What’s the most vulnerable part of your network?

Researchers at DEF CON demonstrate the most “vulnerable part of your network” could be your SSL VPN.

Last Friday at the annual DEF CON and Blackhat security conferences, Taiwanese security researchers Orange Tsai and Meh Chang revealed two new flaws in major vendor’s SSL VPN products. They showed how they could use overflow vulnerabilities in both Pulse Secure and Fortinet SSL VPNs to gain remote code execution ability; the holy grail of hackers. Once they had this ability they were able to establish a “magic backdoor” into the network to use at their leisure. These are major corporate remote access platforms, with Pulse Secure having over 50,000 SSL VPN servers and Fortinet having over 480,000. This is on top of their recent exploit of Palo Alto Networks SSL VPN, which means over half of the Fortune 1000 could be exposed to this exploit via their VPNs.

SSL VPNs are typically implemented via a web browser which makes it easy to deploy and support. However, it does mean that a web server interface has to be exposed to allow users to authenticate and gain access. And this presents a very visible attack surface for external bad actors (or security researchers) to exploit, which this team demonstrated ably. The details of their talk were quite technical and the full deck can be found here.  

Key takeaways 

But the point is that the number of holes and known exploits of VPN technology has continued to grow every year. This vector has become one of the most used by hackers for initial entry into a network. Cisco, both the industry leader in VPNs and in exploitable bugs alone, has 159 critical exploited listed in the CVE database, while other major well-known vendors have dozens. Much like the password is becoming obsolete, maybe we need to see the sunset of the VPN technology, at least as it is typically implemented with loose controls and broad-spectrum network access. 

A simple VPN can no longer be counted on to provide the whole security package for a remote access solution. All VPN administrators should be using segmentation and VLANs to cordon off the more sensitive areas of their networks from the prying eyes of illegitimate VPN users.  They should also layer on additional protections for privileged accounts using Privileged Access Management (PAM) for internal users and Vendor Privileged Access Management (VPAM) for third-party. Only by practicing defense-in-depth and leveraging new, custom-built technologies, can you confident in using VPNs these days. 

To learn more, check out our infographic that points out the five reasons VPNs are risky business. 

The post What’s the most vulnerable part of your network? appeared first on SecureLink.


*** This is a Security Bloggers Network syndicated blog from SecureLink authored by Tony Howlett. Read the original post at: https://www.securelink.com/blog/whats-the-most-vulnerable-part-of-your-network/

Tony Howlett

Tony Howlett

Tony Howlett is a published author and speaker on various security, compliance, and technology topics. He serves as President of (ISC)2 Austin Chapter and is an Advisory Board Member of GIAC/SANS. He is a certified AWS Solutions Architect and holds the CISSP, GNSA certifications, and a B.B.A in Management Information Systems. Tony is currently the CISO of SecureLink, a vendor privileged access management company based in Austin.

tony-howlett has 56 posts and counting.See all posts by tony-howlett