the security of mpls vpn; how should enterprises build appropriate VPNs to ensure information security and balance the ease-of-use and security of VPNs?

 

From original Chinese content of TechTarget