Internet security tester NTA Monitor publishes its VPN Security Report 2006, warns of flaws
Internet security tester NTA Monitor has published its VPN Security Report 2006 identifying common flaws in public and private sector virtual private networks (VPNs) that use IP security.
NTA said many organisations could easily improve security by addressing the two most common problems – VPN servers that could be fingerprinted using UDP backoff analysis; and VPN servers that respond to any source IP address. These top two flaws accounted for 20 percent of all vulnerabilities found.
The firm classified 17 percent of the vulnerabilities it discovered as medium risk, which could allow external attackers to disrupt the VPN service or gain unauthorised access to the network and the confidential data held within it.
Sixty-four percent of the vulnerabilities were rated as low risk – generally involving the leakage of information that could be valuable to attackers. The remaining 19 percent of vulnerabilities were considered "informational".
NTA analysed data gathered from VPN security tests conducted between 1 January and 31 December 2005 from a cross section of industries in London, the Midlands,
North England, Scotland, South and South East England, Wales, Europe and the US.
NTA's Roy Hills, said that although each VPN system tested by NTA had multiple problems, the risk level was generally low and no high-risk problems were
discovered. However, Hills cautioned, "The situation could be worse than the findings indicate, since our customers are probably more security conscious than the average organisation."
Internet security tester NTA Monitor has published its VPN Security Report 2006 identifying common flaws in public and private sector virtual private networks (VPNs) that use IP security.
NTA said many organisations could easily improve security by addressing the two most common problems – VPN servers that could be fingerprinted using UDP backoff analysis; and VPN servers that respond to any source IP address. These top two flaws accounted for 20 percent of all vulnerabilities found.
The firm classified 17 percent of the vulnerabilities it discovered as medium risk, which could allow external attackers to disrupt the VPN service or gain unauthorised access to the network and the confidential data held within it.
Sixty-four percent of the vulnerabilities were rated as low risk – generally involving the leakage of information that could be valuable to attackers. The remaining 19 percent of vulnerabilities were considered "informational".
NTA analysed data gathered from VPN security tests conducted between 1 January and 31 December 2005 from a cross section of industries in London, the Midlands,
North England, Scotland, South and South East England, Wales, Europe and the US.
NTA's Roy Hills, said that although each VPN system tested by NTA had multiple problems, the risk level was generally low and no high-risk problems were
discovered. However, Hills cautioned, "The situation could be worse than the findings indicate, since our customers are probably more security conscious than the average organisation."
Share this page
Email this page
Back to Top
Home
Edit Post
0 comments: